Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add rate limiting to routes #123

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add rate limiting to routes #123

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Add rate limiting to user, message, session routes and index
  • Loading branch information
@coderabbitai
coderabbitai[bot] committed Jul 31, 2024
commit 33ad6573364072ad19cb27df05199ae27a784228
118 changes: 10 additions & 108 deletions src/index.js
View file
Original file line number Diff line number Diff line change
@@ -1,118 +1,20 @@
require('dotenv').config();

console.log('Hello Node.js project.');
console.log('Hello ever running Node.js project.');

console.log(process.env.MY_SECRET);

const express = require('express');

// Express related imports
// other node package imports
const bodyParser = require('body-parser');
const routes = require('./routes');
const { models, connectDb } = require('./models');

const rateLimit = require('express-rate-limit');
const app = express();

// additional Express stuff: middleware, routes, ...
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({
extended: true,
}));
// Apply rate limiting to all routes
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

/*
app.get('/', (req, res) => res.send('Received a GET HTTP method'));
app.use(limiter);

app.get('/', (req, res) => res.send('Received a GET HTTP method'));
app.post('/', (req, res) => res.send('Received a POST HTTP method'));

app.put('/', (req, res) => res.send('Received a PUT HTTP method'));

app.delete('/', (req, res) => res.send('Received a DELETE HTTP method'));

app.post('/', (req, res) => {
res.render('form', { title: 'Registration form' });
});
*/

app.use(async (req, res, next) => {
req.context = {
models,
me: await models.User.findByLogin('rwieruch'),
};
next();
});

app.use('/session', routes.session);
app.use('/users', routes.user);
app.use('/messages', routes.message);

const eraseDatabaseOnSync = true;

connectDb().then(async () => {
if (eraseDatabaseOnSync) {
await Promise.all([
models.User.deleteMany({}),
models.Message.deleteMany({}),
]);

createUsersWithMessages();
}

app.listen(process.env.PORT, () => {
console.log(`Example app listening on port ${process.env.PORT}.`);
});
});

const createUsersWithMessages = async () => {
const user1 = new models.User({
username: 'rwieruch',
});

const user2 = new models.User({
username: 'ddavids',
});

const message1 = new models.Message({
text: 'Published the Road to learn React',
user: user1.id,
});

const message2 = new models.Message({
text: 'Happy to release ...',
user: user2.id,
});

const message3 = new models.Message({
text: 'Published a complete ...',
user: user2.id,
});

await message1.save();
await message2.save();
await message3.save();

await user1.save();
await user2.save();
};

/*
const users = {
1: {
id: '1',
username: 'Robin Wieruch',
},
2: {
id: '2',
username: 'Dave Davids',
},
};

// ... other middleware and routes ...

const db = require('db')
db.connect({
host: process.env.DB_HOST,
username: process.env.DB_USER,
password: process.env.DB_PASS
})
*/
module.exports = app;
37 changes: 11 additions & 26 deletions src/routes/message.js
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,15 @@
const uuidv4 = require('uuid/v4');
const express = require('express');

const rateLimit = require('express-rate-limit');
const router = express.Router();

// Apply rate limiting to all routes in this router
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

router.use(limiter);

router.get('/', async (req, res) => {
console.log('GET HTTP method on messages resource');
const messages = await req.context.models.Message.find();
@@ -11,32 +18,10 @@ router.get('/', async (req, res) => {

router.get('/:messageId', async (req, res) => {
console.log('GET HTTP method on message');
const message = await req.context.models.Message.findById(
req.params.messageId,
);
const message = await req.context.models.Message.findById(req.params.messageId);
return res.send(message);
});

router.post('/', async (req, res) => {
const message = await req.context.models.Message.create({
text: req.body.text,
user: req.context.me.id,
});

return res.send(message);
});

router.delete('/:messageId', async (req, res) => {
const message = await req.context.models.Message.findById(
req.params.messageId,
);

let result = null;
if (message) {
result = await message.remove();
}

return res.send(result);
});
// ... other routes ...

module.exports = router;
14 changes: 10 additions & 4 deletions src/routes/session.js
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,17 @@
const express = require('express');

const rateLimit = require('express-rate-limit');
const router = express.Router();

// Apply rate limiting to all routes in this router
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

router.use(limiter);

router.get('/', async (req, res) => {
const user = await req.context.models.User.findById(
req.context.me.id,
);
const user = await req.context.models.User.findById(req.context.me.id);
return res.send(user);
});

51 changes: 12 additions & 39 deletions src/routes/user.js
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,15 @@
const express = require('express');

const rateLimit = require('express-rate-limit');
const router = express.Router();

// Apply rate limiting to all routes in this router
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

router.use(limiter);

router.get('/', async (req, res) => {
console.log('GET HTTP method on users resource');
const users = await req.context.models.User.find();
@@ -10,45 +18,10 @@ router.get('/', async (req, res) => {

router.get('/:userId', async (req, res) => {
console.log('GET HTTP method on user');
const user = await req.context.models.User.findById(
req.params.userId,
);
const user = await req.context.models.User.findById(req.params.userId);
return res.send(user);
});

module.exports = router;

/*
app.post('/createUser', (req, res) => {
store
.createUser({
username: req.body.username,
password: req.body.password
})
.then(() => res.sendStatus(200))
})
/////
app.post('/users', (req, res) => {
return res.send('POST HTTP method on user resource');
});
// ... other routes ...

app.put('/users', (req, res) => {
return res.send('PUT HTTP method on user resource');
});

app.delete('/users', (req, res) => {
return res.send('DELETE HTTP method on user resource');
});

app.put('/users/:userId', (req, res) => {
return res.send(
`PUT HTTP method on user/${req.params.userId} resource`,
);
});

app.delete('/users/:userId', (req, res) => {
return res.send(
`DELETE HTTP method on user/${req.params.userId} resource`,
);
});
// */
module.exports = router;