Merge pull request #1703 from AyushSharma72/ratelimit

added rate limit api to login api
PriyaGhosal · Oct 28, 2024 · 3503ead · 3503ead
2 parents 72ec618 + 1660e96
commit 3503ead
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 7 deletions.
diff --git a/backend/.gitignore b/backend/.gitignore
@@ -1 +1,2 @@
-.env
+.env
+/node_modules
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -16,6 +16,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
     "express": "^4.21.1",
+    "express-rate-limit": "^7.4.1",
     "jsonwebtoken": "^9.0.2",
     "mongoose": "^8.7.3"
   }

diff --git a/backend/routes/authRoutes.js b/backend/routes/authRoutes.js
@@ -1,11 +1,26 @@
-const express = require('express');
-const { signup, login, logout, verifyToken } = require('../controllers/authController');
+const express = require("express");
+const rateLimit = require("express-rate-limit");
+const {
+  signup,
+  login,
+  logout,
+  verifyToken,
+} = require("../controllers/authController");
 
 const router = express.Router();
 
-router.post('/signup', signup);
-router.post('/login', login);
-router.post('/logout', logout);
-router.get('/verify', verifyToken); // New verification route
+// Set up rate limiter for the login route
+const loginRateLimiter = rateLimit({
+  windowMs: 5 * 60 * 1000, // 5 minutes
+  max: 5,
+  message: "Too many login attempts. Please try again in 5 minutes.",
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
+router.post("/signup", signup);
+router.post("/login", loginRateLimiter, login); // Apply the limiter here
+router.post("/logout", logout);
+router.get("/verify", verifyToken);
 
 module.exports = router;