Merge pull request #69 from crux-bphc/feat/rate-limits

CWSwastik · web-flow · commit 92fc6980c131 · 2025-07-24T12:56:05.000+05:30
Added Global Rate Limits
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -6,6 +6,7 @@
   "scripts": {
     "dev": "npx ts-node-dev src/index.ts",
     "build": "tsc",
+    "prestart": "npx drizzle-kit migrate",
     "start": "node dist/index.js",
     "format": "prettier --write ."
   },
@@ -21,6 +22,7 @@
     "dotenv": "^17.0.0",
     "drizzle-orm": "^0.44.2",
     "express": "^5.1.0",
+    "express-rate-limit": "^8.0.1",
     "express-session": "^1.18.1",
     "ioredis": "^5.6.1",
     "node-cron": "^4.2.1",
diff --git a/backend/src/index.ts b/backend/src/index.ts
@@ -22,6 +22,10 @@ import {
   fetchSubmissions,
   fetchRatingChanges,
 } from "./controllers/codeforces";
+import { rateLimit } from 'express-rate-limit';
+import "./workers/codeforcesWorker";
+
+
 
 dotenv.config();
 const app = express();
@@ -118,6 +122,17 @@ passport.deserializeUser(async (userId: string, done) => {
   }
 });
 
+const limiter = rateLimit({
+	windowMs: 1000,
+	limit: 25,
+	standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
+	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+	ipv6Subnet: 56, // Set to 60 or 64 to be less aggressive, or 52 or 48 to be more aggressive
+	// store: ... , // Redis, Memcached, etc. See below.
+})
+
+app.use(limiter)
+
 app.get("/", (_req, res) => {
   res.send("Backend API is working!");
 });
diff --git a/backend/src/routes/account.ts b/backend/src/routes/account.ts
@@ -16,11 +16,25 @@ import {
   problems,
 } from "../drizzle/schema";
 import { and, eq } from "drizzle-orm";
+import {rateLimit} from "express-rate-limit";
 
 const router = express.Router();
 
 router.use(requireAuth);
 
+const limiter = rateLimit({
+  windowMs: 5000,
+  limit: 1,
+  standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+  ipv6Subnet: 56, // Set to 60 or 64 to be less aggressive, or 52 or 48 to be more aggressive
+  // store: ... , // Redis, Memcached, etc. See below.
+})
+
+//Rate limit these routes to ensure users don't overwhelm the codeforces API
+router.use("/start-verification", limiter)
+router.use("/check-verification", limiter)
+
 router.post(
   "/start-verification",
   validateStartVerificationRequest,
diff --git a/backend/src/workers/codeforcesWorker.ts b/backend/src/workers/codeforcesWorker.ts
@@ -1,7 +1,7 @@
 import { Worker } from "bullmq";
 import { connection } from "../queues/codeforcesQueue";
 import { RatingChange, Submission } from "../types/codeforces";
-import { client, db } from "../drizzle/db";
+import { db } from "../drizzle/db";
 import { problems } from "../drizzle/schema";
 import {
   addCodeforcesProblems,
@@ -31,7 +31,6 @@ async function refreshProblemKeysCache() {
 }
 
 async function init() {
-  await client.connect();
   await refreshProblemKeysCache();
 
   console.log("Connected to postgres");
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -103,26 +103,6 @@ services:
     profiles:
       - "dev"
 
-  cf-worker:
-    build:
-      context: ./
-      dockerfile: ./backend/docker/dev/Dockerfile
-    env_file:
-      - .env
-    environment:
-      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/${POSTGRES_DB}
-      REDIS_URL: redis://redis:6379
-    volumes:
-      - ./backend/src:/usr/local/app/backend/src
-      - ./backend/tsconfig.json:/usr/local/app/backend/tsconfig.json
-    command: npx ts-node src/workers/codeforcesWorker.ts
-    depends_on:
-      - postgres
-      - redis
-    profiles:
-      - "dev"
-      - "prod"
-
 volumes:
   pgdata:
   redisdata:
diff --git a/frontend/src/components/CFHandleModal.tsx b/frontend/src/components/CFHandleModal.tsx
@@ -60,14 +60,18 @@ export default function CFHandleModal({ onSuccess }: CFHandleModalProps) {
           body: JSON.stringify({ handle, contestId, index }),
         }
       );
-      const data = await res.json();
       if (res.ok) {
+        const data = await res.json();
         setVerifiedUser(data.data);
         setSuccess(true);
         setTimeout(() => {
           onSuccess(data.data);
         }, 5000);
-      } else {
+      } else if (res.status === 429) {
+        setError("Please wait 5 secs before trying again.")
+      }
+      else {
+        const data = await res.json();
         setError(data.message);
       }
     } catch (err) {
