From db1f3de4903492d7e43a3fb14d31229917e055cc Mon Sep 17 00:00:00 2001 From: ale Date: Wed, 6 Nov 2024 01:21:38 +0100 Subject: [PATCH] rate limit --- fediblock-mapping.json | 1 + package.json | 3 ++- server.js | 10 ++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/fediblock-mapping.json b/fediblock-mapping.json index c3e24bd..322d815 100644 --- a/fediblock-mapping.json +++ b/fediblock-mapping.json @@ -2033,6 +2033,7 @@ } }, "settings": { + "index.mapping.total_fields.limit": 10000, "analysis": { "analyzer": { "default": { diff --git a/package.json b/package.json index 4bbc503..95cb94c 100644 --- a/package.json +++ b/package.json @@ -5,7 +5,7 @@ "author": "ale", "repository": { "type": "git", - "url": "https://gitlab.com/manalejandro/fediblock-instance" + "url": "https://git.manalejandro.com/ale/fediblock-instance" }, "license": "MIT", "scripts": { @@ -19,6 +19,7 @@ "activitypub-express": "^4.4.2", "dayjs": "^1.11.13", "express": "^4.21.1", + "express-rate-limit": "^7.4.1", "html2canvas": "^1.4.1", "mongodb": "^4.17.2", "morgan": "^1.10.0", diff --git a/server.js b/server.js index e95a04f..6eeaa49 100644 --- a/server.js +++ b/server.js @@ -10,6 +10,7 @@ const apexinstance = require('./lib/apex'), constant = require('./lib/constant'), http = require('http'), express = require('express'), + rateLimit = require("express-rate-limit"), app = express(), events = require('events'), { generateKeyPairSync } = require('crypto'), @@ -129,6 +130,15 @@ app.disable('x-powered-by') app.set('json spaces', 2) app.set('trust proxy', true) logger(app) +app.use(rateLimit({ + windowMs: 5 * 60 * 1000, // 5 minutes + limit: 10, // each IP can make up to 10 requests per `windowsMs` (5 minutes) + standardHeaders: true, // add the `RateLimit-*` headers to the response + legacyHeaders: false, + delayAfter: 10, // allow 10 requests per `windowMs` (5 minutes) without slowing them down + delayMs: (hits) => hits * 200, // add 200 ms of delay to every request after the 10th + maxDelayMs: 5000 +})) app.use( express.json({ type: apex.consts.jsonldTypes }), express.urlencoded({ extended: true }),