mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-03 12:54:01 +00:00
feat: rate-limit /api/mcp/app-tool-call per user
Adds mcpAppToolCallLimiter (60 req/min per user) to prevent DoS amplification through the MCP app iframe tool-call proxy. Follows the same express-rate-limit + limiterCache + logViolation pattern as toolCallLimiter.
This commit is contained in:
parent
3816864392
commit
3de0512e21
2 changed files with 41 additions and 1 deletions
33
api/server/middleware/limiters/mcpAppToolCallLimiter.js
Normal file
33
api/server/middleware/limiters/mcpAppToolCallLimiter.js
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
const rateLimit = require('express-rate-limit');
|
||||
const { limiterCache } = require('@librechat/api');
|
||||
const { ViolationTypes } = require('librechat-data-provider');
|
||||
const logViolation = require('~/cache/logViolation');
|
||||
|
||||
const { TOOL_CALL_VIOLATION_SCORE: score } = process.env;
|
||||
|
||||
const handler = async (req, res) => {
|
||||
const type = ViolationTypes.TOOL_CALL_LIMIT;
|
||||
const errorMessage = {
|
||||
type,
|
||||
max: 60,
|
||||
limiter: 'user',
|
||||
windowInMinutes: 1,
|
||||
};
|
||||
|
||||
await logViolation(req, res, type, errorMessage, score);
|
||||
res.status(429).json({ message: 'Too many app tool call requests. Try again later' });
|
||||
};
|
||||
|
||||
const limiterOptions = {
|
||||
windowMs: 60 * 1000,
|
||||
max: 60,
|
||||
handler,
|
||||
keyGenerator: function (req) {
|
||||
return req.user?.id;
|
||||
},
|
||||
store: limiterCache('mcp_app_tool_call_limiter'),
|
||||
};
|
||||
|
||||
const mcpAppToolCallLimiter = rateLimit(limiterOptions);
|
||||
|
||||
module.exports = mcpAppToolCallLimiter;
|
||||
|
|
@ -32,6 +32,7 @@ const {
|
|||
getMCPTools,
|
||||
} = require('~/server/controllers/mcp');
|
||||
const { readMCPResource, appToolCall, serveMCPSandbox } = require('~/server/controllers/mcpApps');
|
||||
const mcpAppToolCallLimiter = require('~/server/middleware/limiters/mcpAppToolCallLimiter');
|
||||
const {
|
||||
getOAuthReconnectionManager,
|
||||
getMCPServersRegistry,
|
||||
|
|
@ -991,7 +992,13 @@ router.post('/resources/read', requireJwtAuth, checkMCPUsePermissions, readMCPRe
|
|||
* Proxy tool calls from MCP App iframe to MCP server
|
||||
* @route POST /api/mcp/app-tool-call
|
||||
*/
|
||||
router.post('/app-tool-call', requireJwtAuth, checkMCPUsePermissions, appToolCall);
|
||||
router.post(
|
||||
'/app-tool-call',
|
||||
requireJwtAuth,
|
||||
checkMCPUsePermissions,
|
||||
mcpAppToolCallLimiter,
|
||||
appToolCall,
|
||||
);
|
||||
|
||||
/**
|
||||
* Serve the sandbox proxy HTML for MCP Apps
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue