From 83c1e8adf56ad6528fcf39c57980a7aca8fd14ac Mon Sep 17 00:00:00 2001
From: Miodec <bartnikjack@gmail.com>
Date: Sun, 6 Mar 2022 18:33:20 +0100
Subject: [PATCH] added rate limiting for ape key endpoints

---
 backend/middlewares/ape-rate-limit.ts | 31 +++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 backend/middlewares/ape-rate-limit.ts

diff --git a/backend/middlewares/ape-rate-limit.ts b/backend/middlewares/ape-rate-limit.ts
new file mode 100644
index 000000000..582cf3c5b
--- /dev/null
+++ b/backend/middlewares/ape-rate-limit.ts
@@ -0,0 +1,31 @@
+import { Response, NextFunction } from "express";
+import rateLimit, { Options } from "express-rate-limit";
+import MonkeyError from "../utils/error";
+
+const REQUEST_MULTIPLIER = process.env.MODE === "dev" ? 100 : 1;
+
+const getKey = (req: MonkeyTypes.Request, _res: Response): string => {
+  return req?.ctx?.decodedToken?.uid;
+};
+
+const customHandler = (
+  _req: MonkeyTypes.Request,
+  _res: Response,
+  _next: NextFunction,
+  _options: Options
+): void => {
+  throw new MonkeyError(429, "Too many attempts, please try again later.");
+};
+
+const ONE_MINUTE = 1000 * 60;
+
+export default rateLimit({
+  windowMs: ONE_MINUTE,
+  max: 30 * REQUEST_MULTIPLIER,
+  keyGenerator: getKey,
+  handler: customHandler,
+  skip: (req: MonkeyTypes.Request, _res) => {
+    const decodedToken = req?.ctx?.decodedToken;
+    return decodedToken?.type !== "ApeKey";
+  },
+});