feat: add rate limiting middleware to prevent API abuse

Signed-off-by: Vipul Singh <vipulsingh.1404@gmail.com>

Author: vipulsc

express-mongodb/app.js

@@ -2,11 +2,21 @@ require('dotenv').config();
 
 const express = require("express");
 const mongoose = require("mongoose");
+const rateLimit = require("express-rate-limit");
 const Product = require("./models/product.model.js");
 const productRoute = require("./routes/product.route.js");
 const connectDB = require('./db/connect');
 const app = express();
 
+// Set up rate limiter
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100 // 100 requests per IP
+});
+
+// Add rate limiting to all routes
+app.use(limiter);
+
 // middleware
 app.use(express.json());
 app.use(express.urlencoded({extended: false}));

express-mongodb/package-lock.json

@@ -16,6 +16,7 @@
     "cross-env": "^7.0.3",
     "dotenv": "^16.4.5",
     "express": "^4.19.2",
+    "express-rate-limit": "^7.5.0",
     "mongodb": "^6.5.0",
     "mongoose": "^8.1.0",
     "moongoose": "^0.0.5"