Cherry-Picked rate limits

This commit consists of one `npm i` action and three commits from  the `rate-limiting` branch. May be reverted if issues arise.

Use both slow down and rate limits

Should further prevent API abuse

Fixed small delay bug

Hits are now correctly counted

Basic rate limiting implented

Exact values need tweaking, but the functionality is there. Possibly might implement route specific limits.

Author: Nailington

api/maple.js

@@ -1,5 +1,6 @@
 const express = require('express');
 const rateLimit = require("express-rate-limit");
+const slowDown = require("express-slow-down");
 const cors = require('cors');
 const login = require('./auth/login');
 const getPath = require('./get/get.js');
@@ -53,10 +54,20 @@ var options = {
 	}
 };
 
-/* const limiter = rateLimit({
+const slower = slowDown({
 	windowMs: 2 * 60 * 1000,
-	max: 20,
-}); */
+	delayAfter: 5,
+	delayMs: (hits) => {
+		if (hits <= 15) return hits * 100;
+		return (hits - 15) * 1000 + 2000;
+	},
+	maxDelayMs: 15000,
+});
+
+const limiter = rateLimit({
+	windowMs: 2 * 60 * 1000,
+	limit: 35,
+})
 
 try {
 
@@ -84,8 +95,9 @@ try {
 	console.log('[7] Setting up routes...');
 	const friends = require('./user/friends.js');
 
-	/* app.use(limiter);
-	 */
+	app.use(limiter);
+	app.use(slower);
+	
 	app.use(cors(corsOptions));
 
 	app.get('/', (req, res) => {

api/package-lock.json

@@ -26,6 +26,7 @@
 		"dotenv": "^16.4.7",
 		"express": "^4.21.2",
 		"express-rate-limit": "^7.5.0",
+		"express-slow-down": "^3.0.1",
 		"express-validator": "^7.3.1",
 		"jsonwebtoken": "^9.0.2",
 		"multer": "^2.0.2",