add: add rate limit for all server endpoints

2026-01-19 21:02:41 +03:00 · 2026-01-19 21:02:41 +03:00 · a136dc8448
commit a136dc8448
parent 4d8b9f41ca
4 changed files with 44 additions and 0 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -14,6 +14,7 @@
        "decimal.js": "^10.4.3",
        "dotenv": "^16.0.3",
        "express": "^4.18.2",
+        "express-rate-limit": "^8.2.1",
        "jimp": "^0.22.8",
        "jsonwebtoken": "^9.0.0",
        "nanoid": "^5.1.5",
@ -4261,6 +4262,24 @@
        "url": "https://opencollective.com/express"
      }
    },
+    "node_modules/express-rate-limit": {
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.2.1.tgz",
+      "integrity": "sha512-PCZEIEIxqwhzw4KF0n7QF4QqruVTcF73O5kFKUnGOyjbCCgizBBiFaYpd/fnBLUMPw/BWw9OsiN7GgrNYr7j6g==",
+      "license": "MIT",
+      "dependencies": {
+        "ip-address": "10.0.1"
+      },
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": ">= 4.11"
+      }
+    },
    "node_modules/express/node_modules/debug": {
      "version": "2.6.9",
      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@ -5181,6 +5200,15 @@
        "node": ">= 0.4"
      }
    },
+    "node_modules/ip-address": {
+      "version": "10.0.1",
+      "resolved": "https://registry.npmjs.org/ip-address/-/ip-address-10.0.1.tgz",
+      "integrity": "sha512-NWv9YLW4PoW2B7xtzaS3NCot75m6nK7Icdv0o3lfMceJVRfSoQwqD4wEH5rLwoKJwUiZ/rfpiVBhnaF0FK4HoA==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 12"
+      }
+    },
    "node_modules/ipaddr.js": {
      "version": "1.9.1",
      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
--- a/package.json
+++ b/package.json
@ -23,6 +23,7 @@
    "decimal.js": "^10.4.3",
    "dotenv": "^16.0.3",
    "express": "^4.18.2",
+    "express-rate-limit": "^8.2.1",
    "jimp": "^0.22.8",
    "jsonwebtoken": "^9.0.0",
    "nanoid": "^5.1.5",
--- a/src/middleware/middleware.ts
+++ b/src/middleware/middleware.ts
@ -1,4 +1,5 @@
 import { NextFunction, Request, Response } from 'express';
+import { rateLimit } from 'express-rate-limit';
 import jwt from 'jsonwebtoken';
 import User from '@/schemes/User';
 import UserData from '../interfaces/common/UserData';
@ -34,6 +35,18 @@ class Middleware {
 			res.status(401).send({ success: false, data: 'Unauthorized' });
 		}
 	}
+
+	defaultRateLimit = async (req: Request, res: Response, next: NextFunction) =>
+		rateLimit({
+			windowMs: 10 * 60 * 1000, // 10 minutes
+			max: 600, // limit each IP to 600 requests per windowMs for /api/check-auth
+			message: {
+				success: false,
+				data: 'Too many requests from this IP, please try again later.',
+			},
+			standardHeaders: true,
+			legacyHeaders: false,
+		})(req, res, next);
 }

 const middleware = new Middleware();
--- a/src/server.ts
+++ b/src/server.ts
@ -74,6 +74,8 @@ process.on('unhandledRejection', (reason, promise) => {

 	socketStart(io);

+	app.use(middleware.defaultRateLimit);
+
 	app.use(express.json());
 	app.use(express.urlencoded({ extended: true }));