Merge pull request #113 from pvdthings/cleanup

api: cleanup and rate limiting

apps/api/README.md

@@ -3,10 +3,13 @@
 ## Environment variables
 You'll need to set these environment variables in a `.env` file at the root of the project folder:
 ```js
-NODE_ENV=development // or 'production'
+NODE_ENV=[value] // 'development' or 'production' (default)
 
 API_KEY=[value]
 
+RATE_LIMIT_WINDOW_MINUTES=[value] // 15 (default)
+RATE_LIMIT_FAILED_ATTEMPTS=[value] // 5 (default)
+
 AIRTABLE_KEY=[value]
 AIRTABLE_BASE_ID=[value]
 

apps/api/middleware/cors.js

@@ -0,0 +1,27 @@
+const { isDevelopment } = require('../utils/environment');
+
+const allowedOrigins = process.env.ACCESS_CONTROL_ALLOW_ORIGIN.split(',');
+
+const corsOptions = Object.freeze({
+  allowedHeaders: [
+      'Origin',
+      'x-api-key',
+      'X-Requested-With',
+      'Content-Type',
+      'Accept',
+      'x-access-token'
+  ],
+  credentials: true,
+  origin: (origin, callback) => {
+      if (allowedOrigins.includes(origin) || !origin || isDevelopment()) {
+          callback(null, true);
+      } else {
+          console.log('origin', origin);
+          callback(new Error('CORS Error'));
+      }
+  }
+});
+
+const cors = require('cors')(corsOptions);
+
+module.exports = cors;

apps/api/middleware/notFound.js

@@ -0,0 +1,5 @@
+const notFound = (req, res, next) => {
+    res.status(404).send();
+};
+
+module.exports = notFound;

apps/api/middleware/rateLimit.js

@@ -0,0 +1,12 @@
+const rateLimit = require('express-rate-limit');
+
+const minutes = process.env.RATE_LIMIT_WINDOW_MINUTES || 15;
+const failedAttempts = process.env.RATE_LIMIT_FAILED_ATTEMPTS || 5;
+
+const limit = rateLimit({
+  windowMs: minutes * 60 * 1000, // 15 minutes
+  limit: failedAttempts,
+  skipSuccessfulRequests: true,
+});
+
+module.exports = limit;