mirror of
https://framagit.org/les/gancio.git
synced 2025-01-31 16:42:22 +01:00
35 lines
No EOL
1.4 KiB
JavaScript
35 lines
No EOL
1.4 KiB
JavaScript
const rateLimit = require('express-rate-limit')
|
|
const log = require('../log')
|
|
|
|
const next = (req, res, next) => next()
|
|
|
|
const instanceApiRateLimiter = {
|
|
|
|
DDOSProtectionApiRateLimiter: (process.env.NODE_ENV !== 'production' ? next : rateLimit({
|
|
windowMs: 60 * 1000, // 1 minutes
|
|
max: 250, // Limit each IP to 150 requests per `window`
|
|
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
|
|
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
|
|
handler: (request, response, next, options) => {
|
|
log.warn(`DDOS protection api rate limiter: > 250req/minute/ip ${request.ip}`)
|
|
return response.status(options.statusCode).send(options.message)
|
|
}
|
|
})),
|
|
|
|
|
|
/** This is a limiter used to avoid spam
|
|
* (used during the registration, pass recovery, posting events) */
|
|
SPAMProtectionApiRateLimiter: (process.env.NODE_ENV !== 'production' ? next : rateLimit({
|
|
windowMs: 5 * 60 * 1000, // 5 minutes
|
|
max: 6, // Limit each IP to 3 requests per `window` (here, per 5 minutes)
|
|
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
|
|
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
|
|
handler: (request, response, next, options) => {
|
|
log.warn(`SPAM protection api rate limiter: 6req/5min/ip ${request.ip}`)
|
|
return response.status(options.statusCode).send(options.message)
|
|
}
|
|
}))
|
|
|
|
}
|
|
|
|
module.exports = instanceApiRateLimiter |