feat: rate limiter

package.json

@@ -32,6 +32,7 @@
     "body-parser": "^1.20.2",
     "cors": "^2.8.5",
     "express": "^4.18.2",
+    "express-rate-limit": "^6.11.0",
     "express-session": "^1.17.3",
     "helmet": "^7.0.0",
     "prisma": "^5.1.1",

src/server/server.ts

@@ -1,6 +1,7 @@
 import * as bodyParser from 'body-parser';
 import cors from 'cors';
 import express, { Request, Response } from 'express';
+import { rateLimit } from 'express-rate-limit';
 import session from 'express-session';
 import helmet from 'helmet';
 import { z } from 'zod';
@@ -8,6 +9,13 @@ import { fromZodError } from 'zod-validation-error';
 import { addition } from '../utils/addition';
 import { logger } from '../utils/logger';
 
+const limiter = rateLimit({
+  windowMs: 10 * 60 * 1000,
+  max: 50,
+  standardHeaders: 'draft-7',
+  legacyHeaders: false
+});
+
 const server = express();
 server.use(cors());
 server.use(helmet());
@@ -19,6 +27,7 @@ server.use(
     name: 'sessionId'
   })
 );
+server.use(limiter);
 server.use(express.json());
 server.use(bodyParser.json());
 

yarn.lock

@@ -2295,6 +2295,11 @@ expect@^29.0.0, expect@^29.6.1:
     jest-message-util "^29.6.1"
     jest-util "^29.6.1"
 
+express-rate-limit@^6.11.0:
+  version "6.11.0"
+  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-6.11.0.tgz#bbb474c9765e5027ac92683a494e06162ea7c542"
+  integrity sha512-H9afltGTaEZcvenAB5LFgb/ysTMHUzMxoB3TJM6UHP5FtAP1p2+heMj1xwTei54Zm4I9I/2qsS5m+XrdKQp/Hw==
+
 express-session@^1.17.3:
   version "1.17.3"
   resolved "https://registry.yarnpkg.com/express-session/-/express-session-1.17.3.tgz#14b997a15ed43e5949cb1d073725675dd2777f36"