Merge pull request #533 from AyushSharma72/rate

added express rate limit
swaraj-das · Oct 18, 2024 · ad6feb6 · ad6feb6
2 parents ea8fd2d + c8ef193
commit ad6feb6
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/backend/router/authRoute.js b/backend/router/authRoute.js
@@ -1,19 +1,30 @@
 const express = require("express");
 const authRouter = express.Router();
 const jwtAuth = require("../middleware/jwtAuth.js");
+const rateLimit = require("express-rate-limit");
 
 const {
   signUp,
   signIn,
   forgotPassword,
   resetPassword,
   getUser,
-  logout
+  logout,
 } = require("../controller/authController.js");
 
+// Create a rate limiter for the /signin route
+const signinLimiter = rateLimit({
+  windowMs: 5 * 60 * 1000, // 5 minutes
+  max: 5, // Limit each IP to 5 requests per windowMs
+  message:
+    "Too many login attempts from this IP, please try again after 5 minutes",
+});
+
+// Apply routes
 authRouter.post("/signup", signUp);
-authRouter.post("/signin", signIn);
 
+// Apply the rate limiter to the signin route
+authRouter.post("/signin", signinLimiter, signIn);
 
 authRouter.get("/user", jwtAuth, getUser);
 authRouter.get("/logout", jwtAuth, logout);