Skip to content
This repository was archived by the owner on Mar 15, 2018. It is now read-only.

WIP: Rate limiter #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

WIP: Rate limiter #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions packages/base/express/rateLimit.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
var RateLimit = require('express-rate-limit')

module.exports = new RateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 10,
delayMs: 100,
onLimitReached (req, res, options) {
console.log(`rate limit / reached for ${req.user && req.user.id} ${req.ip} ${JSON.stringify(req.rateLimit)}`)
},
keyGenerator (req) {
return (req.user ? `${req.user.id}-${req.ip}` : req.ip)
}
})
1 change: 1 addition & 0 deletions packages/base/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
"d3-time-format": "^2.1.1",
"export-files": "^2.1.1",
"express": "^4.16.2",
"express-rate-limit": "^2.11.0",
"graphql-redis-subscriptions": "^1.4.0",
"graphql-subscriptions": "^0.5.6",
"pogi": "^2.5.5",
Expand Down
8 changes: 6 additions & 2 deletions packages/base/server.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ const {
// middlewares
const { express: { auth } } = require('@orbiting/backend-modules-auth')
const requestLog = require('./express/requestLog')
const rateLimit = require('./express/rateLimit')
const graphql = require('./express/graphql')

let pgdb
Expand All @@ -48,7 +49,7 @@ module.exports.run = (executableSchema, middlewares, t, signInHooks) => {
engine.start()
}

return PgDb.connect().then( async (_pgdb) => {
return PgDb.connect().then(async (_pgdb) => {
pgdb = _pgdb
server = express()
httpServer = createServer(server)
Expand All @@ -71,6 +72,9 @@ module.exports.run = (executableSchema, middlewares, t, signInHooks) => {
signInHooks
})

// Rate Limiting middleware needs to be after auth to access user id
server.use(rateLimit)

if (CORS_WHITELIST_URL) {
const corsOptions = {
origin: CORS_WHITELIST_URL.split(','),
Expand All @@ -82,7 +86,7 @@ module.exports.run = (executableSchema, middlewares, t, signInHooks) => {

subscriptionServer = graphql(server, pgdb, httpServer, executableSchema, t)

for(let middleware of middlewares) {
for (let middleware of middlewares) {
await middleware(server, pgdb, t)
}

Expand Down
6 changes: 6 additions & 0 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1721,6 +1721,12 @@ export-files@^2.1.1:
dependencies:
lazy-cache "^1.0.3"

express-rate-limit@^2.11.0:
version "2.11.0"
resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-2.11.0.tgz#092122218c86eddb56fb350f431e522fb8024ea9"
dependencies:
defaults "^1.0.3"

express-session@^1.15.6:
version "1.15.6"
resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.15.6.tgz#47b4160c88f42ab70fe8a508e31cbff76757ab0a"
Expand Down