Merge pull request #128 from AyushSharma72/ratelimiter

Added rate limiter to the login api issue #111
Bitbox-Connect · Oct 16, 2024 · e153b39 · e153b39
2 parents f1c8793 + a8015b9
commit e153b39
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/server/package-lock.json b/server/package-lock.json
diff --git a/server/package.json b/server/package.json
@@ -19,6 +19,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.4.4",
     "express": "^4.18.2",
+    "express-rate-limit": "^7.4.1",
     "express-validator": "^7.0.1",
     "firebase": "^10.10.0",
     "google-auth-library": "^9.7.0",

diff --git a/server/routes/auth.js b/server/routes/auth.js
@@ -7,6 +7,8 @@ const fetchuser = require("../middleware/fetchuser");
 require("dotenv").config();
 const { body, validationResult } = require("express-validator");
 const { OAuth2Client } = require("google-auth-library");
+const rateLimit = require("express-rate-limit");
+
 const {
   forgetpassword,
   verifyToken,
@@ -62,8 +64,18 @@ router.post("/googlelogin", async (req, res) => {
 // ROUTE 1 : Create a User using : POST: "/api/auth/createuser". No login required
 
 // ROUTE 2 : Create a User using : POST: "/api/auth/login". No login required
-router.post(
+
+// Set up rate limiting
+const loginLimiter = rateLimit({
+  windowMs: 5 * 60 * 1000, // for 5 minutes
+  max: 5, // Limit each IP to 5 requests per windowMs edit as you need
+  message:
+    "Too many login attempts from this IP, please try again after 5 minutes.",
+});
+
+router.post( 
   "/login",
+  loginLimiter, // rate limiter middleware
   [
     // Creating check vadilation for user credentials like name, email and password