[Task] #43, add global ratelimiter

Type-Style · Mar 8, 2024 · 24506ac · 24506ac
1 parent f01d579
commit 24506ac
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 6 deletions.
diff --git a/src/app.ts b/src/app.ts
@@ -11,6 +11,7 @@ import writeRouter from '@src/controller/write';
 import readRouter from '@src/controller/read';
 import path from 'path';
 import logger from '@src/scripts/logger';
+import { baseRateLimiter } from './middleware/limit';
 
 // configurations
 config(); // dotenv
@@ -39,12 +40,14 @@ app.use(helmet({ contentSecurityPolicy: { directives: { "default-src": "'self'",
 app.use(cache);
 app.use(compression())
 app.use(hpp());
+app.use(baseRateLimiter);
 app.use(express.urlencoded({ limit: '0.5kb', extended: true }));
 
 
 // routes
 app.get('/', (req, res) => {
   logger.log(req.ip + " - " + res.locals.ip, true);
+  console.count();
   res.send('Hello World, via TypeScript and Node.js! ' + res.locals.ip);
 });
 

diff --git a/src/controller/read.ts b/src/controller/read.ts
@@ -44,7 +44,7 @@ router.get("/login/", baseSlowDown, baseRateLimiter, async function login(req: R
   res.render("login-form");
 });
 
-router.post("/login/", loginSlowDown, async function postLogin(req: Request, res: Response, next: NextFunction) {
+router.post("/login/", loginSlowDown, async function postLogin(req: Request, res: Response) {
   logger.log("post login was called");
   logger.log(req.body);
   res.locals.text = "post recieved";

diff --git a/src/middleware/limit.ts b/src/middleware/limit.ts
@@ -7,7 +7,7 @@ import logger from '@src/scripts/logger';
 ** configurations
 */
 const baseOptions: Partial<rateLimiterOptions & slowDownOptions> = {
-  windowMs: 30 * 60 * 1000,
+  windowMs: 3 * 60 * 1000,
   skip: (req, res) => (res.locals.ip == "127.0.0.1" || res.locals.ip == "::1")
 }
 
@@ -19,7 +19,7 @@ const baseSlowDownOptions: Partial<slowDownOptions> = {
 
 const baseRateLimitOptions: Partial<rateLimiterOptions> = {
   ...baseOptions,
-  limit: 10, // Limit each IP per window
+  limit: 50, // Limit each IP per window
   standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
   legacyHeaders: false, // Disable the `X-RateLimit-*` headers
   handler: function rateHandler(req: Request, res: Response, next: NextFunction, options: rateLimiterOptions) {
@@ -29,7 +29,7 @@ const baseRateLimitOptions: Partial<rateLimiterOptions> = {
     }
     res.status(options.statusCode).send(options.message);
   },
-  message: "Too many attempts"
+  message: "Too many requests"
 }
 
 
@@ -67,7 +67,6 @@ export const errorRateLimiter = rateLimit({
 
 export const loginLimiter = rateLimit({
   ...baseRateLimitOptions,
-  windowMs: 3 * 60 * 1000,
   limit: 3,
   message: 'Too many attempts without valid login',
 });
diff --git a/src/tests/app.test.ts b/src/tests/app.test.ts
@@ -12,4 +12,5 @@ describe('Server Status', () => {
 
     expect(serverStatus).toBe(200);
   })
-})
+})
+
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,4 +12,5 @@ describe('Server Status', () => { @@
         expect(serverStatus).toBe(200);
       })
-    })
+    })