Merge pull request #56 from Cattn/rate-limiting

Cattn · web-flow · commit 181238957edf · 2026-01-16T12:28:05.000-05:00
Rate limiting the API
diff --git a/api/maple.js b/api/maple.js
@@ -1,5 +1,6 @@
 const express = require('express');
 const rateLimit = require("express-rate-limit");
+const slowDown = require("express-slow-down");
 const cors = require('cors');
 const login = require('./auth/login');
 const getPath = require('./get/get.js');
@@ -53,10 +54,20 @@ var options = {
 	}
 };
 
-/* const limiter = rateLimit({
+const limiter = slowDown({
 	windowMs: 2 * 60 * 1000,
-	max: 20,
-}); */
+	delayAfter: 5,
+	delayMs: (hits) => {
+		if (hits <= 15) return hits * 100;
+		return (hits - 15) * 1000 + 2000;
+	},
+	maxDelayMs: 15000,
+});
+
+// const limiter = rateLimit({
+// 	windowMs: 15 * 60 * 1000,
+// 	limit: 20,
+// })
 
 try {
 
@@ -84,8 +95,8 @@ try {
 	console.log('[7] Setting up routes...');
 	const friends = require('./user/friends.js');
 
-	/* app.use(limiter);
-	 */
+	app.use(limiter);
+	
 	app.use(cors(corsOptions));
 
 	app.get('/', (req, res) => {
diff --git a/api/package-lock.json b/api/package-lock.json
diff --git a/api/package.json b/api/package.json
@@ -26,6 +26,7 @@
 		"dotenv": "^16.4.7",
 		"express": "^4.21.2",
 		"express-rate-limit": "^7.5.0",
+		"express-slow-down": "^3.0.1",
 		"express-validator": "^7.2.1",
 		"jsonwebtoken": "^9.0.2",
 		"multer": "^1.4.5-lts.1",
