Skip to content

Potential fix for code scanning alert no. 22: Missing rate limiting #243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 15, 2025
Merged

Potential fix for code scanning alert no. 22: Missing rate limiting #243

merged 3 commits into from
May 15, 2025

Conversation

vprusso
Copy link
Collaborator

@vprusso vprusso commented May 12, 2025

Potential fix for https://github.com/unitaryfoundation/metriq-api/security/code-scanning/22

To address the issue, we will introduce rate limiting to the accountController.new route using the express-rate-limit package. This middleware will restrict the number of requests a client can make to the endpoint within a specified time window. Specifically, we will:

  1. Install and import the express-rate-limit package.
  2. Configure a rate limiter with appropriate settings (e.g., a maximum of 10 requests per minute for the registration endpoint).
  3. Apply the rate limiter middleware to the accountController.new route.

This fix ensures that the registration endpoint is protected against abuse while maintaining its functionality.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@vprusso @github-advanced-security
Potential fix for code scanning alert no. 22: Missing rate limiting
258de4a 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@vprusso vprusso requested a review from cosenal May 12, 2025 17:56
@vprusso vprusso marked this pull request as ready for review May 12, 2025 17:56
@cosenal cosenal merged commit ca65827 into main May 15, 2025
4 checks passed
@cosenal cosenal deleted the alert-autofix-22 branch May 15, 2025 14:25
cosenal pushed a commit that referenced this pull request May 15, 2025
@vprusso @github-advanced-security @cosenal
Potential fix for code scanning alert no. 22: Missing rate limiting (#…
2d12b22 
…243)

* Potential fix for code scanning alert no. 22: Missing rate limiting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* chore: update lock file

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cosenal cosenal cosenal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vprusso @cosenal