From c8ef193a0382721e70ee872f05935d3173c82ecb Mon Sep 17 00:00:00 2001
From: Ayush <asharma7588@gmail.com>
Date: Thu, 17 Oct 2024 20:51:06 +0530
Subject: [PATCH] added express rate limit

---
 backend/router/authRoute.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/backend/router/authRoute.js b/backend/router/authRoute.js
index 48f66e0e..b87a24c5 100644
--- a/backend/router/authRoute.js
+++ b/backend/router/authRoute.js
@@ -1,6 +1,7 @@
 const express = require("express");
 const authRouter = express.Router();
 const jwtAuth = require("../middleware/jwtAuth.js");
+const rateLimit = require("express-rate-limit");
 
 const {
   signUp,
@@ -8,12 +9,22 @@ const {
   forgotPassword,
   resetPassword,
   getUser,
-  logout
+  logout,
 } = require("../controller/authController.js");
 
+// Create a rate limiter for the /signin route
+const signinLimiter = rateLimit({
+  windowMs: 5 * 60 * 1000, // 5 minutes
+  max: 5, // Limit each IP to 5 requests per windowMs
+  message:
+    "Too many login attempts from this IP, please try again after 5 minutes",
+});
+
+// Apply routes
 authRouter.post("/signup", signUp);
-authRouter.post("/signin", signIn);
 
+// Apply the rate limiter to the signin route
+authRouter.post("/signin", signinLimiter, signIn);
 
 authRouter.get("/user", jwtAuth, getUser);
 authRouter.get("/logout", jwtAuth, logout);