ScaffoldHub
Search…
Rate limiting
ScaffoldHub uses https://github.com/nfriedly/express-rate-limit to limit repeated requests to the backend API.
It uses the default Memory Store, but you can easily integrate with other stores for more consistency: https://github.com/nfriedly/express-rate-limit#stores.
Global Rate Limit
The global rate limit is defined at the file:
backend/src/api/index.ts .1
// Default rate limiter
2
const defaultRateLimiter = createRateLimiter({
3
max: 500,
4
windowMs: 15 * 60 * 1000,
5
message: 'errors.429',
6
});
7
app.use(defaultRateLimiter);
Copied!
Auth Rate Limits
Sign-in, Sign-up, Password Reset and Email Verification endpoints have a short limit and can be configured at:
backend/src/api/auth/index.ts.1
//...
2
​
3
const emailRateLimiter = createRateLimiter({
4
max: 6,
5
windowMs: 15 * 60 * 1000,
6
message: 'errors.429',
7
});
8
​
9
app.post(
10
`/auth/send-email-address-verification-email`,
11
emailRateLimiter,
12
require('./authSendEmailAddressVerificationEmail')
13
.default,
14
);
15
​
16
app.post(
17
`/auth/send-password-reset-email`,
18
emailRateLimiter,
19
require('./authSendPasswordResetEmail').default,
20
);
21
​
22
const signInRateLimiter = createRateLimiter({
23
max: 20,
24
windowMs: 15 * 60 * 1000,
25
message: 'errors.429',
26
});
27
​
28
app.post(
29
`/auth/sign-in`,
30
signInRateLimiter,
31
require('./authSignIn').default,
32
);
33
34
app.post(
35
`/tenant/:tenantId/auth/sign-in`,
36
signInRateLimiter,
37
require('./authSignIn').default,
38
);
39
​
40
const signUpRateLimiter = createRateLimiter({
41
max: 20,
42
windowMs: 60 * 60 * 1000,
43
message: 'errors.429',
44
});
45
​
46
app.post(
47
`/auth/sign-up`,
48
signUpRateLimiter,
49
require('./authSignUp').default,
50
);
51
​
52
app.post(
53
`/tenant/:tenantId/auth/sign-up`,
54
signUpRateLimiter,
55
require('./authSignUp').default,
56
);
57
​
58
//...
59
};
60
​
Copied!
​
Last modified 1yr ago
Copy link