feat: ratelimits

This commit is contained in:
Saahil dutta 2024-11-03 18:08:22 -05:00
parent f336ec37b3
commit d59be2bfb1
Signed by: neon
GPG key ID: 8A8B64515254CFC6
3 changed files with 17 additions and 0 deletions

View file

@ -12,6 +12,7 @@
"dotenv": "^16.4.5", "dotenv": "^16.4.5",
"ejs": "^3.1.10", "ejs": "^3.1.10",
"express": "^4.21.1", "express": "^4.21.1",
"express-rate-limit": "^7.4.1",
"express-session": "^1.18.1", "express-session": "^1.18.1",
"quick.db": "^9.1.7", "quick.db": "^9.1.7",
"session-file-store": "^1.5.0", "session-file-store": "^1.5.0",

View file

@ -2,6 +2,7 @@ const path = require("path");
require("dotenv").config(); require("dotenv").config();
const express = require("express"); const express = require("express");
const session = require("express-session"); const session = require("express-session");
const rateLimit = require('express-rate-limit');
const FileStore = require("session-file-store")(session); const FileStore = require("session-file-store")(session);
const { InstallProvider, FileInstallationStore } = require("@slack/oauth"); const { InstallProvider, FileInstallationStore } = require("@slack/oauth");
const { const {
@ -184,6 +185,16 @@ app.get("/download/db", async (req, res) => {
res.setHeader("Content-Disposition", 'attachment; filename="songs.csv"'); res.setHeader("Content-Disposition", 'attachment; filename="songs.csv"');
res.send(csvData); res.send(csvData);
}); });
const limiter = rateLimit({
windowMs: 1 * 60 * 1000, // 1 minutes
limit: 5, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
// store: ... , // Redis, Memcached, etc. See below.
})
// Apply the rate limiting middleware to all requests.
app.use(limiter)
app.post("/spotify/submitsong", async (req, res) => { app.post("/spotify/submitsong", async (req, res) => {
if (!req.session.token) return res.redirect("/login"); if (!req.session.token) return res.redirect("/login");
if (!cacheDb[req.query.token]) return res.redirect(`/home?error=0`); if (!cacheDb[req.query.token]) return res.redirect(`/home?error=0`);

View file

@ -536,6 +536,11 @@ expand-template@^2.0.3:
resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c" resolved "https://registry.yarnpkg.com/expand-template/-/expand-template-2.0.3.tgz#6e14b3fcee0f3a6340ecb57d2e8918692052a47c"
integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg== integrity sha512-XYfuKMvj4O35f/pOXLObndIRvyQ+/+6AhODh+OKWj9S9498pHHn/IMszH+gt0fBCRWMNfk1ZSp5x3AifmnI2vg==
express-rate-limit@^7.4.1:
version "7.4.1"
resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.4.1.tgz#90954ecbcde9e7ae7b5000325395f86991191d94"
integrity sha512-KS3efpnpIDVIXopMc65EMbWbUht7qvTCdtCR2dD/IZmi9MIkopYESwyRqLgv8Pfu589+KqDqOdzJWW7AHoACeg==
express-session@^1.18.1: express-session@^1.18.1:
version "1.18.1" version "1.18.1"
resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.18.1.tgz#88d0bbd41878882840f24ec6227493fcb167e8d5" resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.18.1.tgz#88d0bbd41878882840f24ec6227493fcb167e8d5"