From 0a51c4f2180b1d4ea9d3e8f1f2a73695311f03f3 Mon Sep 17 00:00:00 2001
From: Maxime Cannoodt <Maxime.Cannoodt@UGent.be>
Date: Wed, 29 Jun 2022 22:32:18 +0200
Subject: [PATCH] rate limit env variable

---
 server/.env          |   9 ++++++++-
 server/prisma/dev.db | Bin 815104 -> 815104 bytes
 server/server.ts     |   5 ++---
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/server/.env b/server/.env
index 42cc3fd..7e0a02e 100644
--- a/server/.env
+++ b/server/.env
@@ -6,6 +6,13 @@
 
 ENVIRONMENT=dev
 PORT=8080
-CLEANUP_INTERVAL_SECONDS=60
+
 FRONTEND_URL="http://localhost:3000"
 DATABASE_URL="file:./dev.db"
+
+CLEANUP_INTERVAL_SECONDS=60
+
+POST_LIMIT_WINDOW_SECONDS=3  # 3 seconds
+POST_LIMIT=1
+# POST_LIMIT_WINDOW=86400  # 24 hours
+# POST_LIMIT=50
diff --git a/server/prisma/dev.db b/server/prisma/dev.db
index 0fc7f042d045bf1da1c84d38fd483a79b657981f..82933cbc6f7488187f0cdd7ad43ddc9c50e6c02a 100644
GIT binary patch
delta 15143
zcmZ|0S;#bPnkLj`PuEOafAK4d^mKLibakJMofNTeppLQc`;w7)G8Oxt85xnW!jRPp
z4h0@KBJ_bEeISkpBDMolj5_v-AakO~9H@xWsOX7GE6yN@;PW{;|KD1|8~J_7oy+^i
z^Tc)E*AhSZBjhK4g!~IX`2Jt}g<trE{}3F%430neD}SE)&R_e3AOF?QFa2BK>A&;O
ze)W^T{MAps1CD<H9KQ&TKlQV(e)3EI+kgC9-~aj#!3%!j-~IZ3|N8HK{Xc*GKYab)
zfBj#7{a=3lpMCwezy6QD{##%F2Vei;@BOCp-GBaP|F-kp?|=P|f>-`~KLihd^Ebf5
zzyAa9@Q1(hdw=^cei!-0AAa@QzxStq{N2m1e1G`9{e9&7|HxN==d1tptH1Hpzx>r-
z`sy!!#e(WT{p0Wct3Ugne*9hHd!Jwb#lP^KtS4X;W=a%>VXDF3Yw{}FtseT{{-#Rd
z6{x~rsy#6;dA>Hk_5W0ngDh7VMyToeUY}!GkW4lH@S7^pw4e%qsm|H-AZj%G&Hual
zfsq3rzkKokRbJ9ZhcB<?&;9*3?+g3}Z^m=*#dtcNT{=;}@lAC;8Sqx>OLeBkWh?UM
zuYapbcV9mFOLgh%c1jNH*S@LtT?T((6j`hHdKB<0-$?ui-;}#z{_@3Ns;_Z>4X*+D
z)o-e8{^fj7U#cmIkL!WwfA*Vdy@6jEhQCyae#@%8&3@(YS6}6x!Z1O+!TI>hzdw8z
z9Df=de+C@C432;BXTLvuFGqj&r~c@B|H^kizx`+a!Y}>OU-|y;e*gb>k-qc0fABls
z`8U7w&*=a9-}*N~RGM=+>SE+_bC9l}i{xR28WriLgI0x?%A_?vR`K4q;vI@zJ((Ve
zJ3ix*%C3i`D)6lM@3CD{jJJd2-h6ibHt2Xo$Kob5L7gVB$1wxmbI8&^@IbZ=@?<i2
zA2wLUv*dY+sLYaV*`j>+dM&jwb8oN3(AVqCuMat-svWj4bY-CPLEIuDaAQK)E6zC&
zBt~a@ac)O?=0{LCLMUP%m2P#bA^Bkq-RRV7B`b)4)dt&n<D#h<%GA)i@b011@@%W;
zSy*bMf{;Q+z1Hz_O%nM!HP#uo$@tK>12#3dSH)4b=Dxf6UDYEdOd9&jGODvkrETo|
zsJA7EYPB*-KF~1A=Zm;KA8UV2nU&jOguw07%h#(#wRk3}+Tk)@EM8EwXQzgt;kYsn
zOBv<%sZIM1Sx}T;jX*h_T6f;z7S@OM>bTgCGOZTJZJy5_n-DuKlob{58jeNm>~-GG
z@AT)^BD)+v<xsL24ppE2d~L4`e%gxZx(@XS=k7E;G~X6~WyQPJ#dUW%87sNBI#~pZ
zM_&g@gidbG>u1@_F<3z5$Ph`f4G8HCujQ%rX;2ZJ-EysILxs8A_H4>&KebcplOprm
z-%91spW!55<wIXk%wJorxswpaX{0K?RTxugu=B9wWpeh@9qTL1=h`cU;$w#FC(XCe
zeY(v#$=TY=UedUa>>BB*lb>)Zmcm94*~t>O0cPIw!)$UWS<nz_$^LWmi|5hbiqvVO
zOnvWN#&#TjAP6odv6r!PI_DQ-LgLF|%*=(Pp4vY2=SGDoHqcY>NRCQa<jH3zt>rZS
ze(F+&EYFQc9uK6`*tB^k#KTg%QXgPB$ygfgi}JNV%=%`B&+-y)W%RtD=5Ps+`T06b
znvM|9jNaC!V$uG7WT{v-r&Mw*9(1My+faFjqKNIe-9W3+cs^bXrd%NnW+b_st26AL
zSe1C^!DkJGlGgd){jB3G8+y(ByQkoqda5^c-%|9$qB~6B&vO#t%!BQ%-S%fKPP_Xk
z<B%-dgPQNyLl)(?*dg^Hy(M4u3|EQ0VPxn>XA~`JP<~q?%HxcNOKU$6M3@>KzQgT%
zaVO$x<r*$pmnS&2%v&-#VKW$vKxvpn=}$uBNJd}?%76xu<p_;aSPqj6iXbRPB4i3D
zIgOwcLenG;69|Ep8I$Ed{n2mzN#Oc9{R05kKmK?Bp)bJoH~)`s0oQ(&j<;91DH==F
z#~!obeQ`up^>rq%m+L4!_0VE*sl?rokwXMq>Z)^7h;?&wVxI64l4;|IfpI|a(k-_e
z@s#SAJ+{InA9eONb=E&C=yAh^!I>RLD6lE;%j?Y1oElvRzY$f^JYN<jtmo&#VdA8q
z%;|>K+QUX=yVZ$C))O%;{Y+$V4hNhK^-C47cf+#srl3nm&nW7_1mIF+^T`-^G2hJA
z9usplJh2H(?yV<kB@Iq^N=zvmCiC`8%h0J*eI4(MEnFpLkk-ois8!AH#G*a-iMZG2
z;YX+<H~6i`)Mx2kl-Z7QN-z2;SRzF~883y)LqK>TGVFz2@35=iS4`>>`ZVuveHAe>
zSuru238ATR+t@EoUzy|cMalvV83#kz5qz=Ya}tuIq(0kpWng>M?w)sr$azQBW}s~m
zGL{Pw6j*TDq326?R4v9}NeHO#$}~~Yhi@?#B)sw{Q&QebdeFDX(-~X|CQC(hSA-4y
z?mn&a7QSwmS1iqVfAckouz7OTER-AwY!<ZRQxi1!2t0s2`Pwqqn|&4hdd7@^dOG!M
zsN>aF`u2*qhyDN;EZDB{quXME(K~C)wt1ozxxx`hnnr7r*wG@M7dT^;3ccvh%QBsJ
zxJS|`<***Q@a;|?5Mv{_ajulHu+8Uy{ca@}rOndPa$MqExp5p0<GmNkoj~&z8s(CF
zZU>j;roMWE)D7M}-nEOF-xvHbhRD^t0n}ATtBU8Y=fbJ%dVlIm=l;&3V}Q*Y*Bv+V
z%HN@+4|!W!+2elR9;`CSpVWYdjHzS92xpl`x#U_MSvKi#{-)Tr-LkR;9bhZVQl-P9
zljz!Ga2X0-uhlF^6{2t3i(vQHJK8Sv8jsqucUjKHf*7l)K82C_zAu~>9}MjVlF$t9
zlw+8PGxh!boS2X0q3!vsP8GnD5k<Q0k^1fIYLD0LKB^v=ZZm;aFNVE|yIjo6&~DWW
z6;yr?o7z?ueKTJ-)_rXrLYbGW#pQ&!(jpnR`A*GO(@%oTyCm0hpzp*(g{OpQD#NI2
zUo{#3Q&)-Pf%QbSyU5IOC@AV1RYl1t$O&s-+m7nU%t<wbgx=jgJQz%|6j6|5Ml&h>
z1)|C#$q53<DKx`~q99?c$O#-nFe1Z{tjKbVBGV!%D6A+j>ib}j{>AV7@h^PO`R?z7
ze}4A$AAj$^`OfEu-v+avJMIE7`}6<Y4*;0`RqI#30W;<(T3N)o$&BDayX%$Br3`^0
zI}crPT%7!ZFsU?}-SF<#^6TaLojP<EPDSoZA`;_}u%*x$pPL1Fe4qqk$*QSz-In(=
zbzlAAT=h%RUKG5@qbJp0dl79^17}1^QMZeW#GZE{Z}p2LbF}929ir|dg2llW4<2hf
zkBIBEcYGNVQ|;Kc(YKv!v{|*_NMfIC2JIfD2D|wgsW`v$cdSN^(ePXLG-ggc7S5=s
zR5Wl!)cmLkWmk4JR6MoA2+~XW7MKOJUg<=^w1`tH#guG1s)0?7k5aC>{mv4xUAg_P
z7v(jWS6Ww#bh$e8^+`|a>POMtHBIpdKa4z;XXoNa*gn*n<Q?Cd69fsLe2ZpR-U0pn
z*zdPzzdEyMQYJifx5$;^&QiU#e0nW_o*;_`HjR{x=_g_<qx6Li$u8)UEP*+t-&JAt
zFUCVKhv9i!(N;6ByU2+#D<2<rmW&ikCKo$8NQmKC6U{Qq;w-8nchZskY`wb+?rv&S
zj4;<|%9M88eB>_?Eh=V@*f+jZYQ=1ikbAFTj4ZlPnsYn4fiB3k@Kj`pn>qpwI?HCW
z$_6dG5$Z(kxQ4ub!ZI5-%9Xe%z!3g^yB*5y*2HHP8nj97%<UojME>k99Uq;6B#R6w
zU`)U%Qp4P73tdBO&$s~5X!YSO{b3y}zOod5f!xb3-<h@XkP{*&{&=g<oM}RRgGsM0
zcj|RGeETsSow=o2gwO~4K5>=rZbPpfkQs|PSYUm6I~??$OB3#!W|gRdE2ATF5lw-^
zc^gd)^1==4UZI*OS-F~sgG@=aJQeD_shr)-C<8TPyfi|&EmLhpp2P0<exCh&7<J_1
zN-7G@Y`j3%!Ysx3RinaNovmxkyl4y~CHZca{dvY)d(Ni^d63PjuVKUwG*h|kMV)Ws
zm_zq|a5aiz?g83x)f0AC%fe0H9j_Xw-4y&{i{VIyF>mqXj1V-gDfOdLK2YP$;#k-(
z8rAgi2=>0HBc`hFbQ1QDI5ncYR;80u-gPzF2Xn4Up@*70=m*Wh{Q7zljc;OwL3;V%
z*YNd~r~PxMH&(MoFUI-D;=!w>h^(N^7G@UjBJ-{}pyUMu2C)xWq7+`1D3YTYoaQCT
zWC;Oh2wi3{KrK4K$dZOrG$Avh#8V8*QJf)*pZ@4K|0Hnz947t+xPG_$0$ghQ4RFz>
zn!U5<VF(0sLLZm9A`|)a5tI(M3Ohu~pM32-UF2eOT5UV-x67mguD4?2Q|I~gC=hDa
zd`a|pAqz%9n1tc(RQE&)!UoGPRA)&7R`=s-dn=1rJZM%di>kU<#7bzH)3_EmE<}{+
zHTd&`JHitd$05M`rZ?_PrVn^+VraPPGCq&Ij|A_C8eqb&{C8(;Cf6lkAFhjZKaaY9
zXDG(si#Ed~=d~9*FRoPDyYl=V3-_2s@e#!kKNz9FU)Zvsj-v=vrM{hkt2xB&{qYAS
zyHv|TlAxK2kMt=C*~`>o#e7oYQ3KeTUhoPlS4=9d&*{+^v19lR`MmS6YPikQ8|8xJ
zNIdB<e5@DvQjYfX_Q=7wwdeJExl3f2jLut>n4XyYTfyt|6`Hm{PYK-rBpa8qdB)!t
zUMx?MvyAiV?oF#mc>ZSI&tlOzHA$b(%Xt|(crW<7kEG%5oM8#((Q={M@#VmqqvdcE
zE7}E?paqJFi`ZmMPv_brzBnH8#w4qjO!m>fuQi!I9-8aFwVM4*(PN}nMzxE%Xh->F
zFt|}gPuun$i7<&0;7(pTOvG?oOszrBb$63x(AqU}%5fn0ZjN>seGfE3?n>9uTaV#S
z`o)*cTiG@o5$n<>p%HM)g9(6W(eS5l(hGMe(w!TtPoi^gaMC!Aly?kzlQ3v~_~eq1
z_N*TQ9edIlQOR2QYPl(<{o;)1T=`P+Wh5n?HB2j(-pA_{dk9g3|7}-tDlGiUCtFhu
z9>1#>?Rvqy>GD)g&TG^a!tT0t-RokH#rY%jRhg_TXn}UDG?skTd;Ts3tY?9t`WAJ^
z+!DJv4q<8>>4a<}F~{$9D5}WnI~8SRPiiA)^hX->$W*+r$>?X-L3pKfv}RCH8-*<f
z&S)|Y%vbCr@=0+r=E}hsm~5?2AOJp~Z-pFK)7vcfQhX9w@QRE!dyMLNu9ccQNeA=F
z1Z~}POLKtXO~=RkYbSGPXzfHwCJ_tDh<zYhAGY`T=^*%}uZ=cG+M|r`olikB0uiEl
z4Tk~rOD9)r0WoNv_-I|O+6l3~0DFm#Ryf`vakNH?osy_^LyvOVMCjQ7AO1_wDkwt{
zj4DeiC3En@6fjDrNk%4FfzTP4fbtwgz>tP8B~t(a563W?CIEy{B!iJzf&TPIf9~7B
z_4&CX;TPokOVStQ647svixEk#nO)69G^xB<Y(O`Dy;Du7W7`nQ9>;QbUM+k4Lh+Fj
z)ABKsRg>CR$-u&XQ(n_%-j7SDgPx<_v>sm^?z4-J0YY$YvH6}PZN{WfcM?cyxdn3(
zWCq)!QqA_nDq|{lCqci_>3O)dgU?7sCQ4GkJc0*wQ*Ry~hoi1kJfGEG^+q|kGAG`j
z80<s}U6@HaULvAjM(X0e71_GJi(UAbi1?CbR01j#-{8C;Kukzojy4C&Ev<n6B(_#*
z%~fiXP9p|IaUh<~gIC232F&vqpW98p&NKxHP;q<mP-*LI%PUr@hTV0$Zccxq6PO*X
zYZDz_fy@x~Shh#9o_Eo+KdURV-c@5zVTHknvczWG@vNam&9ymm8NrdZM6LQMG69Ul
zR8?y#zVeGrqavze2F`^z?^YuUor22?3Ka$<K^L!53}1rkOs(ZQuf<dX_{q_OD}YfY
zC65S*U_I8qt?=VXzH@b+2#=JJNmH`dat%z5UWHZn4Izl3ULF@dc|ZgQ4XZ4oOf9|a
zo2FPbqz=;TSFf4v(qp_On;;p<g$lr4ydx=Rrecr}jQ9AW2d(IqF>6HGEymUJ<C+4Y
zR=5Bbf_V)&7w8F}nmMfG>OCtVz)1TdCM}X(G@$&gftkKr^DbFhBJK+WOYq<x5&67?
zT2MK2W#iAe+VM9Q)dbvG=neeoJR&6gRusx|BZ;I*Iz^TAY+w9)CSR88cDr<)a_K(#
zu$;Ivp#J^-HmD|xa0ScM?6G%yjCE<@oBc>Vyhmk*gQqMEgZR;~=ip4T9+PM5>+b03
z>nXeQ42gL*yo#L)o#X@r_)_g8IJJCv*P7B~>PA$I=SaEl2Lh&;9;vV7`@?a)Ne`hR
zxp;bgWjRN&>)R6GZfn($xdAHRU(mDRuml>^SYxx2L!ZVS!z1^0ZQ%+mV*SdWl!4?%
zK@}?6ZlO%wtR&m2+iNG%a>SY7xN>V^D^*(hsajEQTk$+tBgXABD~?`fPU(=GnLqa^
zMbaUna9$Uc*l`e1XYH4o4szF#&}8x+4bvB1!~?aZMvjo`HE}Jh2zJj?pO|pps>@NY
z8#*oxzBZ}M(|29A5+52<nt`bTU=@y21qq&@I6~pS!@x8}r6oq=U(l*dND9MnAmXPa
zL#0KY<ylr>ScwtLU;pFp{V(77{KmJ@3;B5-#uxCC|H&`l_4PmT4R}F(TDd^GN9ZR<
z`Y*`X-^Nr*-CV3An@dL98q^YxVR;>tM|r1qvanQ$K(1jG<JMZQSCe*<<MZB<GC!S7
z->*$G2@2=!H=zRLh;SntyH`py#Iez^s1uQ2ByqB}x@V45sXsq^tHo|u+8|RPjPGpS
zt!^CN96}nM4pFo^;VooreV3Dk7I%~0o9As5sf(B1T@FUx*Es&PFK~^O>GQT#6*jc7
zz3xP3j~MSYQ@mpwi(KxM0cM0*N7!hwiHNn-_}nGCS^8>1oQ=JQNoRFbZ|nq5!DhG$
z@{4u#epbtK2Br{F!<~QKWEYJ30MtslE-FaTUP1y-AM#ENJ3+qENd>SxpivqpZbDTm
zQmPQO+mq*}+HD=YW8QeM!ns2ouZ}@(@pSZ=uN<Nc5qWyUO<*-x55h&DH_UfHnZ~lJ
zSzi3p2ytI?uSRYQQiDnrhw7F(&0W+cZ|`$LXc@k?etEg0Z1cMl2$}tkt-!p-PcFx`
z8&Iw~%swGVwt~x6vpGpLR<pKr5GgH1XQ;DaZqg{(?dVR!(O2k}HSL3v<Q;{`N)94y
z0(!WC+z!OL5$=B0x2PQERM|=96S9Y(^OnuwMe`8xR?BjaqF-0zRlth&6!%SDD2bs&
zOR!xSU;6v&<)P_WNAC-o!|EXRPjo(oP@Wtw(w`j{fUAkr_1R1A>Ray^&fi+UJ>J)*
zk3zCjS-8*kOUat$gsUH#eLm0Y%FQBT5%;$+!`86Vc-t^ngrd#7EFYJ+0F3^vkv^dZ
z3%l%xh5F3E4G^a1Zgm8Ahwj7O?Qf!WNNnWL52u}6vC-V=0sM%UyzJup7DPIl2A8Zj
z;$wV{-i_td$H%x)zL9o?J)BAdiDA}d;(BsCYCEs;iXi85*(d=$)b;Ty4S54_{(NNn
zI>t7OG4KKO$LBqP2#rvvQRua&Pred=81D`F7~cJ4IPZt$ZO(Nnc^z$}TfL{c@^}e|
zii=SG>3wBDdD`c@q2+IWIxF&BLZJZ<5Eu1Y2RaWO3ZL?p_Vrt2%}#cu$oAmdWkDWU
zYXS+^8#d7BswZSz)qcD#w?W#@(pZzpSJt;2XvJzr(}l$uWI34KE!wl75vpY19R5%!
zNz)~Rk`zTGSPt|qI8DK`l0q<&05DaS1zs>&iqbfW6<CU*2}316{n4-gN#Oc9_Uael
zV*kz;;QHnN^&8;2Xwfa^ueg$LldFF`B$CNExgWcjIwY_of!0~iXh&;uBJdDuoDbkR
z+yLhWeTD9jmsP9rR?bAUqUyV@!5nA>ZhJa@aIIbzq*Tm`RaTOk2D{1KT>^G8b$OSq
ze1~cqw)X9byB)D+L`P$n_0vq=_(%^hQyW|-f_Wz3<wt@X29RG5K`kT6Bk%g4HZBn3
zh6&%>=tW({$x;}9UN<F@xPYFztA=PELtgZ~)+iMSk712*P}y4do$q5Yof-4-%<+ku
z1{_y!DlmE(B`Wg|YS^V_2kvvX*G7$D8>oDf7%rmKQ18?UENy%?nsFD>;+a#=!K=g!
z1#s-81mP_}$CAQxag1EKw3y;ITI<i3_ozt1rpBXA2rP8V=~RZ$Nal9x%|zLGmdTrS
zrhC{5)@QiM>M{D&LKC|qRbfDdgM!lZYzsFao}E5f2eAJV2g<AW3y=Xh=AE0y_L{<Y
zM5BnNZ_O%?H*S8s9#6KSJ@l@Gd_nCu)0D3{@RPQShTBOHJ<a15vUmTvz+;o+4)A%!
z4@E<oFY-PbfJU_WG3KqPiNb{BWCHGvkJoV1XG$R4(~8tZ;@LN2`5D2>LlYC_o%E6G
z)5`|7@_mIKVGX@5g%afOSRB`}tGbS&Zx+HA>_eP4V@2nPws{~Y<y^!E5d2Bq&Mk#C
zVwS51U$-h91k7L?RIp`4(fP5(zx25g;ysRxXmx?yv3(e9#fFrbx6bSCKENMOX~>G-
zaxMn0s8yKqJ-Zdq88^j)66b?8?w(o~zR?e0MNa@*p=_7*I70d-0^1(YH;R_2yCVm+
zYp0$G)rpDCr$KvDM7}SA7v5^0$^F~7OPClU<<%?X(}rSsk9zrHW7!&ZG-a5P6H%1r
zBG+m(-_IFu{8Z<uww~xYVdpKv1HD^QT4p&DVPR)-KiD4l11?JH-WemJFN$J{ZkIK8
z;(cI}4^%W|$`@o#_~+WKjgaMm(AFUYuXd}6t5h=Wq>VR;6c~&uqGCaeW^o_2vBzgM
zd6mQG3V8=L?j#`D7`4)@g5azH6fTfdeq7w~v+87}MmS0R^&r4Zrx#uA9JVg!s6-IS
ze5tsN%1azSY>qB-pi|@|MZgHqL=q|k?2ti{;)}b;WDJ3UDJw-NG{=b|qlm055#Tn0
zkqp5SfO9|n(XV|QxIV}}|9_(&Uy$pc!oMKbcYpW|a?$>*jKjlMVIsWkr_m;?PFK(D
zR(d|d+g*Tw`NWeB7P#1zPp(qt-FS3i0?@~=D{lAmY3bGW+ONbmVr|{+RsMm-q$=+|
z#$0Q}4=9Q1FMw)Zo@20+RP8C1{&<h~Ev31~8j}J1z$%>~#LBwB<Do#D$zO?gjZq5X
z^F{TfNz*5q-od83wQX@+`lK@H(KPE!Cw{@ouwU~R<VRS&g2W2{S!{u<f(sCd(Lt^i
zpclRGDS5NJ{eWHd648=w-Q5{2uQ4E<*U={&41;kP8?sS-6;J=Q<&xkyK!b#hH<rE=
z>Lgxd?A%Hp!dW>&ugT6fidu-ydE>Zj@$5tnWo8fgI~sj@Lts>I7d$%I@0!wONTyON
zpcwkSetQ&74BM-{Rj4vnG*#V>oMoWNeZJ4i6)E69Z}QyVp~|kq7Nyf#P@!iBE}!ze
z2m2!dB7u&s%|no|fimbcZX98C-gTf-bo<~T@q-s2C4obgv$mbrrPjmrwlhs?(XmDB
zGMzRqG32B%#yVFo#wVGuKko12P2PMKwS!&=7!<hlD)2LLR$mM!KD>PiXF*^*;{;^h
zZGqJ_=7~SzEb{hjkC>RQ?Ao_w9#{OMizpC5hvh9g>FGbZTd>%A+ZW?`i9}$``A?(>
zA8)>1Z%&|_!b0H~_j)>6<zLl$SE1IxAmA7?cW0ijIA|<5)Mt1P%q{KRKJ5*2?Bu@D
zINf;KB(^f@w-XTJ>e^Bs*ZzaoW8CcrhfLf+)_XIzCez{7o9>kRoq$;s+H*e9X;BBZ
zc=KHB+B|#4#=4`HIvIBl=LKRjMPP-YignRSboIcUzG^k%OtpiF@-y%V?FJp^Q|iP+
zVNhKXm^1?;^0jk5cv2}P)yy~{)7u&t&T(w@?H1z7;rCv&x5ye6@w*|FU;}}k=l&85
z3fZAJPjbO8-|V$!0?{o`%)xXHop75iZYCsi@7H5yor9+Qa9+7Mxzsrn9FT=u)5T|+
z2*q;1B0pyM>Pvgs5Fc<8_#SrIJDu;stIT!4io-<;3meLq4VdWRh>uSK&zwhkAw*TY
z4wo#<P4_;*lgv?c?Td}8`*#QBRwo@jfaR<~RhYIP7&fLb3E+r93Wm&S5>63@$`j;w
z7y>3Rk}MOP$w?3sLlc}X0k#3T9;78eqN0Go_*I}Z_V@VW55A3F$o?gn_Wuf|eF3ju
z>j8NEYya)HWO`-=o09Qy*3Ifp&ccg)NKb-+WwssD4q807?{HVw3rps#$~^0<i8100
zIFdl!g4etB44#?Tegs9@Rxw`hl(J}44h(2fJ=+l;=K{-SbbnKrLa*GLzXU;B@16yG
zp0_qT_ZX<mvNoH+%2`(^(T--KK$79;z=qB??hcVMjf>$n!m|^C=%1gA1X#~TH}V6p
zg@}g3s1iQu;47Ctt6t(VMYzAh@5{&nS#<@B5u!46S8Q<vqTF2)dxxGU*nT~2#-O=y
z$^53|USTIpg;ynbeR+Fyn_L>F)A&JRYgUQpFbSR_;Jl7yWW;#2jU}xgKIfCV3-!bK
z_;gxndFO!6v-C*O_U2Tj8Ya-%`P!2esW)jaOo_FOXxcJaah6LUQ`^T*Z5BQGQnF63
z#mvGz-o-ZVNVw;lS}&qpbIug|Gcy~cvhd2bcq2uLd|h0x#h6Gg`236PtL&%t70^tz
zOT9qV<hCwrU#_*>jvRDpx*d(qcl5yOh9y<@Y>iyI19Mvk6ei+~RL*n?cu_;RG|RA|
z*c<p5K$esagzqu-LKSmms*N}>*fy?&r)dM#=9m+Mi4wy)MHi08=V~{R#a>s^ell_&
zCP$=}%f)#mBo6F21HE;x^Gf@j@Ap1gxI$FVCPA<FBtQqE04UT*rCrsKP`I0YOW-SY
z?L6@o*$FE63-X3m^(7|{b2wJ@5tUYNNmy~k4fFaK;Hv&07lQLh0asKvPcgsL81nR_
zC+8qmD)cmWmo~2U#0wBU8|IXNLVgZc^)ZoHq0$e$1ep6^LwE0LbUdyvZ-hjxc*)z4
z_Xu(@;f+=kBnq|s(F$%vr<2~9OE?~07d1vLd}O2wLM;|q<?1n0dm((k6bEj%b|6ey
z>4J%7rgzXWKgCBuB)kK8>T00}Os2d#KoJw&s9Z5DXy#5s*s%#O(zCVs#|ws7J>JI`
z@GQ*8Wi{J@l+r{9s|LM39P}ONvG#|Zpbj@)whY`*+PvbIk$)vxd+jbg+?Kak#bZ-F
zE$W`!^}DlU@9x|)mnUWbK=O2b5{u|q{qALX1jKp98}C%5tru;NY6+FDkQ-aF6p$WF
zg1nt$g>uEd`4LCZEGcOM0rNVUB_OFoAwbJYaDZMU#*_%~71KOLzeK)pkOTW-EHVj|
zVmL;W2})r<{n4-fN#Oc9nb|ME^^g5aUx4es`WL^Mx}asSycX%YifZBg(@%T{Am(1A
zklA2yBjSbO7S7#iobs9R!e(algYt(bq8@GtvU93)0kI%mA=oytgy{`24zy2l$F7Qm
zbV)DPA-p2I7q4sUJBM@w6NwMw$B5!j15?g%duYj-32KvsNcZ7qHr=~K<5607`P>O!
z)G~(y3Hfj=9i-EQcGV2QMc@W!%pch@9Tzw7Kx`stz5J;++MT<zqyNgGvk}(g+8Jyf
z_a%b1PujmAj7eY0W1FFLg-zim?JMy84EQ*_2Wu1c2V{>=s%*L&5bN8)NFn%Y=JPax
zK$k1l#cgjz$f0<$#ucZMg~aaQ7ZVHV@<?9`46;zwttH7;2f=NSpTQ|a#Mmjm#|FWY
zuWOuR#8W{z4HK}v#X^Bj6gP;ezRib6sPD-K<q(fxwG?zMU3eD}8{3GJ0%W-Meai9t
zN;KhneUK#I>b?kccv9gVkgn-~?qrG4=tGOD@MmzatbTa`#asl|XZix<qrZ79HmJ*6
z7Y(eI8K1x`gLKmp*nK3l7}9kiyiYLnYRag6?&Z_<K$UPYcLv!(a#2Fasb|IPSy19`
zb3vpsT1FYf(Oh)BotF73zu=1Dl8~$8fV4=}Qusj?ylty#>9s^b4Wwb344(Q~`xRH%
zRVR4+De%@!3&P&1w0r$o1dF_%MzMjdo|Kc&M?rsmS6U`Xp05Q~F{kP6y5*`bdav*q
zcB1i$TR!%#tn#eigWQ1O09>Agjs|6NjSd;k3^}z9Akm}w4CvmbxaW?_r?EiyTS$}s
zt;!Fwb;bU@YM+NE7(&<!x2OGX7H(}{{tfow>e}xdxmE_;_^cKL+V<>imBssd8<4GP
z6ythdp87jb-n+A}%4s54l<AS4KKH|4z(>=<=-Wy_tYwY3O3pffJHXBXfeu2bZ=QF%
zpbps&U;)UO`sD+cCAD<kG6nbLQJHykzef<-Y-5tCP9EWyC2Q<mkg3q^y~Q<TR(a)w
z8V!$kIOB0ESt%Zrs*VjjRigJh9*C?DT-hpf&>66w=d1Oe@H2$S$ncF|gBb5H*AGU&
z>A<9t-KA~h)@Gr*5k^20VFTibJ0l%7LVLggFW3UIyb_||GD#DVdZH+pq8U5|c}tqg
zFcKpuCIM8EA^}6p2@nATRFTHW93&<Ht;9ia70apYr$73$-v%zg7k^Hk{|j>c!@(Ei
z`p>;@kn1uh_(-J>Hoi(7;xTTpytJWVS=9%pb77CAs?4B8<5Rpwb#d6EG#2T|GnE#c
z6<A+X-w$Qp-h;}W)7yhN(0}Yjjp)Y=(PNy(J8KLr2%M*OFOmK>MDjuH9`bBJyL+@c
z5jaJuy?~!X0Q0tiYWC5HE|xa}fmCeM_m;90W9~|;2rg<$f-qKpYN)E(8HK(GX`=YN
z5=XEH(}k(F3VDwom1PdDD$;lo9xzCLy0;9ecg5KrrEXAOtXbskF%>Upzn<eoP4B*v
z?~~WUsm38=L}MZSxKKvC`<1G7f^iiLWR9RWZ+QAe02xLnzulxDC`yhArCo#CyTSOm
zRP`<;8}7%aHR7O3LawA`&GdPLE;4@`)rWDqY@x3k81gS^oQq7fvL2$f0~>%woEy-E
zG*loPQ79z})M9l(YApkd^@O+=5jE9!%c-4a5Oy$uaf2Wc?Y@|psQB$IP|=B6ic(cS
z<I^8pCV8Ygm;x^s`XXOADQ@<|sjoViRNz*A$S?0Mu(iFIX0<Ojy_=txOr0*S+eBqo
zNBoh7{%nA#>cd;3bt7p{29d^b12CTh0Xto8C|=c@+f=mz=8$6V271D8+_ZiSA0=|w
z>8{W%6h$o<OhZa}e*_azR@n1WwIGxH1hHU1Kd%Of9T02n@3L`%>-4HlKJ<?hQIJa4
zo|^k&GQKut;6Gwk`@n+ElhM{_^7=*!4-m^WVH_w>fNW)27!f$C6CVo!X_^>SE)=WE
zN8Do!xygplv$HdUcqWkQN>v7SY83Z~Qti+Kd!DG`0zFf5OAKXFk|U^Ey<^zJaHG4!
zCK}8g0YkQ;nGgD<xt+WzQ|rBrWBiO6dt^5~B=;k~HPUhYz)WxMiFW}c{*1EJ?vx0G
z0)q&MUvoAH>{5zU=UG)YT;{7|kHEi;(8(T^?a@wP<IyPnm{iw@)E&g)l2w>j`)PxO
zb&TBwe0XvR*0m;~<1FwfP7ria4MJ8?0cbRGCAuGr6>|t%P32G%(Bw|t$UFiCZb)~v
z$ahy9dVkTc&)~wr?vV*%v2K@c0C8;A=Eg1#agVL~>kXDA@R5m+0+DEcgi-gLCJsd3
zG`e2fUO6$EOfZ5-X$k{3TxA)|FgT88<nPdQLZ%?NRnTNn!YM_f2n?45$VOxd&44Ux
zmH=^|!87Xb@x@>HHhLlZ&$->`3wZtV|M&&G{*(XW8}MRUy3o<L)w*dU)@>JXHXZxB
ztuv}zTlCwx-R71Af?9=HPLJ>+xZx^%PHotQWx$dAuD7iKvmX+}=ITJ5uA4npSJYv2
zx4x-`gwm?p;}N0RG?U50Hy^L3Y1$9b>fTLSNvOG;)_Xz98&9S#N4q|qhv5kWnDl|k
z;qWpH6bCz?bfPoC?K-{b<nQ}fRRjUL{>@o<Z?IDT)7}Tcoj^wTUZZ)1kKlfR%~RZq
zc7vP1szUJ+F}5Q5owm*|Qy#8C?JYL$zwQEz>s2RRIdFlj412JOjmU}`wW+5)Omk)I
zrM7_Qsy7=C`0%JfJk+9=9J<FAxD;0MxG8-+Vz}&A{0fw<lm#2E4RzAU!Mzn5b~l#L
zOy;M#OJI73hC67dBKEFOFd({U%pA%Rx9=kFl#>pjNUiY7o6;AbyAik(<#rY;*JEI-
zcV@hXL3MQ#L5c<FqT8O{d#E~tWWr~A!N?+CTFwYjdJg7k4|a;XvPUo7MWpUPTtVw2
zND+~_zcAZkIU5LV!nZz9o68~CD+uD=2Vn1G7_^Y_7{tlM$am!(Nio|_O$g<-Wg2qM
zWBQxgRx`wRKfE#GAdQ19d@faDo|xNpkcR@5lra+LMX`HTy*Uid(M^!=Z-534bhXM?
zuFPcc>SM~(Qi=1{D{2TNZ2L;d?X#dHAT<{bcTVt4GFrvw)67P$FZsg)aZJz&I+q(!
zF}M?ZV3f`?ofzvQ9Of+mIVb#Dql6}_k?nv4o;HX9xY?{Rh$ND4{K1QAb>?-W@`UbM
z;9Ki!kJ#);V+?v1?6K$6cp(Eiflc(vJV@$s8^@Y`t;m9h7Q^Y4h-u=0i4PuNuX=cR
zL3EN?T|b8|0lmzn#1~JwHwHUma7W}ppJRBTn&1U2+fIf}F<N4pC3$AG!J?!F-`loA
zCCP^JC3Rh&?ghgY2+O=u-5WTbF>r?ki9d%{4UoH4b5*H;km%NO(<OFs3N)vgWIPA&
zKJvhoEK<;~Buc}3S48@B?;q=ZDO;@u^6@;qWb3Wg`Az5$Ba<;;o^9enWb&AZFZv}Y
zEvpiTGLg0Hofq#h-#|)*yg!RLH=juk3@YdC%yI|vuD5MPUY-qJ3D5}$^dPkbx-E_X
zazkZgi4-7EpI}r9Gc;g@DFR~|jiMkhk<bNFQaJ!IkkG+lkp27F@Beq-`|(fzPfKxr
AZU6uP

delta 489
zcmYL>ODqFH9EW$?&UDwd84<7bDAEgY&{m}<!O2O~<IHMTkm?GW;$%w@sU~C-6Bj{5
z<K%5_8Yf4GUPK~kL^ybaL`34^-^AnaCEw)#%}>v`^^AMD)Sl!x?g9{jla*>8pFB{K
z)94tUXR|ha!KU+o2`~c|X4BE<Wr;}A5O68-MLx(Ic_I(wmfVmllBO;{o}tZtoW~CR
z*iLAw9p}?@FLs*?>~U&Ua4q#Kc%3Q=cCZ%(H%JzaGvClmzDaggfu@4P-tmYQ9n@U)
zK5t|s>J4av+OThOq7tr~M#qwjD!^uq5ikc>zmWhd2WzF%*Sw6%Kx=61(JDJjK_yrm
zQ-i^VfXn6fOpQmPswbj_)bMBt$C;k#>jwOhK`&|FE@(06fzgtXQ4yG7^d@A!a3LPX
zfE5q`5y)Zjur%dimVIFeqkzza>gn7(a?<kx!NHE^QJ2W@zA%8rVD`4%7_-xmie=2l
z_Q+ZvZ9zggJ6uKGznS`%wf$tdA!jy&wVnU9{=cm5H@kcPSvy6YBC~8r>zHlbOFfI<
D{&$q!

diff --git a/server/server.ts b/server/server.ts
index b436b42..552569c 100644
--- a/server/server.ts
+++ b/server/server.ts
@@ -24,9 +24,8 @@ if (process.env.ENVIRONMENT == "dev") {
 
 // Apply rate limiting
 const postLimiter = rateLimit({
-  windowMs: 5000, // 1 day
-  // windowMs: 1000 * 60 * 60 * 24, // 1 day
-  max: 1, // Limit each IP to 50 requests per window
+  windowMs: parseInt(process.env.POST_LIMIT_WINDOW_SECONDS as string) * 1000,
+  max: parseInt(process.env.POST_LIMIT as string), // Limit each IP to X requests per window
   standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
   legacyHeaders: false, // Disable the `X-RateLimit-*` headers
 });