From 8889a8256046f9d1e60a674b053b767ef1756dce Mon Sep 17 00:00:00 2001 From: "@wwwjim" Date: Thu, 29 Oct 2020 00:05:57 -0700 Subject: [PATCH] tries rate limiting --- package.json | 1 + server.js | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/package.json b/package.json index 1d14d65e..a27e70c9 100644 --- a/package.json +++ b/package.json @@ -58,6 +58,7 @@ "cors": "^2.8.5", "dotenv": "^8.2.0", "express": "^4.17.1", + "express-rate-limit": "^5.1.3", "fs-extra": "^9.0.1", "heic2any": "0.0.3", "isomorphic-fetch": "^3.0.0", diff --git a/server.js b/server.js index edd5a25b..81848b29 100644 --- a/server.js +++ b/server.js @@ -12,6 +12,7 @@ import * as Strings from "~/common/strings"; import ApiV1GetSlateObjects from "~/pages/api/v1/get-slate-objects"; +import limit from "express-rate-limit"; import express from "express"; import next from "next"; import compression from "compression"; @@ -24,6 +25,18 @@ const app = next({ quiet: false, }); +const createLimiter = limit({ + windowMs: 10 * 60 * 1000, // 10 minutes + max: 5, + message: { decorator: "RATE_LIMITED", error: true, message: "You have made too many requests." }, +}); + +const loginLimiter = limit({ + windowMs: 10 * 60 * 1000, // 10 minutes + max: 5, + message: { decorator: "RATE_LIMITED", error: true, message: "You have made too many requests." }, +}); + const handler = app.getRequestHandler(); const EXTERNAL_RESOURCES = { @@ -58,6 +71,14 @@ app.prepare().then(async () => { return await ApiV1GetSlateObjects(r, s); }); + server.all("/api/users/create", createLimiter, async (r, s, next) => { + return handler(r, s, r.url); + }); + + server.all("/api/sign-in", loginLimiter, async (r, s, next) => { + return handler(r, s, r.url); + }); + server.all("/api/:a", async (r, s, next) => { return handler(r, s, r.url); });