unkeyed · chronark · Sep 19, 2024 · Sep 10, 2024 · Sep 10, 2024 · Sep 16, 2024
@@ -31,6 +31,8 @@ export const env = () =>
       AGENT_TOKEN: z.string(),
 
       GITHUB_KEYS_URI: z.string().optional(),
+
+      UNKEY_ROOT_KEY: z.string(),
     })
     .parse(process.env);
 

@@ -0,0 +1,57 @@
+import { TRPCError } from "@trpc/server";
+import { Ratelimit } from "@unkey/ratelimit";
+import { env } from "../env";
+// Values for route types
+import { protectedProcedure } from "./trpc";
+
+//Values are in seconds currently
+export const CREATE_LIMIT_SEC = 5;
+export const CREATE_LIMIT_DURATION_SEC = "3s";
+
+export const UPDATE_LIMIT_SEC = 25;
+export const UPDATE_LIMIT_DURATION_SEC = "5s";
+
+export const DELETE_LIMIT_SEC = 5;
+export const DELETE_LIMIT_DURATION_SEC = "3s";
+
+export const ratelimit = {
+  create: new Ratelimit({
+    rootKey: env().UNKEY_ROOT_KEY,
+    namespace: "trpc_create",
+    limit: CREATE_LIMIT_SEC ?? 3,
+    duration: CREATE_LIMIT_DURATION_SEC,
+  }),
+
+  update: new Ratelimit({
+    rootKey: env().UNKEY_ROOT_KEY,
+    namespace: "trpc_update",
+    limit: UPDATE_LIMIT_SEC,
+    duration: UPDATE_LIMIT_DURATION_SEC,
+  }),
+  delete: new Ratelimit({
+    rootKey: env().UNKEY_ROOT_KEY,
+    namespace: "trpc_delete",
+    limit: DELETE_LIMIT_SEC,
+    duration: DELETE_LIMIT_DURATION_SEC,
+  }),
+};
+export const rateLimitedProcedure = (ratelimit: Ratelimit) =>
+  protectedProcedure.use(async (opts) => {
+    const unkey = ratelimit;
+
+    const response = await unkey.limit(opts.ctx.user.id);
+
+    if (!response.success) {
+      throw new TRPCError({
+        code: "TOO_MANY_REQUESTS",
+        message: JSON.stringify(response),
+      });
+    }
+
+    return opts.next({
+      ctx: {
+        ...opts.ctx,
+        remaining: response.remaining,
+      },
+    });
+  });
@@ -3,16 +3,15 @@ import { z } from "zod";
 
 import { db, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { newId } from "@unkey/id";
-import { auth, t } from "../../trpc";
 
-export const createApi = t.procedure
-  .use(auth)
+export const createApi = rateLimitedProcedure(ratelimit.create)
   .input(
     z.object({
       name: z
         .string()
-        .min(1, "workspace names must contain at least 3 characters")
+        .min(3, "workspace names must contain at least 3 characters")
         .max(50, "workspace names must contain at most 50 characters"),
     }),
   )

@@ -3,10 +3,9 @@ import { z } from "zod";
 
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
-import { auth, t } from "../../trpc";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 
-export const deleteApi = t.procedure
-  .use(auth)
+export const deleteApi = rateLimitedProcedure(ratelimit.delete)
   .input(
     z.object({
       apiId: z.string(),

@@ -3,10 +3,9 @@ import { z } from "zod";
 
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
-import { auth, t } from "../../trpc";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 
-export const updateAPIDeleteProtection = t.procedure
-  .use(auth)
+export const updateAPIDeleteProtection = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       apiId: z.string(),

@@ -3,10 +3,9 @@ import { z } from "zod";
 
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
-import { auth, t } from "../../trpc";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 
-export const updateApiIpWhitelist = t.procedure
-  .use(auth)
+export const updateApiIpWhitelist = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       ipWhitelist: z

@@ -3,11 +3,9 @@ import { z } from "zod";
 
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
-import { th } from "@faker-js/faker";
-import { auth, t } from "../../trpc";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 
-export const updateApiName = t.procedure
-  .use(auth)
+export const updateApiName = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       name: z.string().min(3, "API names must contain at least 3 characters"),

@@ -1,11 +1,10 @@
 import { db } from "@/lib/db";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { newId } from "@unkey/id";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const createGateway = t.procedure
-  .use(auth)
+export const createGateway = rateLimitedProcedure(ratelimit.create)
   .input(
     z.object({
       subdomain: z

@@ -1,13 +1,12 @@
 import { db, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { newId } from "@unkey/id";
 import { newKey } from "@unkey/keys";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const createKey = t.procedure
-  .use(auth)
+export const createKey = rateLimitedProcedure(ratelimit.create)
   .input(
     z.object({
       prefix: z.string().optional(),

@@ -1,16 +1,16 @@
 import { type Permission, db, eq, schema } from "@/lib/db";
 import { env } from "@/lib/env";
 import { type UnkeyAuditLog, ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { newId } from "@unkey/id";
 import { newKey } from "@unkey/keys";
 import { unkeyPermissionValidation } from "@unkey/rbac";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
+
 import { upsertPermissions } from "../rbac";
 
-export const createRootKey = t.procedure
-  .use(auth)
+export const createRootKey = rateLimitedProcedure(ratelimit.create)
   .input(
     z.object({
       name: z.string().optional(),

@@ -1,11 +1,10 @@
 import { and, db, eq, inArray, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const deleteKeys = t.procedure
-  .use(auth)
+export const deleteKeys = rateLimitedProcedure(ratelimit.delete)
   .input(
     z.object({
       keyIds: z.array(z.string()),

@@ -1,12 +1,11 @@
-import { and, db, eq, inArray, isNotNull, schema } from "@/lib/db";
+import { db, inArray, schema } from "@/lib/db";
 import { env } from "@/lib/env";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const deleteRootKeys = t.procedure
-  .use(auth)
+export const deleteRootKeys = rateLimitedProcedure(ratelimit.delete)
   .input(
     z.object({
       keyIds: z.array(z.string()),

@@ -1,11 +1,10 @@
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const updateKeyEnabled = t.procedure
-  .use(auth)
+export const updateKeyEnabled = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       keyId: z.string(),

@@ -1,11 +1,10 @@
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const updateKeyExpiration = t.procedure
-  .use(auth)
+export const updateKeyExpiration = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       keyId: z.string(),

@@ -1,11 +1,10 @@
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const updateKeyMetadata = t.procedure
-  .use(auth)
+export const updateKeyMetadata = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       keyId: z.string(),

@@ -1,10 +1,11 @@
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { auth, t } from "../../trpc";
 
-export const updateKeyName = t.procedure
+export const updateKeyName = rateLimitedProcedure(ratelimit.update)
   .use(auth)
   .input(
     z.object({

@@ -1,11 +1,11 @@
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
 import { auth, t } from "../../trpc";
 
-export const updateKeyOwnerId = t.procedure
-  .use(auth)
+export const updateKeyOwnerId = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       keyId: z.string(),

@@ -1,11 +1,10 @@
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const updateKeyRatelimit = t.procedure
-  .use(auth)
+export const updateKeyRatelimit = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       keyId: z.string(),

@@ -1,11 +1,10 @@
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const updateKeyRemaining = t.procedure
-  .use(auth)
+export const updateKeyRemaining = rateLimitedProcedure(ratelimit.update)
   .input(
     z.object({
       keyId: z.string(),

@@ -1,13 +1,12 @@
 import { db, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { DatabaseError } from "@planetscale/database";
 import { TRPCError } from "@trpc/server";
 import { newId } from "@unkey/id";
 import { z } from "zod";
-import { auth, t } from "../../trpc";
 
-export const createLlmGateway = t.procedure
-  .use(auth)
+export const createLlmGateway = rateLimitedProcedure(ratelimit.create)
   .input(
     z.object({
       subdomain: z.string().min(1).max(50),

@@ -3,10 +3,9 @@ import { z } from "zod";
 
 import { db, eq, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
-import { auth, t } from "../../trpc";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 
-export const deleteLlmGateway = t.procedure
-  .use(auth)
+export const deleteLlmGateway = rateLimitedProcedure(ratelimit.delete)
   .input(z.object({ gatewayId: z.string() }))
   .mutation(async ({ ctx, input }) => {
     const llmGateway = await db.query.llmGateways.findFirst({

@@ -1,13 +1,12 @@
 import { type Webhook, db, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { TRPCError, createCallerFactory } from "@trpc/server";
 import { newId } from "@unkey/id";
 import { z } from "zod";
 import { router } from "../..";
-import { auth, t } from "../../../trpc";
 
-export const createVerificationMonitor = t.procedure
-  .use(auth)
+export const createVerificationMonitor = rateLimitedProcedure(ratelimit.create)
   .input(
     z.object({
       interval: z

@@ -1,14 +1,17 @@
 import { env } from "@/lib/env";
+import { CREATE_LIMIT, CREATE_LIMIT_DURATION } from "@/lib/ratelimitValues";
 import { clerkClient } from "@clerk/nextjs";
 import { PlainClient, uiComponent } from "@team-plain/typescript-sdk";
 import { TRPCError } from "@trpc/server";
 import { z } from "zod";
-import { auth, t } from "../trpc";
+import { rateLimitedProcedure } from "../trpc";
 
 const issueType = z.enum(["bug", "feature", "security", "question", "payment"]);
 const severity = z.enum(["p0", "p1", "p2", "p3"]);
-export const createPlainIssue = t.procedure
-  .use(auth)
+export const createPlainIssue = rateLimitedProcedure({
+  limit: CREATE_LIMIT,
+  duration: CREATE_LIMIT_DURATION,
+})
   .input(
     z.object({
       issueType,

@@ -3,12 +3,11 @@ import { z } from "zod";
 
 import { db, schema } from "@/lib/db";
 import { ingestAuditLogs } from "@/lib/tinybird";
+import { rateLimitedProcedure, ratelimit } from "@/lib/trpc/ratelimitProcedure";
 import { DatabaseError } from "@planetscale/database";
 import { newId } from "@unkey/id";
-import { auth, t } from "../../trpc";
 
-export const createNamespace = t.procedure
-  .use(auth)
+export const createNamespace = rateLimitedProcedure(ratelimit.create)
   .input(
     z.object({
       name: z.string().min(1).max(50),