Refactor package dependencies and add rate limiting to server.js

ArtyLLaMa · Sep 8, 2024 · f2bd961 · f2bd961
1 parent 9952303
commit f2bd961
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 0 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -16,6 +16,7 @@
     "dompurify": "^3.1.6",
     "dotenv": "^16.4.5",
     "express": "^4.19.2",
+    "express-rate-limit": "^7.4.0",
     "lucide-react": "^0.439.0",
     "mermaid": "^11.1.1",
     "openai": "^4.58.1",

diff --git a/server.js b/server.js
@@ -10,6 +10,7 @@ const { exec } = require("child_process");
 const path = require("path");
 const swaggerUi = require("swagger-ui-express");
 const swaggerJsdoc = require("swagger-jsdoc");
+const rateLimit = require('express-rate-limit');
 
 const USER_PREFERENCES_FILE = path.join(__dirname, "user_preferences.json");
 
@@ -126,6 +127,19 @@ async function initializeApiClients() {
   }
 
   const app = express();
+  app.set('trust proxy', 1); // Adjust this based on your environment
+
+  const apiLimiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+    standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+    legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+    skipFailedRequests: true, // Skip limiting if request fails
+    keyGenerator: (req, res) => req.ip, // Use the request IP as key
+  });
+
+  app.use(apiLimiter);
+
   app.use(express.json());
 
   const artifactManager = new ArtifactManager();