Implement rate-limiter

cham11ng · cham11ng · commit 5d160bbfa265 · 2024-03-28T16:07:34.000-04:00
diff --git a/package.json b/package.json
@@ -57,6 +57,7 @@
     "date-fns": "^3.6.0",
     "dotenv": "^16.4.5",
     "express": "4.19.2",
+    "express-rate-limiter": "^1.3.1",
     "helmet": "^7.1.0",
     "http-status-codes": "^2.3.0",
     "joi": "^17.12.2",
@@ -74,6 +75,7 @@
     "@types/bcrypt": "^5.0.2",
     "@types/cors": "^2.8.17",
     "@types/express": "^4.17.21",
+    "@types/express-rate-limit": "^6.0.0",
     "@types/jest": "^29.5.12",
     "@types/jsonwebtoken": "^9.0.6",
     "@types/node": "^20.11.30",
diff --git a/src/app.ts b/src/app.ts
@@ -5,6 +5,7 @@ import helmet from 'helmet';
 import { bindModel } from './config/db';
 import genericErrorHandler from './middlewares/genericErrorHandler';
 import notFoundHandler from './middlewares/notFoundHandler';
+import rateLimitMiddleware from './middlewares/rateLimitHandler';
 import transactionHandler from './middlewares/transactionHandler';
 import routes from './routes';
 
@@ -15,6 +16,7 @@ bindModel();
 app.use(cors());
 app.use(helmet());
 app.use(transactionHandler);
+app.use(rateLimitMiddleware);
 app.use(express.json({ limit: '300kb' }));
 app.use(express.urlencoded({ extended: true }));
 
diff --git a/src/middlewares/rateLimitHandler.ts b/src/middlewares/rateLimitHandler.ts
@@ -0,0 +1,11 @@
+import { rateLimit } from 'express-rate-limit';
+
+// write express rateLimit best practices
+const rateLimitMiddleware = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+  message: 'Too many requests from this IP, please try again after 15 minutes',
+  headers: true
+});
+
+export default rateLimitMiddleware;
diff --git a/yarn.lock b/yarn.lock
@@ -850,6 +850,13 @@
   dependencies:
     "@types/node" "*"
 
+"@types/express-rate-limit@^6.0.0":
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/@types/express-rate-limit/-/express-rate-limit-6.0.0.tgz#11a314477895a8a888958f27650ed0d1ddad01b0"
+  integrity sha512-nZxo3nwU20EkTl/f2eGdndQkDIJYwkXIX4S3Vrp2jMdSdFJ6AWtIda8gOz0wiMuOFoeH/UUlCAiacz3x3eWNFA==
+  dependencies:
+    express-rate-limit "*"
+
 "@types/express-serve-static-core@^4.17.33":
   version "4.17.43"
   resolved "https://registry.yarnpkg.com/@types/express-serve-static-core/-/express-serve-static-core-4.17.43.tgz#10d8444be560cb789c4735aea5eac6e5af45df54"
@@ -2391,6 +2398,16 @@ expect@^29.0.0, expect@^29.7.0:
     jest-message-util "^29.7.0"
     jest-util "^29.7.0"
 
+express-rate-limit@*:
+  version "7.2.0"
+  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.2.0.tgz#06ce387dd5388f429cab8263c514fc07bf90a445"
+  integrity sha512-T7nul1t4TNyfZMJ7pKRKkdeVJWa2CqB8NA1P8BwYaoDI5QSBZARv5oMS43J7b7I5P+4asjVXjb7ONuwDKucahg==
+
+express-rate-limiter@^1.3.1:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/express-rate-limiter/-/express-rate-limiter-1.3.1.tgz#4c3444e796969d971817abdbb6a3b8a86fcda9b4"
+  integrity sha512-qLRc4ZkyCcfUCjPtVjwQOtf4OYPc7hc6ObOFemeeVYLlbam541/B7R33VvhztFsBGRUIT/wJW/oJz8n5k+fRfw==
+
 express@4.19.2:
   version "4.19.2"
   resolved "https://registry.yarnpkg.com/express/-/express-4.19.2.tgz#e25437827a3aa7f2a827bc8171bbbb664a356465"
