Torben Sorensen
d6c7452256
Some checks failed
Deploy to Test Environment / deploy-to-test (push) Failing after 41s
147 lines
4.3 KiB
TypeScript
147 lines
4.3 KiB
TypeScript
// src/config/rateLimiters.ts
|
|
import rateLimit from 'express-rate-limit';
|
|
import { shouldSkipRateLimit } from '../utils/rateLimit';
|
|
|
|
const standardConfig = {
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
skip: shouldSkipRateLimit,
|
|
};
|
|
|
|
// --- AUTHENTICATION ---
|
|
export const loginLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 5,
|
|
message: 'Too many login attempts from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
export const registerLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 60 * 60 * 1000, // 1 hour
|
|
max: 5,
|
|
message: 'Too many accounts created from this IP, please try again after an hour.',
|
|
});
|
|
|
|
export const forgotPasswordLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 5,
|
|
message: 'Too many password reset requests from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
export const resetPasswordLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 10,
|
|
message: 'Too many password reset attempts from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
export const refreshTokenLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 20,
|
|
message: 'Too many token refresh attempts from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
export const logoutLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 10,
|
|
message: 'Too many logout attempts from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
// --- GENERAL PUBLIC & USER ---
|
|
export const publicReadLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 100,
|
|
message: 'Too many requests from this IP, please try again later.',
|
|
});
|
|
|
|
export const userReadLimiter = publicReadLimiter; // Alias for consistency
|
|
|
|
export const userUpdateLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 100,
|
|
message: 'Too many update requests from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
export const reactionToggleLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 150,
|
|
message: 'Too many reaction requests from this IP, please try again later.',
|
|
});
|
|
|
|
export const trackingLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 200,
|
|
message: 'Too many tracking requests from this IP, please try again later.',
|
|
});
|
|
|
|
// --- SENSITIVE / COSTLY ---
|
|
export const userSensitiveUpdateLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 60 * 60 * 1000, // 1 hour
|
|
max: 5,
|
|
message: 'Too many sensitive requests from this IP, please try again after an hour.',
|
|
});
|
|
|
|
export const adminTriggerLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 30,
|
|
message: 'Too many administrative triggers from this IP, please try again later.',
|
|
});
|
|
|
|
export const aiGenerationLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 20,
|
|
message: 'Too many AI generation requests from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
export const suggestionLimiter = aiGenerationLimiter; // Alias
|
|
|
|
export const geocodeLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 60 * 60 * 1000, // 1 hour
|
|
max: 100,
|
|
message: 'Too many geocoding requests from this IP, please try again later.',
|
|
});
|
|
|
|
export const priceHistoryLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 50,
|
|
message: 'Too many price history requests from this IP, please try again later.',
|
|
});
|
|
|
|
// --- UPLOADS / BATCH ---
|
|
export const adminUploadLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 20,
|
|
message: 'Too many file uploads from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
export const userUploadLimiter = adminUploadLimiter; // Alias
|
|
|
|
export const aiUploadLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 10,
|
|
message: 'Too many file uploads from this IP, please try again after 15 minutes.',
|
|
});
|
|
|
|
export const batchLimiter = rateLimit({
|
|
...standardConfig,
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 50,
|
|
message: 'Too many batch requests from this IP, please try again later.',
|
|
});
|
|
|
|
export const budgetUpdateLimiter = batchLimiter; // Alias
|