From f9bcecbe20960f08a679273ae819ea7cf6fdb3e6 Mon Sep 17 00:00:00 2001
From: Milan Steiner <steiner.milan@hotmail.com>
Date: Mon, 14 Feb 2022 12:54:59 +0100
Subject: [PATCH] Using address instead of ip to prevent draining

---
 packages/faucet/src/api/webserver.ts | 29 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/packages/faucet/src/api/webserver.ts b/packages/faucet/src/api/webserver.ts
index b1ed2fbb..0fb54ef5 100644
--- a/packages/faucet/src/api/webserver.ts
+++ b/packages/faucet/src/api/webserver.ts
@@ -14,14 +14,14 @@ export interface ChainConstants {
   readonly chainId: string;
 }
 
-export interface IpEntry {
-  ip: string;
+export interface AddressEntry {
+  address: string;
   date: number;
 }
 
 export class Webserver {
   private readonly api = new Koa();
-  private readonly ipCounter: IpEntry[] = [];
+  private readonly addressCounter: AddressEntry[] = [];
 
   public constructor(faucet: Faucet, chainConstants: ChainConstants) {
     this.api.use(cors());
@@ -53,16 +53,6 @@ export class Webserver {
           break;
         }
         case "/credit": {
-          const ipUsed = this.ipCounter.find((x) => x.ip === context.request.ip);
-          if (ipUsed !== undefined) {
-            if (ipUsed.date + 24 * 3600 > Date.now()) {
-              throw new HttpError(
-                405,
-                "Too many request from the same IP. Blocked to prevent draining. Please wait 24h and try it again!",
-              );
-            }
-          }
-
           if (context.request.method !== "POST") {
             throw new HttpError(405, "This endpoint requires a POST request");
           }
@@ -74,13 +64,22 @@ export class Webserver {
           // context.request.body is set by the bodyParser() plugin
           const requestBody = context.request.body;
           const creditBody = RequestParser.parseCreditBody(requestBody);
-
           const { address, denom } = creditBody;
 
           if (!isValidAddress(address, constants.addressPrefix)) {
             throw new HttpError(400, "Address is not in the expected format for this chain.");
           }
 
+          const addressUsed = this.addressCounter.find((x) => x.address === address);
+          if (addressUsed !== undefined) {
+            if (addressUsed.date + 24 * 3600 > Date.now()) {
+              throw new HttpError(
+                405,
+                "Too many request from the same address. Blocked to prevent draining. Please wait 24h and try it again!",
+              );
+            }
+          }
+
           const availableTokens = await faucet.availableTokens();
           const matchingDenom = availableTokens.find((availableDenom) => availableDenom === denom);
           if (matchingDenom === undefined) {
@@ -91,7 +90,7 @@ export class Webserver {
             await faucet.credit(address, matchingDenom);
             // Count IPs to prevent draining
             if (context.request.ip) {
-              this.ipCounter.push({ ip: context.request.ip, date: Date.now() });
+              this.addressCounter.push({ address: address, date: Date.now() });
             }
           } catch (e) {
             console.error(e);