Rate limiting

ScaffoldHub uses https://github.com/nfriedly/express-rate-limit to limit repeated requests to the backend API.
It uses the default Memory Store, but you can easily integrate with other stores for more consistency: https://github.com/nfriedly/express-rate-limit#stores.
Global Rate Limit
The global rate limit is defined at the file: backend/src/api/index.ts .
// Default rate limiter
const defaultRateLimiter = createRateLimiter({
  max: 500,
  windowMs: 15 * 60 * 1000,
  message: 'errors.429',
});
app.use(defaultRateLimiter);
Auth Rate Limits
Sign-in, Sign-up, Password Reset and Email Verification endpoints have a short limit and can be configured at: backend/src/api/auth/index.ts.
  //...
​
  const emailRateLimiter = createRateLimiter({
    max: 6,
    windowMs: 15 * 60 * 1000,
    message: 'errors.429',
  });
​
  app.post(
    `/auth/send-email-address-verification-email`,
    emailRateLimiter,
    require('./authSendEmailAddressVerificationEmail')
      .default,
  );
​
  app.post(
    `/auth/send-password-reset-email`,
    emailRateLimiter,
    require('./authSendPasswordResetEmail').default,
  );
​
  const signInRateLimiter = createRateLimiter({
    max: 20,
    windowMs: 15 * 60 * 1000,
    message: 'errors.429',
  });
​
  app.post(
    `/auth/sign-in`,
    signInRateLimiter,
    require('./authSignIn').default,
  );
  
  app.post(
    `/tenant/:tenantId/auth/sign-in`,
    signInRateLimiter,
    require('./authSignIn').default,
  );
​
  const signUpRateLimiter = createRateLimiter({
    max: 20,
    windowMs: 60 * 60 * 1000,
    message: 'errors.429',
  });
​
  app.post(
    `/auth/sign-up`,
    signUpRateLimiter,
    require('./authSignUp').default,
  );
​
  app.post(
    `/tenant/:tenantId/auth/sign-up`,
    signUpRateLimiter,
    require('./authSignUp').default,
  );
​
  //...
};
​
​
Typescript Support
Technologies Versions
Last updated 2 months ago