monkeytype/backend/middlewares/rate-limit.js

const rateLimit = require("express-rate-limit");

const getAddress = (req) => req.headers["cf-connecting-ip"] || req.headers["x-forwarded-for"] || req.ip || "255.255.255.255";
const message = "Too many requests, please try again later";
const multiplier = process.env.MODE === "dev" ? 100 : 1;

// Config Routing
exports.configUpdate = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 500 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.configGet = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 120 * multiplier,
  message,
  keyGenerator: getAddress
});

// Leaderboards Routing
exports.leaderboardsGet = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

// New Quotes Routing
exports.newQuotesGet = rateLimit({
  windowMs: 60 * 60 * 1000,
  max: 500 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.newQuotesAdd = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.newQuotesAction = rateLimit({
  windowMs: 60 * 60 * 1000,
  max: 500 * multiplier,
  message,
  keyGenerator: getAddress
});

// Quote Ratings Routing
exports.quoteRatingsGet = rateLimit({
  windowMs: 60 * 60 * 1000,
  max: 500 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.quoteRatingsSubmit = rateLimit({
  windowMs: 60 * 60 * 1000,
  max: 500 * multiplier,
  message,
  keyGenerator: getAddress
});

// Presets Routing
exports.presetsGet = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.presetsAdd = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.presetsRemove = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.presetsEdit = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

// PSA (Public Service Announcement) Routing
exports.psaGet = rateLimit({
  windowMs: 60 * 1000,
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

// Results Routing
exports.resultsGet = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.resultsAdd = rateLimit({
  windowMs: 60 * 60 * 1000,
  max: 500 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.resultsTagsUpdate = rateLimit({
  windowMs: 60 * 60 * 1000,
  max: 30 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.resultsDeleteAll = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 10 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.resultsLeaderboardGet = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.resultsLeaderboardQualificationGet = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

// Users Routing
exports.userGet = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 1 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userSignup = rateLimit({
  windowMs: 24 * 60 * 60 * 1000, // 1 day
  max: 3 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userDelete = rateLimit({
  windowMs: 24 * 60 * 60 * 1000, // 1 day
  max: 3 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userCheckName = rateLimit({
  windowMs: 60 * 1000,
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userUpdateName = rateLimit({
  windowMs: 24 * 60 * 60 * 1000, // 1 day
  max: 3 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userUpdateLBMemory = rateLimit({
  windowMs: 60 * 1000,
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userUpdateEmail = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userClearPB = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userTagsGet = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userTagsRemove = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 30 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userTagsClearPB = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 60 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userTagsEdit = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 30 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userTagsAdd = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 30 * multiplier,
  message,
  keyGenerator: getAddress
});

exports.userDiscordLink = exports.usersTagsEdit = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 15 * multiplier,
  message, 
  keyGenerator: getAddress
});

exports.userDiscordUnlink = exports.usersTagsEdit = rateLimit({
  windowMs: 60 * 60 * 1000, // 60 min
  max: 15 * multiplier,
  message,
  keyGenerator: getAddress
});
added api rate limiting 2021-08-28 04:40:38 +08:00			`const rateLimit = require("express-rate-limit");`

fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00			`const getAddress = (req) => req.headers["cf-connecting-ip"] \|\| req.headers["x-forwarded-for"] \|\| req.ip \|\| "255.255.255.255";`
			`const message = "Too many requests, please try again later";`
			`const multiplier = process.env.MODE === "dev" ? 100 : 1;`
increased rate limit on localhost 2021-08-30 00:33:51 +08:00
fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00			`// Config Routing`
			`exports.configUpdate = rateLimit({`
added api rate limiting 2021-08-28 04:40:38 +08:00			`windowMs: 60 * 60 * 1000, // 60 min`
fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00			`max: 500 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
added api rate limiting 2021-08-28 04:40:38 +08:00			`});`

fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00			`exports.configGet = rateLimit({`
increased limit on getting basic user data 2021-11-19 20:49:14 +08:00			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 120 * multiplier,`
fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00			`message,`
			`keyGenerator: getAddress`
			`});`

			`// Leaderboards Routing`
			`exports.leaderboardsGet = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`// New Quotes Routing`
			`exports.newQuotesGet = rateLimit({`
			`windowMs: 60 * 60 * 1000,`
			`max: 500 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.newQuotesAdd = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.newQuotesAction = rateLimit({`
			`windowMs: 60 * 60 * 1000,`
			`max: 500 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`// Quote Ratings Routing`
			`exports.quoteRatingsGet = rateLimit({`
			`windowMs: 60 * 60 * 1000,`
			`max: 500 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.quoteRatingsSubmit = rateLimit({`
			`windowMs: 60 * 60 * 1000,`
			`max: 500 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`// Presets Routing`
			`exports.presetsGet = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.presetsAdd = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.presetsRemove = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.presetsEdit = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`// PSA (Public Service Announcement) Routing`
			`exports.psaGet = rateLimit({`
added api rate limiting 2021-08-28 04:40:38 +08:00			`windowMs: 60 * 1000,`
increased rate limit on localhost 2021-08-30 00:33:51 +08:00			`max: 60 * multiplier,`
fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00			`message,`
			`keyGenerator: getAddress`
added api rate limiting 2021-08-28 04:40:38 +08:00			`});`

fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00			`// Results Routing`
			`exports.resultsGet = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.resultsAdd = rateLimit({`
added api rate limiting 2021-08-28 04:40:38 +08:00			`windowMs: 60 * 60 * 1000,`
increased rate limit on localhost 2021-08-30 00:33:51 +08:00			`max: 500 * multiplier,`
fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.resultsTagsUpdate = rateLimit({`
			`windowMs: 60 * 60 * 1000,`
			`max: 30 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.resultsDeleteAll = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 10 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
added api rate limiting 2021-08-28 04:40:38 +08:00			`});`
fix: endpoints share the same rate limit (#2136) by CameronCT * fix: cleaned rate limiter * chore: separated ratelimits per request * fix: bug where leaderboards would crash 2021-11-30 08:49:05 +08:00
			`exports.resultsLeaderboardGet = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.resultsLeaderboardQualificationGet = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`// Users Routing`
			`exports.userGet = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 1 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userSignup = rateLimit({`
			`windowMs: 24 * 60 * 60 * 1000, // 1 day`
			`max: 3 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userDelete = rateLimit({`
			`windowMs: 24 * 60 * 60 * 1000, // 1 day`
			`max: 3 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userCheckName = rateLimit({`
			`windowMs: 60 * 1000,`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userUpdateName = rateLimit({`
			`windowMs: 24 * 60 * 60 * 1000, // 1 day`
			`max: 3 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userUpdateLBMemory = rateLimit({`
			`windowMs: 60 * 1000,`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userUpdateEmail = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userClearPB = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userTagsGet = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userTagsRemove = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 30 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userTagsClearPB = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 60 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userTagsEdit = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 30 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userTagsAdd = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 30 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userDiscordLink = exports.usersTagsEdit = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 15 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`

			`exports.userDiscordUnlink = exports.usersTagsEdit = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 60 min`
			`max: 15 * multiplier,`
			`message,`
			`keyGenerator: getAddress`
			`});`