null
/
BillTracker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
BillTracker/middleware/rateLimiter.js

62 lines
1.6 KiB
JavaScript
Raw Permalink Normal View History

initial commit
2026-05-03 19:51:57 -05:00
'use strict';
const rateLimit = require('express-rate-limit');
function makeLimiter(max, windowMs, message) {
return rateLimit({
windowMs,
max,
standardHeaders: 'draft-7',
legacyHeaders: false,
// Override default handler so the response is always JSON, not HTML
handler(req, res) {
res.status(429).json({ error: message });
},
});
}
// 10 login attempts per 15 minutes per IP — brute-force protection
const loginLimiter = makeLimiter(
10, 15 * 60 * 1000,
'Too many login attempts. Please try again in 15 minutes.',
);
// 5 password-change attempts per 15 minutes per IP
const passwordLimiter = makeLimiter(
5, 15 * 60 * 1000,
'Too many password change attempts. Please try again in 15 minutes.',
);
// 20 import preview/apply requests per 15 minutes per IP
const importLimiter = makeLimiter(
20, 15 * 60 * 1000,
'Too many import requests. Please try again in 15 minutes.',
);
// 30 export requests per 15 minutes per IP
const exportLimiter = makeLimiter(
30, 15 * 60 * 1000,
'Too many export requests. Please try again in 15 minutes.',
);
// 30 admin mutation actions per 15 minutes per IP (backup/restore/cleanup)
const adminActionLimiter = makeLimiter(
30, 15 * 60 * 1000,
'Too many admin actions. Please try again in 15 minutes.',
);
// 20 OIDC login/callback requests per 15 minutes per IP
const oidcLimiter = makeLimiter(
20, 15 * 60 * 1000,
'Too many authentication requests. Please try again in 15 minutes.',
);
module.exports = {
loginLimiter,
passwordLimiter,
importLimiter,
exportLimiter,
adminActionLimiter,
oidcLimiter,
};