- adds rate-limiting

- adds type definitions for easier exploration

Author: baywet

app.js

@@ -2,12 +2,18 @@ import express from 'express';
 import path from 'path';
 import logger from 'morgan';
 import bodyParser from 'body-parser';
+import RateLimit from 'express-rate-limit';
 
 import { authRouter } from './routes/auth';
 import { listenRouter } from './routes/listen';
 
 export const app = express();
 
+const limiter = new RateLimit({
+  windowMs: 2 * 60 * 1000, // 2 minutes
+  max: 2400, // 20 rps, these values should be adjusted for production use depending on your infrastructure and the volume of notifications you expect
+});
+
 const env = process.env.NODE_ENV || 'development';
 app.locals.ENV = env;
 app.locals.ENV_DEVELOPMENT = (env === 'development');
@@ -24,6 +30,7 @@ app.use(express.static(path.join(__dirname, 'public')));
 
 app.use('/', authRouter);
 app.use('/listen', listenRouter);
+app.use(limiter);
 
 // catch 404 and forward to error handler
 app.use((req, res, next) => {

package-lock.json

@@ -14,6 +14,7 @@
     "body-parser": "^1.19.0",
     "escape-html": "^1.0.3",
     "express": "^4.17.1",
+    "express-rate-limit": "^5.1.3",
     "isomorphic-fetch": "^2.2.1",
     "jsonwebtoken": "^8.5.1",
     "jwks-rsa": "^1.8.0",
@@ -28,8 +29,16 @@
     "@babel/core": "^7.10.2",
     "@babel/node": "^7.10.1",
     "@babel/preset-env": "^7.10.2",
+    "@types/body-parser": "^1.19.0",
     "@types/escape-html": "^1.0.0",
+    "@types/express": "^4.17.6",
+    "@types/express-rate-limit": "^5.0.0",
     "@types/jsonwebtoken": "^8.5.0",
+    "@types/morgan": "^1.9.1",
+    "@types/pem": "^1.9.5",
+    "@types/pug": "^2.0.4",
+    "@types/socket.io": "^2.1.8",
+    "@types/sqlite3": "^3.1.6",
     "babel-eslint": "^10.1.0",
     "eslint": "^7.2.0",
     "eslint-config-airbnb": "^18.1.0",