Skip to content

Commit

Permalink
Merge pull request #10 from DaalBot/alert-autofix-9
Browse files Browse the repository at this point in the history 
Fix code scanning alert no. 9: Missing rate limiting
  • Loading branch information
@NotPiny
NotPiny authored Nov 18, 2024
2 parents 92602d5 + d543073 commit 7d8e501
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
11 changes: 11 additions & 0 deletions Server/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ const { Colors } = require('discord.js');
const DJS = require('discord.js');
const client = require('../client');
const express = require('express');
const rateLimit = require('express-rate-limit');
const app = express();
const port = 8923;
const axios = require('axios');
Expand All @@ -11,6 +12,16 @@ const { execSync } = require('child_process');

app.use(express.json());

// Set up rate limiter: maximum of 100 requests per 15 minutes
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

// Apply rate limiter to specific routes
app.use('/md/privacy', limiter);
app.use('/md/tos', limiter);

app.get('/api/status', (req, res) => {
// Status type not defined so send all data about the client
if (req.headers['user-agent'].toLowerCase().includes('mozilla') && !req.query.noinject) {
Expand Down
3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"express": "^4.21.1",
"node-html-parser": "^6.1.10",
"rss-to-json": "^2.1.1",
"wokcommands": "^2.1.9"
"wokcommands": "^2.1.9",
"express-rate-limit": "^7.4.1"
}
}

0 comments on commit 7d8e501

Please sign in to comment.