Security improvement Express API Rate Limit

frangoteam · Oct 16, 2021 · bce95bb · bce95bb
1 parent 4a489f2
commit bce95bb
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/server/api/index.js b/server/api/index.js
@@ -6,6 +6,7 @@ const fs = require('fs');
 var express = require('express');
 var bodyParser = require('body-parser');
 var authJwt = require('./jwt-helper');
+const rateLimit = require("express-rate-limit");
 
 var prjApi = require('./projects');
 var authApi = require('./auth');
@@ -40,6 +41,14 @@ function init(_server, _runtime) {
             pluginsApi.init(runtime, authJwt.verifyToken, verifyGroups);
             apiApp.use(pluginsApi.app());
 
+            const limiter = rateLimit({
+                windowMs: 5 * 60 * 1000, // 5 minutes
+                max: 100 // limit each IP to 100 requests per windowMs
+            });
+
+            //  apply to all requests
+            apiApp.use(limiter);
+
             /**
              * GET Server setting data
              */

diff --git a/server/package.json b/server/package.json
@@ -23,6 +23,7 @@
     "bluebird": "^3.5.3",
     "body-parser": "^1.18.3",
     "express": "4.16.4",
+    "express-rate-limit": "^5.5.0",
     "fs-extra": "^7.0.1",
     "ip": "^1.1.5",
     "jsonwebtoken": "^8.5.1",