rate limit env variable

2022-06-29 22:32:18 +02:00 · 2022-06-29 22:32:18 +02:00 · 0a51c4f218
commit 0a51c4f218
parent 4c7479a8a9
3 changed files with 10 additions and 4 deletions
--- a/server/.env
+++ b/server/.env
@ -6,6 +6,13 @@

 ENVIRONMENT=dev
 PORT=8080
-CLEANUP_INTERVAL_SECONDS=60
+
 FRONTEND_URL="http://localhost:3000"
 DATABASE_URL="file:./dev.db"
+
+CLEANUP_INTERVAL_SECONDS=60
+
+POST_LIMIT_WINDOW_SECONDS=3  # 3 seconds
+POST_LIMIT=1
+# POST_LIMIT_WINDOW=86400  # 24 hours
+# POST_LIMIT=50
--- a/server/prisma/dev.db
+++ b/server/prisma/dev.db
--- a/server/server.ts
+++ b/server/server.ts
@ -24,9 +24,8 @@ if (process.env.ENVIRONMENT == "dev") {

 // Apply rate limiting
 const postLimiter = rateLimit({
-  windowMs: 5000, // 1 day
-  // windowMs: 1000 * 60 * 60 * 24, // 1 day
-  max: 1, // Limit each IP to 50 requests per window
+  windowMs: parseInt(process.env.POST_LIMIT_WINDOW_SECONDS as string) * 1000,
+  max: parseInt(process.env.POST_LIMIT as string), // Limit each IP to X requests per window
  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
 });