core: 更新请求频率限制

packages/hydrooj/package.json

@@ -1,6 +1,6 @@
 {
     "name": "hydrooj",
-    "version": "2.20.41",
+    "version": "2.20.43",
     "bin": "bin/hydrooj.js",
     "main": "dist/loader.js",
     "typings": "dist/loader.d.ts",

packages/hydrooj/src/handler/contest.ts

@@ -311,7 +311,7 @@ class ContestDetailProblemSubmitHandler extends ContestProblemHandler {
     @param('lang', Types.String)
     @param('code', Types.String)
     async post(domainId: string, tid: ObjectID, lang: string, code: string) {
-        await this.limitRate('add_record', 60, 100);
+        await this.limitRate('add_record', 60, 10);
         const rid = await record.add(domainId, this.pdoc.docId, this.user._id, lang, code, true, {
             type: document.TYPE_CONTEST,
             tid,
@@ -339,7 +339,7 @@ class ContestCodeHandler extends ContestHandler {
         if (!this.user.hasPriv(PRIV.PRIV_READ_RECORD_CODE)) {
             this.checkPerm(PERM.PERM_READ_RECORD_CODE);
         }
-        this.limitRate('homework_code', 3600, 60);
+        await this.limitRate('homework_code', 3600, 60);
         const [tdoc, tsdocs] = await contest.getAndListStatus(domainId, tid);
         const rnames = {};
         for (const tsdoc of tsdocs) {

packages/hydrooj/src/handler/discussion.ts

@@ -159,7 +159,7 @@ class DiscussionCreateHandler extends DiscussionHandler {
         domainId: string, type: string, _name: string,
         title: string, content: string, highlight = false, pin = false,
     ) {
-        this.limitRate('add_discussion', 3600, 30);
+        await this.limitRate('add_discussion', 3600, 60);
         let name: ObjectID | string | number;
         if (ObjectID.isValid(_name)) name = new ObjectID(_name);
         else if (isSafeInteger(parseInt(_name, 10))) name = parseInt(_name, 10);
@@ -220,7 +220,7 @@ class DiscussionDetailHandler extends DiscussionHandler {
     @param('content', Types.String, isContent)
     async postReply(domainId: string, did: ObjectID, content: string) {
         this.checkPerm(PERM.PERM_REPLY_DISCUSSION);
-        this.limitRate('add_discussion', 3600, 30);
+        await this.limitRate('add_discussion', 3600, 60);
         // Notify related users
         const replies: Drdoc[] = await discussion.getMultiReply(domainId, did).toArray();
         const uids = Array.from(new Set(replies.map((drdoc) => drdoc.owner)));
@@ -239,7 +239,7 @@ class DiscussionDetailHandler extends DiscussionHandler {
     @param('content', Types.String, isContent)
     async postTailReply(domainId: string, drid: ObjectID, content: string) {
         this.checkPerm(PERM.PERM_REPLY_DISCUSSION);
-        this.limitRate('add_discussion', 3600, 30);
+        await this.limitRate('add_discussion', 3600, 60);
         await discussion.addTailReply(domainId, drid, this.user._id, content, this.request.ip);
         this.back();
     }

packages/hydrooj/src/handler/home.ts

@@ -152,7 +152,7 @@ class HomeSecurityHandler extends Handler {
     @param('currentPassword', Types.String)
     @param('mail', Types.String, isEmail)
     async postChangeMail(domainId: string, current: string, email: string) {
-        this.limitRate('send_mail', 3600, 30);
+        await this.limitRate('send_mail', 3600, 30);
         this.user.checkPassword(current);
         const udoc = await user.getByEmail(domainId, email);
         if (udoc) throw new UserAlreadyExistError(email);

packages/hydrooj/src/handler/homework.ts

@@ -177,7 +177,7 @@ class HomeworkDetailProblemSubmitHandler extends HomeworkDetailProblemHandler {
     @param('code', Types.String)
     @param('lang', Types.String)
     async post(domainId: string, tid: ObjectID, pid: number, code: string, lang: string) {
-        this.limitRate('add_record', 3600, 100);
+        await this.limitRate('add_record', 60, 5);
         const tsdoc = await contest.getStatus(domainId, tid, this.user._id, document.TYPE_HOMEWORK);
         if (!tsdoc.attend) throw new HomeworkNotAttendedError(tid);
         if (!contest.isOngoing(this.tdoc)) throw new HomeworkNotLiveError(tid);
@@ -380,7 +380,7 @@ class HomeworkCodeHandler extends HomeworkHandler {
     @param('tid', Types.ObjectID)
     async get(domainId: string, tid: ObjectID) {
         this.checkPerm(PERM.PERM_READ_RECORD_CODE);
-        this.limitRate('homework_code', 3600, 60);
+        await this.limitRate('homework_code', 3600, 60);
         const [tdoc, tsdocs] = await contest.getAndListStatus(
             domainId, tid, document.TYPE_HOMEWORK,
         );

packages/hydrooj/src/handler/problem.ts

@@ -231,6 +231,7 @@ export class ProblemSubmitHandler extends ProblemDetailHandler {
     @param('lang', Types.String)
     @param('code', Types.String)
     async post(domainId: string, lang: string, code: string) {
+        await this.limitRate('add_record', 60, 5);
         const rid = await record.add(domainId, this.pdoc.docId, this.user._id, lang, code, true);
         const [rdoc] = await Promise.all([
             record.get(domainId, rid),
@@ -248,7 +249,7 @@ export class ProblemPretestHandler extends ProblemDetailHandler {
     @param('code', Types.String)
     @param('input', Types.String, true)
     async post(domainId: string, lang: string, code: string, input = '') {
-        this.limitRate('add_record', 3600, 100);
+        await this.limitRate('add_record', 60, 5);
         const rid = await record.add(
             domainId, this.pdoc.docId, this.user._id,
             lang, code, true, input,

packages/hydrooj/src/handler/user.ts

@@ -67,7 +67,7 @@ class UserRegisterHandler extends Handler {
     async post(domainId: string, mail: string, phoneNumber: string) {
         if (mail) {
             if (await user.getByEmail('system', mail)) throw new UserAlreadyExistError(mail);
-            this.limitRate('send_mail', 3600, 30);
+            await this.limitRate('send_mail', 3600, 30);
             const t = await token.add(
                 token.TYPE_REGISTRATION,
                 system.get('session.unsaved_expire_seconds'),
@@ -83,7 +83,7 @@ class UserRegisterHandler extends Handler {
             } else this.response.redirect = this.url('user_register_with_code', { code: t[0] });
         } else if (phoneNumber) {
             if (!global.Hydro.lib.sendSms) throw new SystemError('Cannot send sms');
-            this.limitRate('send_sms', 60, 3);
+            await this.limitRate('send_sms', 60, 3);
             const t = await token.add(
                 token.TYPE_REGISTRATION,
                 system.get('session.unsaved_expire_seconds'),

packages/hydrooj/src/model/builtin.ts

@@ -231,6 +231,7 @@ export const PRIV = {
     PRIV_REJUDGE: 1 << 13,
     PRIV_VIEW_USER_SECRET: 1 << 14,
     PRIV_VIEW_JUDGE_STATISTICS: 1 << 15,
+    PRIV_UNLIMITED_RATE: 1 << 22,
 
     PRIV_ALL: -1,
     PRIV_DEFAULT: 0,

packages/hydrooj/src/service/server.ts

@@ -36,7 +36,7 @@ import * as system from '../model/system';
 import blacklist from '../model/blacklist';
 import token from '../model/token';
 import * as opcount from '../model/opcount';
-import { PERM } from '../model/builtin';
+import { PERM, PRIV } from '../model/builtin';
 
 const logger = new Logger('server');
 export const app = new Koa();
@@ -274,6 +274,7 @@ export class HandlerCommon {
     extraTitleContent?: string;
 
     async limitRate(op: string, periodSecs: number, maxOperations: number) {
+        if (this.user && this.user.hasPriv(PRIV.PRIV_UNLIMITED_RATE)) return;
         await opcount.inc(op, this.request.ip, periodSecs, maxOperations);
     }
 
@@ -459,7 +460,7 @@ export class Handler extends HandlerCommon {
         const [absoluteDomain, inferDomain] = await Promise.all([
             domain.get(domainId),
             domain.getByHost(this.request.host),
-            this.limitRate('global', 10, 100),
+            this.limitRate('global', 10, 50),
             this.getSession(),
             this.getBdoc(),
         ]);