Add rateLimiter

likui628 · Sep 28, 2024 · 34836c9 · 34836c9
1 parent 0fb5fb2
commit 34836c9
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 3 deletions.
diff --git a/.env.sample b/.env.sample
@@ -1,4 +1,4 @@
-NODE_ENV=development
+NODE_ENV=production
 
 ACCESS_TOKEN_SECRET='your_access_token_secret'
 REFRESH_TOKEN_SECRET='your_refresh_token_secret'

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -22,16 +22,17 @@
   "license": "MIT",
   "dependencies": {
     "@prisma/client": "^5.20.0",
+    "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
     "express": "^4.21.0",
+    "express-rate-limit": "^7.4.0",
     "helmet": "^7.1.0",
     "jsonwebtoken": "^9.0.2",
     "morgan": "^1.10.0",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
-    "zod": "^3.23.8",
-    "cookie-parser": "^1.4.6"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@types/cookie-parser": "^1.4.7",

diff --git a/src/app.ts b/src/app.ts
@@ -9,6 +9,7 @@ import cookieParser from 'cookie-parser'
 import routes from './routes/v1'
 import { errorHandler, notFound } from './middlewares'
 import { jwtStrategy } from './config/passport'
+import { rateLimiter } from './middlewares/rate-limiter'
 
 dotenv.config()
 
@@ -23,6 +24,9 @@ app.use(cors())
 app.use(cookieParser())
 app.use(express.json())
 
+if (process.env.NODE_ENV === 'production') {
+  app.use('/v1/auth', rateLimiter)
+}
 app.use('/v1', routes)
 
 app.use(notFound)

diff --git a/src/middlewares/rate-limiter.ts b/src/middlewares/rate-limiter.ts
@@ -0,0 +1,16 @@
+import rateLimit from 'express-rate-limit'
+import { errorResponse } from '../utils'
+
+export const rateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  limit: 2,
+  skipSuccessfulRequests: true,
+  handler: (_req, res, _next) => {
+    return errorResponse(
+      res,
+      'rate-limit',
+      429,
+      'Too many requests, please try again later.',
+    )
+  },
+})