ScaffoldHub - v2
  • Introduction
  • Modeling
    • Two-way Relationships
  • Setup
    • Backend
    • Frontend
    • File Storage
    • Emails with SendGrid
    • Payments with Stripe
  • Debugging
  • Deployment
    • Database
      • SQL
      • MongoDB
    • Backend
      • Google Cloud - App Engine
      • Google Cloud - Run
      • Under construction...
    • Frontend
      • Firebase Hosting
      • Heroku w/ Subdomains
      • Under construction...
  • Features
    • Projects
    • Preview
    • Tenants
      • Single-Tenant
      • Multi-Tenant
      • Multi-Tenant (w/ subdomains)
    • Payments
    • Security
    • Authentication
      • Sign-in and Sign-up
      • Invitation
      • Password Reset
      • Password Change
      • Email Verification
    • Audit Logs
    • Settings
    • Internationalization (I18n)
    • Entity
      • Form
      • Filter and List
      • Export
      • Import
    • API Documentation
  • Architecture
    • Security
    • File Storage
    • Internationalization (I18n)
    • Payments
    • Typescript Support
    • Rate limiting
    • Technologies Versions
    • Under construction...
  • Recipes
    • Testing the API with Postman
    • Enterprise sign-in with WorkOS
    • Under construction...
  • Support
  • Changelog
    • Documentation
    • Scaffolds
  • Custom Development
  • Legacy Scaffolds
  • Go to ScaffoldHub
Powered by GitBook
On this page
  • Global Rate Limit
  • Auth Rate Limits

Was this helpful?

  1. Architecture

Rate limiting

PreviousTypescript SupportNextTechnologies Versions

Last updated 4 years ago

Was this helpful?

ScaffoldHub uses to limit repeated requests to the backend API.

It uses the default Memory Store, but you can easily integrate with other stores for more consistency: .

Global Rate Limit

The global rate limit is defined at the file: backend/src/api/index.ts .

// Default rate limiter
const defaultRateLimiter = createRateLimiter({
  max: 500,
  windowMs: 15 * 60 * 1000,
  message: 'errors.429',
});
app.use(defaultRateLimiter);

Auth Rate Limits

Sign-in, Sign-up, Password Reset and Email Verification endpoints have a short limit and can be configured at: backend/src/api/auth/index.ts.

  //...

  const emailRateLimiter = createRateLimiter({
    max: 6,
    windowMs: 15 * 60 * 1000,
    message: 'errors.429',
  });

  app.post(
    `/auth/send-email-address-verification-email`,
    emailRateLimiter,
    require('./authSendEmailAddressVerificationEmail')
      .default,
  );

  app.post(
    `/auth/send-password-reset-email`,
    emailRateLimiter,
    require('./authSendPasswordResetEmail').default,
  );

  const signInRateLimiter = createRateLimiter({
    max: 20,
    windowMs: 15 * 60 * 1000,
    message: 'errors.429',
  });

  app.post(
    `/auth/sign-in`,
    signInRateLimiter,
    require('./authSignIn').default,
  );
  
  app.post(
    `/tenant/:tenantId/auth/sign-in`,
    signInRateLimiter,
    require('./authSignIn').default,
  );

  const signUpRateLimiter = createRateLimiter({
    max: 20,
    windowMs: 60 * 60 * 1000,
    message: 'errors.429',
  });

  app.post(
    `/auth/sign-up`,
    signUpRateLimiter,
    require('./authSignUp').default,
  );

  app.post(
    `/tenant/:tenantId/auth/sign-up`,
    signUpRateLimiter,
    require('./authSignUp').default,
  );

  //...
};

https://github.com/nfriedly/express-rate-limit
https://github.com/nfriedly/express-rate-limit#stores