11// External Modules
22import { Router } from 'express' ;
3+ import rateLimit from 'express-rate-limit' ;
34
45// Internal Modules
56import userController from './user-controller' ;
@@ -8,13 +9,19 @@ import { userExists, validateUser, validateToken } from './user-middleware';
89
910const userRouter = Router ( ) ;
1011
11- userRouter . get ( '/' , validateToken , userController . getUsers ) ;
12- userRouter . get ( '/info' , validateToken , userController . getUserInfo ) ;
13- userRouter . post ( '/login' , validateUser , userController . login ) ;
14- userRouter . post ( '/create' , userExists , userController . createUser ) ;
15- userRouter . get ( '/:id' , validateToken , userController . getUser ) ;
12+ const limiter = rateLimit ( {
13+ windowMs : 15 * 60 * 1000 , // 15 minutes
14+ max : 100 , // limit each IP to 100 requests per windowMs
15+ } ) ;
16+
17+ userRouter . get ( '/' , limiter , validateToken , userController . getUsers ) ;
18+ userRouter . get ( '/info' , limiter , validateToken , userController . getUserInfo ) ;
19+ userRouter . post ( '/login' , limiter , validateUser , userController . login ) ;
20+ userRouter . post ( '/create' , limiter , userExists , userController . createUser ) ;
21+ userRouter . get ( '/:id' , limiter , validateToken , userController . getUser ) ;
1622userRouter . patch (
1723 '/' ,
24+ limiter ,
1825 validateToken ,
1926 upload . single ( 'image' ) ,
2027 userController . updatePicture ,
0 commit comments