Increase rate limits for API

backend/src/controllers/v1/workspaceController.ts

@@ -317,7 +317,7 @@ export const getWorkspaceServiceTokens = async (
 	let serviceTokens;
 	try {
 		const { workspaceId } = req.params;
-
+		// ?? FIX.
 		serviceTokens = await ServiceToken.find({
 			user: req.user._id,
 			workspace: workspaceId

backend/src/helpers/rateLimiter.ts

@@ -1,6 +1,6 @@
 import rateLimit from 'express-rate-limit';
 
-// 300 requests per 15 minutes
+// 450 requests per 15 minutes
 const apiLimiter = rateLimit({
   windowMs: 15 * 60 * 1000,
   max: 450,
@@ -11,23 +11,15 @@ const apiLimiter = rateLimit({
   }
 });
 
-// 5 requests per hour
-const signupLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
+// 10 requests per minute
+const authLimiter = rateLimit({
+  windowMs: 60 * 1000,
   max: 10,
   standardHeaders: true,
   legacyHeaders: false
 });
 
 // 10 requests per hour
-const loginLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 25,
-  standardHeaders: true,
-  legacyHeaders: false
-});
-
-// 5 requests per hour
 const passwordLimiter = rateLimit({
   windowMs: 60 * 60 * 1000,
   max: 10,
@@ -35,4 +27,8 @@ const passwordLimiter = rateLimit({
   legacyHeaders: false
 });
 
-export { apiLimiter, signupLimiter, loginLimiter, passwordLimiter };
+export { 
+  apiLimiter, 
+  authLimiter,
+  passwordLimiter 
+};

backend/src/routes/v1/auth.ts

@@ -3,13 +3,13 @@ const router = express.Router();
 import { body } from 'express-validator';
 import { requireAuth, validateRequest } from '../../middleware';
 import { authController } from '../../controllers/v1';
-import { loginLimiter } from '../../helpers/rateLimiter';
+import { authLimiter } from '../../helpers/rateLimiter';
 
 router.post('/token', validateRequest, authController.getNewToken);
 
 router.post(
   '/login1',
-  loginLimiter,
+  authLimiter,
   body('email').exists().trim().notEmpty(),
   body('clientPublicKey').exists().trim().notEmpty(),
   validateRequest,
@@ -18,7 +18,7 @@ router.post(
 
 router.post(
   '/login2',
-  loginLimiter,
+  authLimiter,
   body('email').exists().trim().notEmpty(),
   body('clientProof').exists().trim().notEmpty(),
   validateRequest,
@@ -27,11 +27,13 @@ router.post(
 
 router.post(
   '/logout', 
+  authLimiter,
   requireAuth({
     acceptedAuthModes: ['jwt']
   }), 
   authController.logout
 );
+
 router.post(
   '/checkAuth', 
   requireAuth({

backend/src/routes/v1/signup.ts

@@ -3,11 +3,11 @@ const router = express.Router();
 import { body } from 'express-validator';
 import { requireSignupAuth, validateRequest } from '../../middleware';
 import { signupController } from '../../controllers/v1';
-import { signupLimiter } from '../../helpers/rateLimiter';
+import { authLimiter } from '../../helpers/rateLimiter';
 
 router.post(
 	'/email/signup',
-	signupLimiter,
+	authLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	validateRequest,
 	signupController.beginEmailSignup
@@ -15,7 +15,7 @@ router.post(
 
 router.post(
 	'/email/verify',
-	signupLimiter,
+	authLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('code').exists().trim().notEmpty(),
 	validateRequest,
@@ -24,7 +24,7 @@ router.post(
 
 router.post(
 	'/complete-account/signup',
-	signupLimiter,
+	authLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),
@@ -42,7 +42,7 @@ router.post(
 
 router.post(
 	'/complete-account/invite',
-	signupLimiter,
+	authLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),