feat(api): rate limiting

This commit is contained in:
divlo 2020-10-30 17:16:53 +01:00
parent ffec0058e5
commit 944d5c4972
3 changed files with 23 additions and 3 deletions

View File

@ -6,6 +6,7 @@ const helmet = require('helmet')
const cors = require('cors') const cors = require('cors')
const morgan = require('morgan') const morgan = require('morgan')
const { redirectToHTTPS } = require('express-http-to-https') const { redirectToHTTPS } = require('express-http-to-https')
const rateLimit = require('express-rate-limit')
/* Files Imports & Variables */ /* Files Imports & Variables */
const sequelize = require('./assets/utils/database') const sequelize = require('./assets/utils/database')
@ -20,6 +21,19 @@ if (process.env.NODE_ENV === 'development') {
app.use(morgan('dev')) app.use(morgan('dev'))
} else if (process.env.NODE_ENV === 'production') { } else if (process.env.NODE_ENV === 'production') {
app.use(redirectToHTTPS()) app.use(redirectToHTTPS())
const requestPerSecond = 2
const seconds = 60
const windowMs = seconds * 1000
app.enable('trust proxy')
app.use(
rateLimit({
windowMs,
max: seconds * requestPerSecond,
handler: (_req, res) => {
return res.status(429).json({ message: 'Too many requests' })
}
})
)
} }
app.use(helmet()) app.use(helmet())
app.use(cors()) app.use(cors())

5
api/package-lock.json generated
View File

@ -1406,6 +1406,11 @@
"express": "^4.15.3" "express": "^4.15.3"
} }
}, },
"express-rate-limit": {
"version": "5.1.3",
"resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-5.1.3.tgz",
"integrity": "sha512-TINcxve5510pXj4n9/1AMupkj3iWxl3JuZaWhCdYDlZeoCPqweGZrxbrlqTCFb1CT5wli7s8e2SH/Qz2c9GorA=="
},
"express-validator": { "express-validator": {
"version": "6.6.1", "version": "6.6.1",
"resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.6.1.tgz", "resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.6.1.tgz",

View File

@ -11,23 +11,24 @@
"axios": "^0.21.0", "axios": "^0.21.0",
"bcryptjs": "^2.4.3", "bcryptjs": "^2.4.3",
"cors": "^2.8.5", "cors": "^2.8.5",
"dotenv": "^8.2.0",
"express": "^4.17.1", "express": "^4.17.1",
"express-fileupload": "^1.2.0", "express-fileupload": "^1.2.0",
"express-http-to-https": "^1.1.4", "express-http-to-https": "^1.1.4",
"express-rate-limit": "^5.1.3",
"express-validator": "^6.6.1", "express-validator": "^6.6.1",
"helmet": "^4.1.1", "helmet": "^4.1.1",
"jsdom": "^16.4.0", "jsdom": "^16.4.0",
"jsonwebtoken": "^8.5.1", "jsonwebtoken": "^8.5.1",
"moment": "^2.29.1", "moment": "^2.29.1",
"morgan": "^1.10.0",
"ms": "^2.1.2", "ms": "^2.1.2",
"mysql2": "^2.2.5", "mysql2": "^2.2.5",
"nodemailer": "^6.4.14", "nodemailer": "^6.4.14",
"sequelize": "^6.3.5", "sequelize": "^6.3.5",
"smart-request-balancer": "^2.1.1", "smart-request-balancer": "^2.1.1",
"uuid": "^8.3.1", "uuid": "^8.3.1",
"validator": "^13.1.17", "validator": "^13.1.17"
"dotenv": "^8.2.0",
"morgan": "^1.10.0"
}, },
"devDependencies": { "devDependencies": {
"nodemon": "^2.0.6", "nodemon": "^2.0.6",