add ratelimit on logs fetch

Author: NiloCK

packages/express/package.json

@@ -28,6 +28,7 @@
         "cors": "^2.8.5",
         "dotenv": "^16.4.7",
         "express": "^4.21.2",
+        "express-rate-limit": "^7.5.0",
         "ffmpeg-static": "^5.2.0",
         "hashids": "^2.3.0",
         "morgan": "^1.10.0",
@@ -45,6 +46,7 @@
         "@types/cors": "^2.8.17",
         "@types/dotenv": "^8.2.3",
         "@types/express": "4.17.21",
+        "@types/express-rate-limit": "^6.0.2",
         "@types/ffmpeg-static": "^2.0.0",
         "@types/hashids": "^1.0.30",
         "@types/jest": "^29.5.14",

packages/express/src/routes/logs.ts

@@ -1,12 +1,27 @@
 import express, { Request, Response } from 'express';
 import { promises as fs } from 'fs';
 import path from 'path';
+import rateLimit from 'express-rate-limit';
 
 import logger from '../logger.js';
 import process from 'process';
 
 const router = express.Router();
 
+// Rate limiting middleware for logs routes
+const logsRateLimit = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 20, // Limit each IP to 20 requests per windowMs
+  message: {
+    error: 'Too many log requests from this IP, please try again later.'
+  },
+  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+});
+
+// Apply rate limiting to all routes in this router
+router.use(logsRateLimit);
+
 // Get list of available log files
 router.get('/', async (_req: Request, res: Response) => {
   // [ ] add an auth mechanism. Below fcn is based on