mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-13 22:54:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: rate-limiting

Browse source 
Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2024-12-11 17:39:45 +01:00 committed by Philip Molares
parent e8f4cbabec
commit 876ebad1f3
10 changed files with 70 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

33
lib/web/middleware/rateLimit.js Normal file
View file

@ -0,0 +1,33 @@
'use strict'
const { rateLimit } = require('express-rate-limit')
const errors = require('../../errors')
const config = require('../../config')
const determineKey = (req) => {
if (req.user) {
return req.user.id
}
return req.header('cf-connecting-ip') || req.ip
}
// limits requests to user endpoints (login, signup) to 10 requests per 5 minutes
const userEndpoints = rateLimit({
windowMs: 5 * 60 * 1000,
limit: 10,
keyGenerator: determineKey,
handler: (req, res) => errors.errorTooManyRequests(res)
})
// limits the amount of requests to the new note endpoint per 5 minutes based on configuration
const newNotes = rateLimit({
windowMs: 5 * 60 * 1000,
limit: config.rateLimitNewNotes,
keyGenerator: determineKey,
handler: (req, res) => errors.errorTooManyRequests(res)
})
module.exports = {
userEndpoints,
newNotes
}