From 46aea20bf566421e71af6f34058c2eb152d7c8dd Mon Sep 17 00:00:00 2001
From: Lukian <lulul7018@gmail.com>
Date: Mon, 21 Apr 2025 20:43:14 +0200
Subject: [PATCH] add: added rate limit to the api

---
 back/index.js     | 15 +++++++++++++++
 back/package.json |  2 ++
 2 files changed, 17 insertions(+)

diff --git a/back/index.js b/back/index.js
index 437dc15..8371603 100644
--- a/back/index.js
+++ b/back/index.js
@@ -4,12 +4,27 @@ const path = require("path");
 const config = require("./config");
 const cookieParser = require("cookie-parser");
 const cors = require("cors");
+const rateLimit = require("express-rate-limit");
+const slowDown = require("express-slow-down");
 require("dotenv").config();
 
 const app = express();
 var expressWs = require('express-ws')(app);
 const port = config.port || 3000;
 
+const limiter = rateLimit({
+  windowMs: 3 * 1000,
+  max: 20,
+});
+
+const speedLimiter = slowDown({
+  windowMs: 3 * 1000,
+  delayAfter: 20,
+  delayMs: () => 5000,
+});
+
+app.use(speedLimiter);
+app.use(limiter);
 app.use(express.json());
 app.use(cookieParser());
 app.use(cors());
diff --git a/back/package.json b/back/package.json
index de04f80..087b5cb 100644
--- a/back/package.json
+++ b/back/package.json
@@ -16,6 +16,8 @@
     "cors": "^2.8.5",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
+    "express-rate-limit": "^7.5.0",
+    "express-slow-down": "^2.0.3",
     "express-ws": "^5.0.2",
     "fs": "^0.0.1-security",
     "https": "^1.0.0",