Implementation of rate limiting in express-zod-api

[Firjens]

Heya.

Appreciate the work that has been done on this, I've really been enjoying using it and it has been really stable. However I'm not able to figure out how to hook the express-rate-limit in the Express instance. I have tried the following (this is a code snippet not full code):

import {createConfig, createServer} from "express-zod-api";
import rateLimit from 'express-rate-limit';

export const init = async () => {
    const config = createConfig({
        http: {
            listen: process.env.API_PORT ?? 8090,
        },
       [...]
        logger: logger,
        cors: true,
        compression: { threshold: "1kb" },
    });

    server = await createServer(config, routing);

     const limiter = rateLimit({
        windowMs: 300000,
        limit: 1,
        message: {
            message: 'Too many requests, please try again later.'
        },
        standardHeaders: true,
    });

    server.app.use(cors());
    server.app.use(limiter);
}

Cors is able to be mounted without any issues, however I keep getting the following error for the rate limiter:

TS2769: No overload matches this call.
The last overload gave the following error.
Argument of type RateLimitRequestHandler is not assignable to parameter of type PathParams
index.d.ts(153, 5): The last overload is declared here.

I've checked the documentation and the repository, and there has never been a bug report or an issue related to this. Hope someone can point me to the right direction on how to implement this properly.

Regards.

[RobinTail]

I'm not getting such an error, @Firjens
Consider checking which version of @types/express you have. Mine is 5.

But also, for you I'd recommend to put app.use(limiter) inside the beforeRouting hook in your config.
Otherwise, those rate limiting middlewares won't be executed before endpoint handlers.

Related article: https://ez.robintail.cz/v23.6.1/using-native-express-middlewares

app.use(cors()) is (most likely) not needed — Express Zod API has its own implementation for the routes you declare in routing when cors option is enabled in config.

[Firjens]

Yep. Putting it in beforeRouting fixes the issue. Didn't know that was a function.
Will also remove cors and use the integrated one 👍

Really appreciate your swift and clear response. 😃