Rate limiting

ScaffoldHub uses https://github.com/nfriedly/express-rate-limit to limit repeated requests to the backend API.

It uses the default Memory Store, but you can easily integrate with other stores for more consistency: https://github.com/nfriedly/express-rate-limit#stores.

Global Rate Limit

The global rate limit is defined at the file: backend/src/api/index.ts .

// Default rate limiter
const defaultRateLimiter = createRateLimiter({
  max: 500,
  windowMs: 15 * 60 * 1000,
  message: 'errors.429',
});
app.use(defaultRateLimiter);

Auth Rate Limits

Sign-in, Sign-up, Password Reset and Email Verification endpoints have a short limit and can be configured at: backend/src/api/auth/index.ts.

  //...

  const emailRateLimiter = createRateLimiter({
    max: 6,
    windowMs: 15 * 60 * 1000,
    message: 'errors.429',
  });

  app.post(
    `/auth/send-email-address-verification-email`,
    emailRateLimiter,
    require('./authSendEmailAddressVerificationEmail')
      .default,
  );

  app.post(
    `/auth/send-password-reset-email`,
    emailRateLimiter,
    require('./authSendPasswordResetEmail').default,
  );

  const signInRateLimiter = createRateLimiter({
    max: 20,
    windowMs: 15 * 60 * 1000,
    message: 'errors.429',
  });

  app.post(
    `/auth/sign-in`,
    signInRateLimiter,
    require('./authSignIn').default,
  );
  
  app.post(
    `/tenant/:tenantId/auth/sign-in`,
    signInRateLimiter,
    require('./authSignIn').default,
  );

  const signUpRateLimiter = createRateLimiter({
    max: 20,
    windowMs: 60 * 60 * 1000,
    message: 'errors.429',
  });

  app.post(
    `/auth/sign-up`,
    signUpRateLimiter,
    require('./authSignUp').default,
  );

  app.post(
    `/tenant/:tenantId/auth/sign-up`,
    signUpRateLimiter,
    require('./authSignUp').default,
  );

  //...
};

PreviousTypescript Support NextTechnologies Versions

Last updated 4 years ago