Rate limiting
ScaffoldHub uses https://github.com/nfriedly/express-rate-limit to limit repeated requests to the backend API.
It uses the default Memory Store, but you can easily integrate with other stores for more consistency: https://github.com/nfriedly/express-rate-limit#stores.
The global rate limit is defined at the file:
backend/src/api/index.ts .// Default rate limiter
const defaultRateLimiter = createRateLimiter({
max: 500,
windowMs: 15 * 60 * 1000,
message: 'errors.429',
});
app.use(defaultRateLimiter);
Sign-in, Sign-up, Password Reset and Email Verification endpoints have a short limit and can be configured at:
backend/src/api/auth/index.ts. //...
const emailRateLimiter = createRateLimiter({
max: 6,
windowMs: 15 * 60 * 1000,
message: 'errors.429',
});
app.post(
`/auth/send-email-address-verification-email`,
emailRateLimiter,
require('./authSendEmailAddressVerificationEmail')
.default,
);
app.post(
`/auth/send-password-reset-email`,
emailRateLimiter,
require('./authSendPasswordResetEmail').default,
);
const signInRateLimiter = createRateLimiter({
max: 20,
windowMs: 15 * 60 * 1000,
message: 'errors.429',
});
app.post(
`/auth/sign-in`,
signInRateLimiter,
require('./authSignIn').default,
);
app.post(
`/tenant/:tenantId/auth/sign-in`,
signInRateLimiter,
require('./authSignIn').default,
);
const signUpRateLimiter = createRateLimiter({
max: 20,
windowMs: 60 * 60 * 1000,
message: 'errors.429',
});
app.post(
`/auth/sign-up`,
signUpRateLimiter,
require('./authSignUp').default,
);
app.post(
`/tenant/:tenantId/auth/sign-up`,
signUpRateLimiter,
require('./authSignUp').default,
);
//...
};
Last modified 2yr ago