feat: add rate limiter proxy

Foxnouns.Backend/Controllers/InternalController.cs

@@ -0,0 +1,83 @@
+using System.Security.Cryptography;
+using System.Text.RegularExpressions;
+using Foxnouns.Backend.Database;
+using Foxnouns.Backend.Utils;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Controllers;
+using Microsoft.AspNetCore.Mvc.Routing;
+using Microsoft.AspNetCore.Routing.Template;
+using Microsoft.EntityFrameworkCore;
+using NodaTime;
+
+namespace Foxnouns.Backend.Controllers;
+
+[ApiController]
+[Route("/api/internal")]
+public partial class InternalController(DatabaseContext db, IClock clock) : ControllerBase
+{
+    [GeneratedRegex(@"(\{\w+\})")]
+    private static partial Regex PathVarRegex();
+
+    private static string GetCleanedTemplate(string template)
+    {
+        if (template.StartsWith("api/v2")) template = template.Substring("api/v2".Length);
+        template = PathVarRegex()
+            .Replace(template, "{id}") // Replace all path variables (almost always IDs) with `{id}`
+            .Replace("@me", "{id}"); // Also replace hardcoded `@me` with `{id}`
+        if (template.Contains("{id}")) return template.Split("{id}")[0] + "{id}";
+        return template;
+    }
+
+    [HttpPost("request-data")]
+    public async Task<IActionResult> GetRequestDataAsync([FromBody] RequestDataRequest req)
+    {
+        var endpoint = GetEndpoint(HttpContext, req.Path, req.Method);
+        if (endpoint == null) throw new ApiError.BadRequest("Path/method combination is invalid");
+
+        var actionDescriptor = endpoint.Metadata.GetMetadata<ControllerActionDescriptor>();
+        var template = actionDescriptor?.AttributeRouteInfo?.Template;
+        if (template == null) throw new FoxnounsError("Template value was null on valid endpoint");
+        template = GetCleanedTemplate(template);
+
+        // If no token was supplied, or it isn't valid base 64, return a null user ID (limiting by IP)
+        if (req.Token == null) return Ok(new RequestDataResponse(null, template));
+        if (!AuthUtils.TryFromBase64String(req.Token, out var rawToken))
+            return Ok(new RequestDataResponse(null, template));
+
+        var hash = SHA512.HashData(rawToken);
+        var oauthToken = await db.Tokens
+            .Include(t => t.Application)
+            .Include(t => t.User)
+            .FirstOrDefaultAsync(t => t.Hash == hash && t.ExpiresAt > clock.GetCurrentInstant() && !t.ManuallyExpired);
+
+        return Ok(new RequestDataResponse(oauthToken?.UserId, template));
+    }
+
+    public record RequestDataRequest(string? Token, string Method, string Path);
+
+    public record RequestDataResponse(
+        Snowflake? UserId,
+        string Template);
+
+    private static Endpoint? GetEndpoint(HttpContext httpContext, string url, string requestMethod)
+    {
+        var endpointDataSource = httpContext.RequestServices.GetService<EndpointDataSource>();
+        if (endpointDataSource == null) return null;
+        var endpoints = endpointDataSource.Endpoints.OfType<RouteEndpoint>();
+
+        foreach (var endpoint in endpoints)
+        {
+            if (endpoint.RoutePattern.RawText == null) continue;
+
+            var templateMatcher = new TemplateMatcher(TemplateParser.Parse(endpoint.RoutePattern.RawText), new());
+            if (!templateMatcher.TryMatch(url, new())) continue;
+            var httpMethodAttribute = endpoint.Metadata.GetMetadata<HttpMethodAttribute>();
+            if (httpMethodAttribute != null &&
+                !httpMethodAttribute.HttpMethods.Any(x => x.Equals(requestMethod, StringComparison.OrdinalIgnoreCase)))
+                continue;
+            return endpoint;
+        }
+
+        return null;
+    }
+}