feat(api): rate limiting
This commit is contained in:
divlo
parent
ffec0058e5
commit
944d5c4972
14
api/app.js
14
api/app.js
@ -6,6 +6,7 @@ const helmet = require('helmet')
|
|||||||
const cors = require('cors')
|
const cors = require('cors')
|
||||||
const morgan = require('morgan')
|
const morgan = require('morgan')
|
||||||
const { redirectToHTTPS } = require('express-http-to-https')
|
const { redirectToHTTPS } = require('express-http-to-https')
|
||||||
|
const rateLimit = require('express-rate-limit')
|
||||||
|
|
||||||
/* Files Imports & Variables */
|
/* Files Imports & Variables */
|
||||||
const sequelize = require('./assets/utils/database')
|
const sequelize = require('./assets/utils/database')
|
||||||
@ -20,6 +21,19 @@ if (process.env.NODE_ENV === 'development') {
|
|||||||
app.use(morgan('dev'))
|
app.use(morgan('dev'))
|
||||||
} else if (process.env.NODE_ENV === 'production') {
|
} else if (process.env.NODE_ENV === 'production') {
|
||||||
app.use(redirectToHTTPS())
|
app.use(redirectToHTTPS())
|
||||||
|
const requestPerSecond = 2
|
||||||
|
const seconds = 60
|
||||||
|
const windowMs = seconds * 1000
|
||||||
|
app.enable('trust proxy')
|
||||||
|
app.use(
|
||||||
|
rateLimit({
|
||||||
|
windowMs,
|
||||||
|
max: seconds * requestPerSecond,
|
||||||
|
handler: (_req, res) => {
|
||||||
|
return res.status(429).json({ message: 'Too many requests' })
|
||||||
|
}
|
||||||
|
})
|
||||||
|
)
|
||||||
}
|
}
|
||||||
app.use(helmet())
|
app.use(helmet())
|
||||||
app.use(cors())
|
app.use(cors())
|
||||||
|
|||||||
5
api/package-lock.json
generated
5
api/package-lock.json
generated
@ -1406,6 +1406,11 @@
|
|||||||
"express": "^4.15.3"
|
"express": "^4.15.3"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"express-rate-limit": {
|
||||||
|
"version": "5.1.3",
|
||||||
|
"resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-5.1.3.tgz",
|
||||||
|
"integrity": "sha512-TINcxve5510pXj4n9/1AMupkj3iWxl3JuZaWhCdYDlZeoCPqweGZrxbrlqTCFb1CT5wli7s8e2SH/Qz2c9GorA=="
|
||||||
|
},
|
||||||
"express-validator": {
|
"express-validator": {
|
||||||
"version": "6.6.1",
|
"version": "6.6.1",
|
||||||
"resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.6.1.tgz",
|
"resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.6.1.tgz",
|
||||||
|
|||||||
@ -11,23 +11,24 @@
|
|||||||
"axios": "^0.21.0",
|
"axios": "^0.21.0",
|
||||||
"bcryptjs": "^2.4.3",
|
"bcryptjs": "^2.4.3",
|
||||||
"cors": "^2.8.5",
|
"cors": "^2.8.5",
|
||||||
|
"dotenv": "^8.2.0",
|
||||||
"express": "^4.17.1",
|
"express": "^4.17.1",
|
||||||
"express-fileupload": "^1.2.0",
|
"express-fileupload": "^1.2.0",
|
||||||
"express-http-to-https": "^1.1.4",
|
"express-http-to-https": "^1.1.4",
|
||||||
|
"express-rate-limit": "^5.1.3",
|
||||||
"express-validator": "^6.6.1",
|
"express-validator": "^6.6.1",
|
||||||
"helmet": "^4.1.1",
|
"helmet": "^4.1.1",
|
||||||
"jsdom": "^16.4.0",
|
"jsdom": "^16.4.0",
|
||||||
"jsonwebtoken": "^8.5.1",
|
"jsonwebtoken": "^8.5.1",
|
||||||
"moment": "^2.29.1",
|
"moment": "^2.29.1",
|
||||||
|
"morgan": "^1.10.0",
|
||||||
"ms": "^2.1.2",
|
"ms": "^2.1.2",
|
||||||
"mysql2": "^2.2.5",
|
"mysql2": "^2.2.5",
|
||||||
"nodemailer": "^6.4.14",
|
"nodemailer": "^6.4.14",
|
||||||
"sequelize": "^6.3.5",
|
"sequelize": "^6.3.5",
|
||||||
"smart-request-balancer": "^2.1.1",
|
"smart-request-balancer": "^2.1.1",
|
||||||
"uuid": "^8.3.1",
|
"uuid": "^8.3.1",
|
||||||
"validator": "^13.1.17",
|
"validator": "^13.1.17"
|
||||||
"dotenv": "^8.2.0",
|
|
||||||
"morgan": "^1.10.0"
|
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"nodemon": "^2.0.6",
|
"nodemon": "^2.0.6",
|
||||||
|
|||||||
Reference in New Issue
Block a user