50 fix code scanning alert missing rate limiting (#51)

* Update server.js * Update package.json
vedicscriptures · Sep 19, 2024 · 8bd7b04 · 8bd7b04
1 parent 6e90cca
commit 8bd7b04
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -41,7 +41,7 @@
         "express": "4.21.0",
         "mongoose": "5.13.20",
         "rate-limiter-flexible": "2.3.6",
-        "redis": "4.0.3"
+        "redis": "4.0.3" ,"express-rate-limit": "7.4.0"
     },
     "devDependencies": {
         "chai": "^4.3.6",

diff --git a/src/server.js b/src/server.js
@@ -1,6 +1,7 @@
 // importing required modules
 const express = require('express')
 const mongoose = require('mongoose')
+const RateLimit = require('express-rate-limit');
 
 // importing environment variables
 require('dotenv').config()
@@ -26,6 +27,14 @@ app.use((req, res, next) => {
 app.set('trust proxy', 1)
 app.use(express.json())
 app.use(express.urlencoded({ extended: true }))
+// set up rate limiter: maximum of five requests per minute
+var limiter = RateLimit({
+  windowMs: 1*60*1000, // 1 minute
+  max: 5
+});
+
+// apply rate limiter to all requests
+app.use(limiter);
 
 // import routes
 require('./routes')(app)