t-ho
diff --git a/‎nginx-proxy/templates/service.conf.prod‎
Lines changed: 4 additions & 0 deletions b/‎nginx-proxy/templates/service.conf.prod‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎package-lock.json‎
Lines changed: 49 additions & 49 deletions b/‎package-lock.json‎
Lines changed: 49 additions & 49 deletions
diff --git a/‎package.json‎
Lines changed: 5 additions & 5 deletions b/‎package.json‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎server/config/config.default.js‎
Lines changed: 20 additions & 12 deletions b/‎server/config/config.default.js‎
Lines changed: 20 additions & 12 deletions
diff --git a/‎server/config/config.prod.js‎
Lines changed: 8 additions & 0 deletions b/‎server/config/config.prod.js‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎server/config/config.test.js‎
Lines changed: 8 additions & 0 deletions b/‎server/config/config.test.js‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎server/controllers/auth.controller.js‎
Lines changed: 0 additions & 1 deletion b/‎server/controllers/auth.controller.js‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎server/core/express.js‎
Lines changed: 5 additions & 1 deletion b/‎server/core/express.js‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎server/index.js‎
Lines changed: 2 additions & 0 deletions b/‎server/index.js‎
Lines changed: 2 additions & 0 deletions
@@ -6,6 +6,8 @@
 # Specify file cache expiration.
 include h5bp/web_performance/cache_expiration.conf;
 
+limit_req_zone $binary_remote_addr zone=generallimit:10m rate=10r/s;
+
 upstream client-cluster {
   server client:3000;
 }
@@ -78,6 +80,8 @@ server {
   }
 
   location /api {
+    limit_req zone=generallimit burst=20 nodelay;
+    limit_req_status 429;
     proxy_pass http://api-server-cluster;
   }
 
 
@@ -24,14 +24,14 @@
   },
   "homepage": "https://tdev.app/mern-stack",
   "devDependencies": {
-    "chalk": "^4.1.0",
-    "concurrently": "^6.0.0",
-    "dotenv": "^8.2.0",
+    "chalk": "^4.1.1",
+    "concurrently": "^6.2.0",
+    "dotenv": "^10.0.0",
     "figlet": "^1.5.0",
     "husky": "^4.3.8",
     "lodash": "^4.17.21",
-    "ngrok": "^4.0.0",
-    "prettier": "^2.2.1",
+    "ngrok": "^4.0.1",
+    "prettier": "^2.3.0",
     "pretty-quick": "^3.1.0",
     "tree-kill": "^1.2.2"
   },
 
@@ -58,18 +58,6 @@ let defaultConfig = {
     uri: 'This will be overriden by environment variable MONGO_URI',
     testUri: 'mongodb://localhost:27017/mern_test',
   },
-  sendgrid: {
-    apiKey: 'This will be overriden by environment variable SENDGRID_API_KEY',
-  },
-  server: {
-    host: 'This will be overriden by environment variable SERVER_HOST',
-    port: 'This will be overriden by environment variable SERVER_PORT',
-    publicUrl:
-      'This will be overriden by environment variable SERVER_PUBLIC_URL',
-  },
-  paths: {
-    root: fspath.normalize(`${__dirname}/..`),
-  },
   oauth: {
     google: {
       clientId:
@@ -84,10 +72,30 @@ let defaultConfig = {
         'This will be overriden by environment variable FACEBOOK_APP_SECRET',
     },
   },
+  paths: {
+    root: fspath.normalize(`${__dirname}/..`),
+  },
+  rateLimit: {
+    enabled: false,
+  },
   seed: {
     logging: true,
     users: [],
   },
+  sendgrid: {
+    apiKey: 'This will be overriden by environment variable SENDGRID_API_KEY',
+  },
+  server: {
+    host: 'This will be overriden by environment variable SERVER_HOST',
+    port: 'This will be overriden by environment variable SERVER_PORT',
+    publicUrl:
+      'This will be overriden by environment variable SERVER_PUBLIC_URL',
+  },
+  trustProxy: {
+    enabled: false,
+    // see https://expressjs.com/en/guide/behind-proxies.html
+    value: 0,
+  },
 };
 
 module.exports = defaultConfig;
@@ -38,6 +38,9 @@ let prodConfig = {
     root: fspath.normalize(`${__dirname}/..`),
   },
   oauth: {},
+  rateLimit: {
+    enabled: true,
+  },
   seed: {
     logging: true,
     users: [
@@ -59,6 +62,11 @@ let prodConfig = {
       },
     ],
   },
+  trustProxy: {
+    enabled: true,
+    // see https://expressjs.com/en/guide/behind-proxies.html
+    value: 1,
+  },
 };
 
 prodConfig = _.merge({}, defaultConfig, prodConfig);
 
@@ -21,6 +21,9 @@ let testConfig = {
     testUri: `mongodb://localhost:27017/${defaultConfig.app.name}_test`,
   },
   oauth: {},
+  rateLimit: {
+    enabled: false,
+  },
   seed: {
     logging: false,
     users: [
@@ -218,6 +221,11 @@ let testConfig = {
       },
     ],
   },
+  trustProxy: {
+    enabled: false,
+    // see https://expressjs.com/en/guide/behind-proxies.html
+    value: 0,
+  },
 };
 
 testConfig = _.merge({}, defaultConfig, testConfig);
 
@@ -585,7 +585,6 @@ const sendEmailHelperAsync = (
     templatePath: `${config.paths.root}/templates/email.html`,
     dynamicTemplateData: {
       boxTitle: title,
-      firstName: user.firstName,
       content,
       buttonText,
       url,
 
@@ -14,6 +14,10 @@ const constants = require('./constants');
 // App Setup
 const app = express();
 
+if (config.trustProxy.enabled) {
+  app.set('trust proxy', config.trustProxy.value);
+}
+
 // Logger
 if (config.morgan.enabled) {
   app.use(morgan(config.morgan.format, config.morgan.options));
@@ -62,7 +66,7 @@ app.use((req, res, next) => {
 // and send stacktrace to client
 if (config.env === constants.ENV_DEV) {
   app.use((err, req, res, next) => {
-    console.log(err.stack);
+    console.log('[DEV]', err.stack);
     res
       .status(err.status || 400)
       .json({ error: { message: err.message, details: err.stack } });
 
@@ -48,6 +48,8 @@ const displayConfigurationStatus = () => {
   console.log(chalk.gray(`[*] Cors: ${config.cors.enabled}`));
   console.log(chalk.gray(`[*] Helmet: ${config.helmet.enabled}`));
   console.log(chalk.gray(`[*] Morgan: ${config.morgan.enabled}`));
+  console.log(chalk.gray(`[*] RateLimit: ${config.rateLimit.enabled}`));
+  console.log(chalk.gray(`[*] TrustProxy: ${config.trustProxy.enabled}`));
 };
 
 displayConfigurationStatus();
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,8 @@`
`6`	`6`	`# Specify file cache expiration.`
`7`	`7`	`include h5bp/web_performance/cache_expiration.conf;`
`8`	`8`
	`9`	`+limit_req_zone $binary_remote_addr zone=generallimit:10m rate=10r/s;`
	`10`	`+`
`9`	`11`	`upstream client-cluster {`
`10`	`12`	`server client:3000;`
`11`	`13`	`}`
`@@ -78,6 +80,8 @@ server {`
`78`	`80`	`}`
`79`	`81`
`80`	`82`	`location /api {`
	`83`	`+ limit_req zone=generallimit burst=20 nodelay;`
	`84`	`+ limit_req_status 429;`
`81`	`85`	`proxy_pass http://api-server-cluster;`
`82`	`86`	`}`
`83`	`87`