add hour rate limiter middleware to the api router and allows max 600 requests per hour
This commit is contained in:
@ -46,7 +46,7 @@ import { analytics } from './utils/analytics'
|
||||
import { corsConfig } from './utils/corsConfig'
|
||||
import { getClientFromUserAgent } from './utils/helpers'
|
||||
import { buildLogger, buildLoggerTransport, logger } from './utils/logger'
|
||||
import { apiLimiter, authLimiter } from './utils/rate_limit'
|
||||
import { apiHourLimiter, apiLimiter, authLimiter } from './utils/rate_limit'
|
||||
import { shortcutsRouter } from './routers/shortcuts_router'
|
||||
|
||||
const PORT = process.env.PORT || 4000
|
||||
@ -68,7 +68,7 @@ export const createApp = (): Express => {
|
||||
app.set('trust proxy', env.server.trustProxy)
|
||||
|
||||
// Apply the rate limiting middleware to API calls only
|
||||
app.use('/api/', apiLimiter)
|
||||
app.use('/api/', apiLimiter, apiHourLimiter)
|
||||
|
||||
// set client info in the request context
|
||||
app.use(httpContext.middleware)
|
||||
|
||||
@ -27,7 +27,7 @@ const configs: Partial<Options> = {
|
||||
export const apiLimiter = rateLimit({
|
||||
...configs,
|
||||
max: async (req) => {
|
||||
// 100 RPM for an authenticated request, 15 for a non-authenticated request
|
||||
// 60 RPM for authenticated request, 15 for non-authenticated request
|
||||
const token = getTokenByRequest(req)
|
||||
try {
|
||||
const claims = await getClaimsByToken(token)
|
||||
@ -43,6 +43,26 @@ export const apiLimiter = rateLimit({
|
||||
store: getStore('api-rate-limit'),
|
||||
})
|
||||
|
||||
export const apiHourLimiter = rateLimit({
|
||||
...configs,
|
||||
windowMs: 60 * 60 * 1000, // 1 hour
|
||||
max: async (req) => {
|
||||
// 600 for authenticated request, 150 for non-authenticated request
|
||||
const token = getTokenByRequest(req)
|
||||
try {
|
||||
const claims = await getClaimsByToken(token)
|
||||
return claims ? 600 : 150
|
||||
} catch (e) {
|
||||
console.log('non-authenticated request')
|
||||
return 150
|
||||
}
|
||||
},
|
||||
keyGenerator: (req) => {
|
||||
return getTokenByRequest(req) || req.ip
|
||||
},
|
||||
store: getStore('api-hour-rate-limit'),
|
||||
})
|
||||
|
||||
// 5 RPM for auth requests
|
||||
export const authLimiter = rateLimit({
|
||||
...configs,
|
||||
|
||||
Reference in New Issue
Block a user