Potential fix for code scanning alert no. 353: Missing rate limiting (#32928)

Signed-off-by: EugeniyKiyashko <EugeniyKiyashko@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: EugeniyKiyashko

apps/demos/package.json

@@ -86,7 +86,8 @@
         "vuex": "4.0.0-beta.4",
         "whatwg-fetch": "2.0.4",
         "yargs": "17.7.2",
-        "zone.js": "0.15.1"
+        "zone.js": "0.15.1",
+        "express-rate-limit": "^8.3.1"
     },
     "devDependencies": {
         "@angular/platform-server": "21.1.6",

apps/demos/utils/server/csp-server.js

@@ -5,6 +5,7 @@ const express = require('express');
 const cookieParser = require('cookie-parser');
 const { join, resolve } = require('path');
 const { readFileSync, readdirSync } = require('fs');
+const RateLimit = require('express-rate-limit');
 
 const root = join(__dirname, '..', '..', '..', '..');
 const indexFileName = 'index.html';
@@ -379,12 +380,17 @@ const app = express();
 app.use(cookieParser());
 app.use(cspMiddleware);
 
+const demoIndexLimiter = RateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 100,
+});
+
 app.post('/csp-report', cspReportHandler);
 app.get('/csp-violations', cspViolationsHandler);
 app.delete('/csp-violations', cspViolationsClearHandler);
 
-app.get('/apps/demos/Demos/:widget/:name/:approach', demoIndexHandler);
-app.get(`/apps/demos/Demos/:widget/:name/:approach/${indexFileName}`, demoIndexHandler);
+app.get('/apps/demos/Demos/:widget/:name/:approach', demoIndexLimiter, demoIndexHandler);
+app.get(`/apps/demos/Demos/:widget/:name/:approach/${indexFileName}`, demoIndexLimiter, demoIndexHandler);
 
 app.use(express.static(root, { index: [indexFileName] }));