calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-10 20:02:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

introduce strict rate limitso on auth router endpoints

Browse Source
This commit is contained in:
miloschwartz
2025-07-14 18:00:41 -07:00
parent d6fdb38c22
commit b7df0b122d
6 changed files with 236 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
server/middlewares/index.ts
View File

@@ -1,5 +1,4 @@
export * from "./notFound";
export * from "./rateLimit";
export * from "./formatError";
export * from "./verifySession";
export * from "./verifyUser";

49
server/middlewares/rateLimit.ts
View File

@@ -1,49 +0,0 @@
import { rateLimit } from "express-rate-limit";
import createHttpError from "http-errors";
import { NextFunction, Request, Response } from "express";
import logger from "@server/logger";
import HttpCode from "@server/types/HttpCode";
export function rateLimitMiddleware({
windowMin,
max,
type,
skipCondition,
}: {
windowMin: number;
max: number;
type: "IP_ONLY" | "IP_AND_PATH";
skipCondition?: (req: Request, res: Response) => boolean;
}) {
if (type === "IP_AND_PATH") {
return rateLimit({
windowMs: windowMin * 60 * 1000,
max,
skip: skipCondition,
keyGenerator: (req: Request) => {
return `${req.ip}-${req.path}`;
},
handler: (req: Request, res: Response, next: NextFunction) => {
const message = `Rate limit exceeded. You can make ${max} requests every ${windowMin} minute(s).`;
logger.warn(
`Rate limit exceeded for IP ${req.ip} on path ${req.path}`,
);
return next(
createHttpError(HttpCode.TOO_MANY_REQUESTS, message),
);
},
});
}
return rateLimit({
windowMs: windowMin * 60 * 1000,
max,
skip: skipCondition,
handler: (req: Request, res: Response, next: NextFunction) => {
const message = `Rate limit exceeded. You can make ${max} requests every ${windowMin} minute(s).`;
logger.warn(`Rate limit exceeded for IP ${req.ip}`);
return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
},
});
}
export default rateLimitMiddleware;