From 34836c9f6dd6715b57f23a2c992af3170da6cac5 Mon Sep 17 00:00:00 2001
From: likui628 <90845831+likui628@users.noreply.github.com>
Date: Sat, 28 Sep 2024 13:58:01 +0800
Subject: [PATCH] Add rateLimiter

---
 .env.sample                     |  2 +-
 package-lock.json               | 16 ++++++++++++++++
 package.json                    |  5 +++--
 src/app.ts                      |  4 ++++
 src/middlewares/rate-limiter.ts | 16 ++++++++++++++++
 5 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 src/middlewares/rate-limiter.ts

diff --git a/.env.sample b/.env.sample
index 0872828..d80c709 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1,4 +1,4 @@
-NODE_ENV=development
+NODE_ENV=production
 
 ACCESS_TOKEN_SECRET='your_access_token_secret'
 REFRESH_TOKEN_SECRET='your_refresh_token_secret'
diff --git a/package-lock.json b/package-lock.json
index 7ec14d3..25e449c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,6 +14,7 @@
         "cors": "^2.8.5",
         "dotenv": "^16.4.5",
         "express": "^4.21.0",
+        "express-rate-limit": "^7.4.0",
         "helmet": "^7.1.0",
         "jsonwebtoken": "^9.0.2",
         "morgan": "^1.10.0",
@@ -4011,6 +4012,21 @@
         "node": ">= 0.10.0"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.4.0.tgz",
+      "integrity": "sha512-v1204w3cXu5gCDmAvgvzI6qjzZzoMWKnyVDk3ACgfswTQLYiGen+r8w0VnXnGMmzEN/g8fwIQ4JrFFd4ZP6ssg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": "4 || 5 || ^5.0.0-beta.1"
+      }
+    },
     "node_modules/express/node_modules/debug": {
       "version": "2.6.9",
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
diff --git a/package.json b/package.json
index 82ca375..01b33ab 100644
--- a/package.json
+++ b/package.json
@@ -22,16 +22,17 @@
   "license": "MIT",
   "dependencies": {
     "@prisma/client": "^5.20.0",
+    "cookie-parser": "^1.4.6",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
     "express": "^4.21.0",
+    "express-rate-limit": "^7.4.0",
     "helmet": "^7.1.0",
     "jsonwebtoken": "^9.0.2",
     "morgan": "^1.10.0",
     "passport": "^0.7.0",
     "passport-jwt": "^4.0.1",
-    "zod": "^3.23.8",
-    "cookie-parser": "^1.4.6"
+    "zod": "^3.23.8"
   },
   "devDependencies": {
     "@types/cookie-parser": "^1.4.7",
diff --git a/src/app.ts b/src/app.ts
index a85f5d1..2563de9 100644
--- a/src/app.ts
+++ b/src/app.ts
@@ -9,6 +9,7 @@ import cookieParser from 'cookie-parser'
 import routes from './routes/v1'
 import { errorHandler, notFound } from './middlewares'
 import { jwtStrategy } from './config/passport'
+import { rateLimiter } from './middlewares/rate-limiter'
 
 dotenv.config()
 
@@ -23,6 +24,9 @@ app.use(cors())
 app.use(cookieParser())
 app.use(express.json())
 
+if (process.env.NODE_ENV === 'production') {
+  app.use('/v1/auth', rateLimiter)
+}
 app.use('/v1', routes)
 
 app.use(notFound)
diff --git a/src/middlewares/rate-limiter.ts b/src/middlewares/rate-limiter.ts
new file mode 100644
index 0000000..974ce5b
--- /dev/null
+++ b/src/middlewares/rate-limiter.ts
@@ -0,0 +1,16 @@
+import rateLimit from 'express-rate-limit'
+import { errorResponse } from '../utils'
+
+export const rateLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  limit: 2,
+  skipSuccessfulRequests: true,
+  handler: (_req, res, _next) => {
+    return errorResponse(
+      res,
+      'rate-limit',
+      429,
+      'Too many requests, please try again later.',
+    )
+  },
+})