jakob/PairDrop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ensure correct client ip is used for rate limiting as described on the GitHub repo of 'express-rate-limit'

Browse source
This commit is contained in:
schlagmichdoch 2023-02-14 21:51:42 +01:00
parent 58a32d43b3
commit 49e7281092
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
index.js
View file

@ -58,13 +58,16 @@ const app = express();
if (process.argv.includes('--rate-limit')) { if (process.argv.includes('--rate-limit')) {
const limiter = RateLimit({ const limiter = RateLimit({
windowMs: 5 * 60 * 1000, // 5 minutes windowMs: 5 * 60 * 1000, // 5 minutes
max: 1000, // Limit each IP to 100 requests per `window` (here, per 5 minutes) max: 1000, // Limit each IP to 1000 requests per `window` (here, per 5 minutes)
message: 'Too many requests from this IP Address, please try again after 5 minutes.', message: 'Too many requests from this IP Address, please try again after 5 minutes.',
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers legacyHeaders: false, // Disable the `X-RateLimit-*` headers
}) })
app.use(limiter); app.use(limiter);
// ensure correct client ip and not the ip of the reverse proxy is used for rate limiting on render.com
// see https://github.com/express-rate-limit/express-rate-limit#troubleshooting-proxy-issues
app.set('trust proxy', 5);
} }
if (process.argv.includes('--include-ws-fallback')) { if (process.argv.includes('--include-ws-fallback')) {