Fix CodeQL alert for rate limiting

amazingrv · amazingrv · commit f5891853cc77 · 2025-10-02T01:02:16.000+05:30
diff --git a/server/package-lock.json b/server/package-lock.json
diff --git a/server/package.json b/server/package.json
@@ -9,6 +9,7 @@
   "dependencies": {
     "compression": "^1.7.4",
     "express": "^4.17.1",
+    "express-rate-limit": "^8.1.0",
     "handlebars": "^4.7.8",
     "helmet": "^7.0.0"
   }
diff --git a/server/server.prod.js b/server/server.prod.js
@@ -3,6 +3,7 @@ import path from 'node:path';
 import { fileURLToPath } from 'node:url';
 import http from 'node:http';
 import express from 'express';
+import { rateLimit } from 'express-rate-limit';
 import compression from 'compression';
 import handlebars from 'handlebars';
 import helmet from 'helmet';
@@ -23,6 +24,14 @@ app.use(helmet());
 app.use(compression());
 app.use(express.static(path.join(DIST_DIR, 'public')));
 
+const limiter = rateLimit({
+  windowMs: 5 * 60 * 1000,
+  limit: 100,
+});
+
+// Apply the rate limiting middleware to all requests.
+app.use(limiter);
+
 app.get('*', (req, res, next) => {
   const buffer = fs.readFileSync(HTML_FILE);
   const template = handlebars.compile(buffer.toString('utf8'));
