From a4ca0902a3d4f8353a5a43d04dbe35428292d007 Mon Sep 17 00:00:00 2001
From: sam <sam@vulpine.solutions>
Date: Thu, 3 Oct 2024 16:53:26 +0200
Subject: [PATCH] fix(frontend): proxy authenticated non-GET requests through
 rate limiter

---
 Foxnouns.Frontend/app/lib/request.server.ts       | 15 ++++++++++-----
 .../app/routes/settings._index/route.tsx          |  1 -
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/Foxnouns.Frontend/app/lib/request.server.ts b/Foxnouns.Frontend/app/lib/request.server.ts
index 7da3e84..8dab154 100644
--- a/Foxnouns.Frontend/app/lib/request.server.ts
+++ b/Foxnouns.Frontend/app/lib/request.server.ts
@@ -1,5 +1,5 @@
 import { parse as parseCookie, serialize as serializeCookie } from "cookie";
-import { INTERNAL_API_BASE } from "~/env.server";
+import { API_BASE, INTERNAL_API_BASE } from "~/env.server";
 import { ApiError, ErrorCode } from "./api/error";
 import { tokenCookieName } from "~/lib/utils";
 
@@ -11,12 +11,17 @@ export type RequestParams = {
 	isInternal?: boolean;
 };
 
+export type RequestMethod = "GET" | "POST" | "PATCH" | "DELETE";
+
 export async function baseRequest(
-	method: string,
+	method: RequestMethod,
 	path: string,
 	params: RequestParams = {},
 ): Promise<Response> {
-	const base = params.isInternal ? INTERNAL_API_BASE + "/internal" : INTERNAL_API_BASE + "/v2";
+	// Internal requests, unauthenticated requests, and GET requests bypass the rate limiting proxy.
+	// All other requests go through the proxy, and are rate limited.
+	let base = params.isInternal || !params.token || method === "GET" ? INTERNAL_API_BASE : API_BASE;
+	base += params.isInternal ? "/internal" : "/v2";
 
 	const url = `${base}${path}`;
 	const resp = await fetch(url, {
@@ -43,12 +48,12 @@ export async function baseRequest(
 	return resp;
 }
 
-export async function fastRequest(method: string, path: string, params: RequestParams = {}) {
+export async function fastRequest(method: RequestMethod, path: string, params: RequestParams = {}) {
 	await baseRequest(method, path, params);
 }
 
 export default async function serverRequest<T>(
-	method: string,
+	method: RequestMethod,
 	path: string,
 	params: RequestParams = {},
 ) {
diff --git a/Foxnouns.Frontend/app/routes/settings._index/route.tsx b/Foxnouns.Frontend/app/routes/settings._index/route.tsx
index 88655fc..2829098 100644
--- a/Foxnouns.Frontend/app/routes/settings._index/route.tsx
+++ b/Foxnouns.Frontend/app/routes/settings._index/route.tsx
@@ -5,7 +5,6 @@ import {
 	Link,
 	Outlet,
 	useActionData,
-	useFetcher,
 	useRouteLoaderData,
 } from "@remix-run/react";
 import { loader as settingsLoader } from "../settings/route";