From fceaf574a0921fdbb1af842163579f5f265ca776 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B3nalan=20de=20Lima?= <jonalan7@gmail.com>
Date: Wed, 27 Jul 2022 01:28:12 -0300
Subject: [PATCH] feat: Missing rate limiting

---
 package-lock.json | 17 +++++++++++++++++
 package.json      |  1 +
 src/ws/app.ts     |  9 +++++++++
 3 files changed, 27 insertions(+)

diff --git a/package-lock.json b/package-lock.json
index 3a2f586..7960326 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -18,6 +18,7 @@
         "crypto-js": "^4.1.1",
         "ejs": "^3.1.8",
         "express": "^4.18.1",
+        "express-rate-limit": "^6.5.1",
         "futoin-hkdf": "^1.5.1",
         "knex": "^2.1.0",
         "latest-version": "^5.1.0",
@@ -3852,6 +3853,17 @@
         "node": ">= 0.10.0"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "6.5.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.5.1.tgz",
+      "integrity": "sha512-pxO6ioBLd3i8IHL+RmJtL4noYzte5fugoMdaDabtU4hcg53+x0QkTwfPtM7vWD0YUaXQgNj9NRdzmps+CHEHlA==",
+      "engines": {
+        "node": ">= 12.9.0"
+      },
+      "peerDependencies": {
+        "express": "^4 || ^5"
+      }
+    },
     "node_modules/ext": {
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/ext/-/ext-1.6.0.tgz",
@@ -16257,6 +16269,11 @@
         "vary": "~1.1.2"
       }
     },
+    "express-rate-limit": {
+      "version": "6.5.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.5.1.tgz",
+      "integrity": "sha512-pxO6ioBLd3i8IHL+RmJtL4noYzte5fugoMdaDabtU4hcg53+x0QkTwfPtM7vWD0YUaXQgNj9NRdzmps+CHEHlA=="
+    },
     "ext": {
       "version": "1.6.0",
       "resolved": "https://registry.npmjs.org/ext/-/ext-1.6.0.tgz",
diff --git a/package.json b/package.json
index 5b30328..1e4db45 100644
--- a/package.json
+++ b/package.json
@@ -65,6 +65,7 @@
     "crypto-js": "^4.1.1",
     "ejs": "^3.1.8",
     "express": "^4.18.1",
+    "express-rate-limit": "^6.5.1",
     "futoin-hkdf": "^1.5.1",
     "knex": "^2.1.0",
     "latest-version": "^5.1.0",
diff --git a/src/ws/app.ts b/src/ws/app.ts
index 9b17368..6bedc0e 100644
--- a/src/ws/app.ts
+++ b/src/ws/app.ts
@@ -1,6 +1,7 @@
 import express, { Express, Request, Response } from 'express';
 import { options } from './model/interface';
 import cors from 'cors';
+import { rateLimit } from 'express-rate-limit';
 
 export function appExpress(options: options): Express {
   const app = express();
@@ -15,6 +16,14 @@ export function appExpress(options: options): Express {
     })
   );
 
+  const limiter = rateLimit({
+    windowMs: 1*60*1000, // 1 minute
+    max: 5
+  });
+  
+  // apply rate limiter to all requests
+  app.use(limiter);
+  
   const corsOptions: cors.CorsOptions = {
     origin: '*',
   };