ScaffoldHub uses https://github.com/nfriedly/express-rate-limit to limit repeated requests to the backend API.
It uses the default Memory Store, but you can easily integrate with other stores for more consistency: https://github.com/nfriedly/express-rate-limit#stores.
The global rate limit is defined at the file: backend/src/api/index.ts
.
// Default rate limiterconst defaultRateLimiter = createRateLimiter({max: 500,windowMs: 15 * 60 * 1000,message: 'errors.429',});app.use(defaultRateLimiter);
Sign-in, Sign-up, Password Reset and Email Verification endpoints have a short limit and can be configured at: backend/src/api/auth/index.ts
.
//...​const emailRateLimiter = createRateLimiter({max: 6,windowMs: 15 * 60 * 1000,message: 'errors.429',});​app.post(`/auth/send-email-address-verification-email`,emailRateLimiter,require('./authSendEmailAddressVerificationEmail').default,);​app.post(`/auth/send-password-reset-email`,emailRateLimiter,require('./authSendPasswordResetEmail').default,);​const signInRateLimiter = createRateLimiter({max: 20,windowMs: 15 * 60 * 1000,message: 'errors.429',});​app.post(`/auth/sign-in`,signInRateLimiter,require('./authSignIn').default,);app.post(`/tenant/:tenantId/auth/sign-in`,signInRateLimiter,require('./authSignIn').default,);​const signUpRateLimiter = createRateLimiter({max: 20,windowMs: 60 * 60 * 1000,message: 'errors.429',});​app.post(`/auth/sign-up`,signUpRateLimiter,require('./authSignUp').default,);​app.post(`/tenant/:tenantId/auth/sign-up`,signUpRateLimiter,require('./authSignUp').default,);​//...};​
​