feat: added global rate limiting

Author: aten2005

backend/package-lock.json

@@ -6,6 +6,7 @@
   "scripts": {
     "dev": "npx ts-node-dev src/index.ts",
     "build": "tsc",
+    "prestart": "npx drizzle-kit migrate",
     "start": "node dist/index.js",
     "format": "prettier --write ."
   },
@@ -21,6 +22,7 @@
     "dotenv": "^17.0.0",
     "drizzle-orm": "^0.44.2",
     "express": "^5.1.0",
+    "express-rate-limit": "^8.0.1",
     "express-session": "^1.18.1",
     "ioredis": "^5.6.1",
     "node-cron": "^4.2.1",

backend/package.json

@@ -22,9 +22,11 @@ import {
   fetchSubmissions,
   fetchRatingChanges,
 } from "./controllers/codeforces";
+import { rateLimit } from 'express-rate-limit';
 import "./workers/codeforcesWorker";
 
 
+
 dotenv.config();
 const app = express();
 
@@ -120,6 +122,17 @@ passport.deserializeUser(async (userId: string, done) => {
   }
 });
 
+const limiter = rateLimit({
+	windowMs: 1000,
+	limit: 25,
+	standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
+	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+	ipv6Subnet: 56, // Set to 60 or 64 to be less aggressive, or 52 or 48 to be more aggressive
+	// store: ... , // Redis, Memcached, etc. See below.
+})
+
+app.use(limiter)
+
 app.get("/", (_req, res) => {
   res.send("Backend API is working!");
 });

backend/src/index.ts

@@ -16,11 +16,25 @@ import {
   problems,
 } from "../drizzle/schema";
 import { and, eq } from "drizzle-orm";
+import {rateLimit} from "express-rate-limit";
 
 const router = express.Router();
 
 router.use(requireAuth);
 
+const limiter = rateLimit({
+  windowMs: 5000,
+  limit: 1,
+  standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+  ipv6Subnet: 56, // Set to 60 or 64 to be less aggressive, or 52 or 48 to be more aggressive
+  // store: ... , // Redis, Memcached, etc. See below.
+})
+
+//Rate limit these routes to ensure users don't overwhelm the codeforces API
+router.use("/start-verification", limiter)
+router.use("/check-verification", limiter)
+
 router.post(
   "/start-verification",
   validateStartVerificationRequest,

backend/src/routes/account.ts

@@ -1,7 +1,7 @@
 import { Worker } from "bullmq";
 import { connection } from "../queues/codeforcesQueue";
 import { RatingChange, Submission } from "../types/codeforces";
-import { client, db } from "../drizzle/db";
+import { db } from "../drizzle/db";
 import { problems } from "../drizzle/schema";
 import {
   addCodeforcesProblems,
@@ -31,7 +31,6 @@ async function refreshProblemKeysCache() {
 }
 
 async function init() {
-  await client.connect();
   await refreshProblemKeysCache();
 
   console.log("Connected to postgres");

backend/src/workers/codeforcesWorker.ts

@@ -60,14 +60,18 @@ export default function CFHandleModal({ onSuccess }: CFHandleModalProps) {
           body: JSON.stringify({ handle, contestId, index }),
         }
       );
-      const data = await res.json();
       if (res.ok) {
+        const data = await res.json();
         setVerifiedUser(data.data);
         setSuccess(true);
         setTimeout(() => {
           onSuccess(data.data);
         }, 5000);
-      } else {
+      } else if (res.status === 429) {
+        setError("Please wait 5 secs before trying again.")
+      }
+      else {
+        const data = await res.json();
         setError(data.message);
       }
     } catch (err) {