Skip to content

Commit 69eafd2

Browse files
pphatdevpphatdev
authored
Merge pull request #32 from pphatdev/alert-autofix-97
Potential fix for code scanning alert no. 97: Missing rate limiting
2 parents 15c2019 + 23b1929 commit 69eafd2

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

src/routes/users.js

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,22 @@
11
import { Router } from 'express'
2+
import rateLimit from 'express-rate-limit'
23
import { create, update, get , getOnce } from '../controllers/users.js'
34
import { authenticateToken } from '../middlewares/authenticate.js'
45
import { Validation } from '../helpers/validator.js'
56
import { getData } from '../models/users.js'
67

78
export const ROUTE = Router()
89

10+
// Rate limiter: max 100 requests per 15 minutes per IP
11+
const usersRateLimiter = rateLimit({
12+
windowMs: 15 * 60 * 1000, // 15 minutes
13+
max: 100, // limit each IP to 100 requests per windowMs
14+
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
15+
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
16+
})
17+
18+
ROUTE.use(usersRateLimiter)
19+
920
ROUTE.post("/", async (req, res) => res.send(await create(req.body)) )
1021

1122
ROUTE.use((req, res, next) => authenticateToken(req, res, next))

0 commit comments

Comments
 (0)