Increase rate limits for API

2025-03-29 22:02:57 +00:00 · 2023-01-16 22:09:58 +07:00
parent 37ee8148c6
commit 89697df85e
4 changed files with 20 additions and 22 deletions
--- a/backend/src/controllers/v1/workspaceController.ts
+++ b/backend/src/controllers/v1/workspaceController.ts
@ -317,7 +317,7 @@ export const getWorkspaceServiceTokens = async (
 	let serviceTokens;
 	try {
 		const { workspaceId } = req.params;
-
+		// ?? FIX.
 		serviceTokens = await ServiceToken.find({
 			user: req.user._id,
 			workspace: workspaceId
--- a/backend/src/helpers/rateLimiter.ts
+++ b/backend/src/helpers/rateLimiter.ts
@ -1,6 +1,6 @@
 import rateLimit from 'express-rate-limit';
-// 300 requests per 15 minutes
+// 450 requests per 15 minutes
 const apiLimiter = rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 450,
@ -11,23 +11,15 @@ const apiLimiter = rateLimit({
  }
 });
-// 5 requests per hour
+// 10 requests per minute
-const signupLimiter = rateLimit({
+const authLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
+  windowMs: 60 * 1000,
  max: 10,
  standardHeaders: true,
  legacyHeaders: false
 });
 // 10 requests per hour
 const loginLimiter = rateLimit({
  windowMs: 60 * 60 * 1000,
  max: 25,
  standardHeaders: true,
  legacyHeaders: false
 });
 // 5 requests per hour
 const passwordLimiter = rateLimit({
  windowMs: 60 * 60 * 1000,
  max: 10,
@ -35,4 +27,8 @@ const passwordLimiter = rateLimit({
  legacyHeaders: false
 });
-export { apiLimiter, signupLimiter, loginLimiter, passwordLimiter };
+export { 
  apiLimiter, 
  authLimiter,
  passwordLimiter 
 };
--- a/backend/src/routes/v1/auth.ts
+++ b/backend/src/routes/v1/auth.ts
@ -3,13 +3,13 @@ const router = express.Router();
 import { body } from 'express-validator';
 import { requireAuth, validateRequest } from '../../middleware';
 import { authController } from '../../controllers/v1';
-import { loginLimiter } from '../../helpers/rateLimiter';
+import { authLimiter } from '../../helpers/rateLimiter';
 router.post('/token', validateRequest, authController.getNewToken);
 router.post(
  '/login1',
-  loginLimiter,
+  authLimiter,
  body('email').exists().trim().notEmpty(),
  body('clientPublicKey').exists().trim().notEmpty(),
  validateRequest,
@ -18,7 +18,7 @@ router.post(
 router.post(
  '/login2',
-  loginLimiter,
+  authLimiter,
  body('email').exists().trim().notEmpty(),
  body('clientProof').exists().trim().notEmpty(),
  validateRequest,
@ -27,11 +27,13 @@ router.post(
 router.post(
  '/logout', 
  authLimiter,
  requireAuth({
    acceptedAuthModes: ['jwt']
  }), 
  authController.logout
 );
 router.post(
  '/checkAuth', 
  requireAuth({
--- a/backend/src/routes/v1/signup.ts
+++ b/backend/src/routes/v1/signup.ts
@ -3,11 +3,11 @@ const router = express.Router();
 import { body } from 'express-validator';
 import { requireSignupAuth, validateRequest } from '../../middleware';
 import { signupController } from '../../controllers/v1';
-import { signupLimiter } from '../../helpers/rateLimiter';
+import { authLimiter } from '../../helpers/rateLimiter';
 router.post(
 	'/email/signup',
-	signupLimiter,
+	authLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	validateRequest,
 	signupController.beginEmailSignup
@ -15,7 +15,7 @@ router.post(
 router.post(
 	'/email/verify',
-	signupLimiter,
+	authLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('code').exists().trim().notEmpty(),
 	validateRequest,
@ -24,7 +24,7 @@ router.post(
 router.post(
 	'/complete-account/signup',
-	signupLimiter,
+	authLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),
@ -42,7 +42,7 @@ router.post(
 router.post(
 	'/complete-account/invite',
-	signupLimiter,
+	authLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),