Set rate-limiting for db

NethermindEth · Dec 6, 2024 · 2e234c8 · 2e234c8
1 parent e783b85
commit 2e234c8
Show file tree

Hide file tree

Showing 3 changed files with 892 additions and 4 deletions.
diff --git a/dashboard/src/server/index.js b/dashboard/src/server/index.js
@@ -3,10 +3,24 @@ import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
 import pg from 'pg';
 import dotenv from 'dotenv';
+import rateLimit from 'express-rate-limit';
 
 // Load environment variables from .env file
 dotenv.config();
 
+// Create rate limiters
+const apiLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // Limit each IP to 100 requests per windowMs
+  message: 'Too many requests from this IP, please try again later.'
+});
+
+const eventsLimiter = rateLimit({
+  windowMs: 1 * 60 * 1000, // 1 minute
+  max: 30, // Limit each IP to 30 requests per windowMs
+  message: 'Too many connection attempts, please try again later.'
+});
+
 const { Pool } = pg;
 
 const __filename = fileURLToPath(import.meta.url);
@@ -89,8 +103,8 @@ app.use((req, res, next) => {
   next();
 });
 
-// Modified SSE endpoint
-app.get('/events', async (req, res) => {
+// Modified SSE endpoint with rate limiting
+app.get('/events', eventsLimiter, async (req, res) => {
   res.setHeader('Content-Type', 'text/event-stream');
   res.setHeader('Cache-Control', 'no-cache');
   res.setHeader('Connection', 'keep-alive');
@@ -118,8 +132,8 @@ function broadcastUpdate(data) {
   });
 }
 
-// Modified update endpoint
-app.post('/update', async (req, res) => {
+// Modified update endpoint with rate limiting
+app.post('/update', apiLimiter, async (req, res) => {
   const update = req.body;
 
   try {