From 91f6205b90992777541f3b7f3cd90f921d75d49e Mon Sep 17 00:00:00 2001 From: Maxime Cannoodt Date: Wed, 29 Jun 2022 22:19:50 +0200 Subject: [PATCH] post rate limiting --- server/package-lock.json | 18 ++++++++++++++++++ server/package.json | 1 + server/prisma/dev.db | Bin 815104 -> 815104 bytes server/server.ts | 36 +++++++++++++++++++++++++----------- 4 files changed, 44 insertions(+), 11 deletions(-) diff --git a/server/package-lock.json b/server/package-lock.json index dc2b937..b5f31aa 100644 --- a/server/package-lock.json +++ b/server/package-lock.json @@ -13,6 +13,7 @@ "cors": "^2.8.5", "dotenv": "^16.0.1", "express": "^4.18.1", + "express-rate-limit": "^6.4.0", "helmet": "^5.1.0", "sqlite3": "^5.0.8" }, @@ -1609,6 +1610,17 @@ "node": ">= 0.10.0" } }, + "node_modules/express-rate-limit": { + "version": "6.4.0", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.4.0.tgz", + "integrity": "sha512-lxQRZI4gi3qAWTf0/Uqsyugsz57h8bd7QyllXBgJvd6DJKokzW7C5DTaNvwzvAQzwHGFaItybfYGhC8gpu0V2A==", + "engines": { + "node": ">= 12.9.0" + }, + "peerDependencies": { + "express": "^4 || ^5" + } + }, "node_modules/fast-safe-stringify": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz", @@ -5229,6 +5241,12 @@ "vary": "~1.1.2" } }, + "express-rate-limit": { + "version": "6.4.0", + "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.4.0.tgz", + "integrity": "sha512-lxQRZI4gi3qAWTf0/Uqsyugsz57h8bd7QyllXBgJvd6DJKokzW7C5DTaNvwzvAQzwHGFaItybfYGhC8gpu0V2A==", + "requires": {} + }, "fast-safe-stringify": { "version": "2.1.1", "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz", diff --git a/server/package.json b/server/package.json index 394158f..d6814f0 100644 --- a/server/package.json +++ b/server/package.json @@ -15,6 +15,7 @@ "cors": "^2.8.5", "dotenv": "^16.0.1", "express": "^4.18.1", + "express-rate-limit": "^6.4.0", "helmet": "^5.1.0", "sqlite3": "^5.0.8" }, diff --git a/server/prisma/dev.db b/server/prisma/dev.db index 64afe8ba5bff52c874ea67a7ddcc2c87fa4175a4..1304bbba527b518da12cd00ae31b0178415b68a1 100644 GIT binary patch delta 3933 zcmZ{nJM8S(UB~xwbN|_}kIQa^goGA_29T_k->+)1$M3Pnw{Kl_`>a>fAJbRK7He>zdJtt z!OIuhrhoqM^-urg=?|ZO@c#4H-~8<9qo?;jdH?sfHT2ojk6!=rXHQRG{pV*-zx`hD z(eqE9#b+FXYxIgh5JV2`Fm+_z)k{Zw`)e0Mrp<-kxDinmx3w8Q{6Dvf^ZboVZEl0y z5g2Z<55D_p^R(%ko8I2^txdoA)u+unfBX3lUc9Tl^Z54LpS*bSz4tzU@Bcmi+2`N? zy;nbc_NV*5lK#O#ggy~ZwFiSZx9*3sx{IZ38Kg0+EhVUK4-5sy4Z~px0ffC+5j~*S z0-k-LtnV09T|o^-wOT4#x8RZze+7J)(d8r z&2U)+7p2`7DnZivalE5|tXgU$Ua;!g54MxLdD5M*RUK*1weooh%TdDWnN};df}Ma% zYMC&A11O|bnh2L0EQQ!3DDQ?+cHLssQxx-cq#<1coE)z_m>0soRC*O9Wuo3kws-hh zcfu+iV8yVHPTw(O;!R;bq}qh`j=##BLM?nE9n{P2?h(wYI2Pppy6b-1>lYWp6#sDy1dEE za|^5wUji>M?(;E`QAfxznfrk`qI|E3-LOGee(&)fk|JiWO}izzmHPD0$eW;M6fVx^l3cf}lX zWE3pP2Gq>B?VdwlP`g}<@PL!zff{3Ey^=F~BXS1>^p??ZuyBTE@eln&!LlPl1A~@9 zZCA;$dY1*eMygV+nWh^DH*e4`y`+k>GUw9;2`r_zD|(h~CEe-i2!q0T4lffq`H>}o z_}tKdF~vX+TZnS=?yMvo$}%5<5fK#44xEtK;=MO-mUU_n^#Q09r_E6;YM6Trarj7k zQdeWQP?Q96at!uAwYRiLg3*NIJSCf-+mcq0Wrlnlr zvg-I_sm0nvQFN03^5F22dYTWFr`pDCV2v-Xb6rYIwcVtMPMvK>5!mM2+d*`gf79$_}FrtBOQdYL)i}Xc#u)q0YjD; zjma)*aZQ`-aFCC<=k5yz^An@E9Ch6G{=1&Uh-pOg{nTremUpq_V6Nt9~~>Tc#JWg38WTkMvbbF6%j@_L*B z;)=+@u~*dl-3>Yna@9$y{rw1?qtssr^2|+Ib7f8^ z4iEzJT0(Kesg@<`FqATCc7}Lps(~xP(kE8+==OS`$qeP?Lcgm_$UJzZ6B$P%vZJLV zRduIkz%-QM1nqdnIg#9Xz=6DstFXcBQp;!B&+>9eoJo^wmj}jF7oZis3kO7O7?>U9 z#hllw-!~?)tHV8KLPFSPd+{)X*F)I*`Gg=7oGfzQs60I5W5C;4&qPB`jKhyiz;# zSfow08#wsRp>pr`t}L1R0Ckhr6pj*d;`;qE9jk|57>OX_@TKn@#-5g#bf;#g+gw{i zGYGS4C}G|ZZ~$Bq5*MFlJ%|pHEAUK1C`_+UjEJa+JNBZkmx-k9bhYe&H1Eb^d5fh^ zsC{&%j)+(%0I`L7DLQLlx?-4Sssy7)$#c4W$tZJ=WEzVPmZ^@rJ-D)~j~!A^YwbYN z`IB;CQbxQ3$!+$|S1dQi`G`BVS;Rq}abBFx7ipbmMqG8*+577aac#dAJbu3q!Pc)< z?ramlaf(LK95KM0GrO-erheot>31lAWd?F(2CZ5F3*y@I@mg7tiQR4?-KR=gxBZEq zYi3J?IO^n@huYlcyAExcXh!7a1ql^ei zlBB-)_=8^o*RLyb8@N9D<-cv<`pX~vf>oZXqB7V{BUfJvbn$V87KH>szgUp*M}t9Xa0mAVg@FAdGSOJ;li_5xh&&O z%v?J%;$0Q}gm7bl!f--f>L}0)M<130OWZ``R7CNkIl==(qTw)!GiQW8JA_=8%GPuO zxz$>mt)$&AsER2@9y0qzie?QK?^%6~m(GhMIzG6QBuCr8Yvr(*Zel3M^=@$iJC`8) zEYj(~c0k1!3u>GIN!=I;7+}Qa92?Q0`Vez>xGyxEF(4+*36j()jhdpNImcvbllmH1 z&O`4T&+C@1=Oxn&e>8jK_}_zZROJ; zX$s4^h6u`#2wnC_#oUMTTs!I2T~Ve@@=j1a7>moYjIUv*p>!9Wb?nk-{FSapg2z_# zNK`4{hJ1V>JBm{8^dqp(-s^M4hc5A}hpcybWO09QMWLPjw-Szj2EoumX z4PLjEi6t?x$2c=kzBu&Il=)JfmpzkI1k}mV^_DkD2nS@cq!YL!qJv{!yy2LhQZ;C9 z3-0!!cess3EyNRScWB&LeIq)i-K2t}pEZW#S~JoDEl_tEfYz3y?)`o0Wzhw#>j4t* zyDdJh^a@`0tAEd}Go$VFJ)JxWN zPT!a3Wb%cZG#{)ghqQp!ZTkYvWQg~>5nc%U;KdPwB?N^eDUIM+j6rFJkZ1~}L_&oj sOh;srkaUEh8@s|7+K3fHNtVLN*3>d64!`*Lx4s6~SD(J~?w85`0+ewM!vFvP delta 244 zcmZp8VA$}$aDp`N0tN<#<3P*_#M>uom@_Wen6SK_bsLa-pqZzkou`2jh?#(x8Hic7 z^E9yjI4{P|e;25L;UNES{%`yr`QPwA=YPb1ce+9V+ob6R0c>pBHwCb%@v|D3q?%Yx zzZ=h{&dkRbJDoj&O?J9L0^7dn4hd{L+utRyiSn{AFfjg|{NaHlt00hde{$kWNmc)>R=K1oLY_Sif&AZ7<*4j|?PVy^A6dE6@+x3g~G$YA44=dforUSiwGJNaR=BpYMn gdNCK9>5i-%a@#jwV-4cm&iaAdmwS5 { console.log(`server started at http://localhost:${process.env.PORT}`); }); // Post new encrypted note -app.post("/note/", async (req: Request<{}, {}, EncryptedNote>, res) => { - const note = req.body; - const savedNote = await prisma.encryptedNote.create({ - data: { ...note, expire_time: addDays(new Date(), 30) }, - }); - res.json({ - view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`, - expire_time: savedNote.expire_time, - }); -}); +app.post( + "/note/", + postLimiter, + async (req: Request<{}, {}, EncryptedNote>, res) => { + const note = req.body; + const savedNote = await prisma.encryptedNote.create({ + data: { ...note, expire_time: addDays(new Date(), 30) }, + }); + res.json({ + view_url: `${process.env.FRONTEND_URL}/note/${savedNote.id}`, + expire_time: savedNote.expire_time, + }); + } +); // Get encrypted note app.get("/note/:id", async (req, res) => {