Add rate limiting to auth-related endpoints

kthchew · Feb 3, 2024 · 7a2cc85 · 7a2cc85
1 parent 30d57ef
commit 7a2cc85
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 2 deletions.
diff --git a/Backend/package-lock.json b/Backend/package-lock.json
diff --git a/Backend/package.json b/Backend/package.json
@@ -12,6 +12,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.4.1",
     "express": "^4.18.2",
+    "express-rate-limit": "^7.1.5",
     "mongodb": "^6.3.0"
   },
   "devDependencies": {

diff --git a/Backend/server.js b/Backend/server.js
@@ -3,6 +3,12 @@ const cors = require('cors');
 const axios = require('axios');
 const {connectToServer, getDb} = require('./db/conn.js')
 
+const RateLimit = require('express-rate-limit');
+const limiter = RateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 100,
+});
+
 const app = express();
 app.use(cors());
 
@@ -114,7 +120,7 @@ app.get('/getSubmission', async (req, res) => {
 })
 
 
-app.get('/logout', async (req, res) => {
+app.get('/logout', limiter, async (req, res) => {
   const user_id = req.query.user_id;
 
   let db = getDb();
@@ -123,7 +129,7 @@ app.get('/logout', async (req, res) => {
   res.status(200).json({ message: "Logged out!" });
 })
 
-app.get('/login', async (req, res) => {
+app.get('/login', limiter, async (req, res) => {
   const user_id = req.query.user_id;
 
   let db = getDb();