Skip to content

Commit a0a83d8

Browse files
Merge pull request #93 from jd-apprentice/development
UPDATE PROD
2 parents f09745a + 96c52ac commit a0a83d8

2 files changed

Lines changed: 14 additions & 6 deletions

File tree

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,8 @@
3131
"mongoose": "^8.6.1",
3232
"multer": "^1.4.4",
3333
"multer-storage-cloudinary": "^4.0.0",
34-
"rollbar": "^2.26.4"
34+
"rollbar": "^2.26.4",
35+
"express-rate-limit": "^7.5.0"
3536
},
3637
"devDependencies": {
3738
"@types/bcrypt": "^5.0.2",

src/user/user-routes.ts

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
// External Modules
22
import { Router } from 'express';
3+
import rateLimit from 'express-rate-limit';
34

45
// Internal Modules
56
import userController from './user-controller';
@@ -8,13 +9,19 @@ import { userExists, validateUser, validateToken } from './user-middleware';
89

910
const userRouter = Router();
1011

11-
userRouter.get('/', validateToken, userController.getUsers);
12-
userRouter.get('/info', validateToken, userController.getUserInfo);
13-
userRouter.post('/login', validateUser, userController.login);
14-
userRouter.post('/create', userExists, userController.createUser);
15-
userRouter.get('/:id', validateToken, userController.getUser);
12+
const limiter = rateLimit({
13+
windowMs: 15 * 60 * 1000, // 15 minutes
14+
max: 100, // limit each IP to 100 requests per windowMs
15+
});
16+
17+
userRouter.get('/', limiter, validateToken, userController.getUsers);
18+
userRouter.get('/info', limiter, validateToken, userController.getUserInfo);
19+
userRouter.post('/login', limiter, validateUser, userController.login);
20+
userRouter.post('/create', limiter, userExists, userController.createUser);
21+
userRouter.get('/:id', limiter, validateToken, userController.getUser);
1622
userRouter.patch(
1723
'/',
24+
limiter,
1825
validateToken,
1926
upload.single('image'),
2027
userController.updatePicture,

0 commit comments

Comments
 (0)