rate limit

fediblock-mapping.json

@@ -2033,6 +2033,7 @@
         }
     },
     "settings": {
+        "index.mapping.total_fields.limit": 10000,
         "analysis": {
             "analyzer": {
                 "default": {

package.json

@@ -5,7 +5,7 @@
   "author": "ale",
   "repository": {
     "type": "git",
-    "url": "https://gitlab.com/manalejandro/fediblock-instance"
+    "url": "https://git.manalejandro.com/ale/fediblock-instance"
   },
   "license": "MIT",
   "scripts": {
@@ -19,6 +19,7 @@
     "activitypub-express": "^4.4.2",
     "dayjs": "^1.11.13",
     "express": "^4.21.1",
+    "express-rate-limit": "^7.4.1",
     "html2canvas": "^1.4.1",
     "mongodb": "^4.17.2",
     "morgan": "^1.10.0",

server.js

@@ -10,6 +10,7 @@ const apexinstance = require('./lib/apex'),
     constant = require('./lib/constant'),
     http = require('http'),
     express = require('express'),
+    rateLimit = require("express-rate-limit"),
     app = express(),
     events = require('events'),
     { generateKeyPairSync } = require('crypto'),
@@ -129,6 +130,15 @@ app.disable('x-powered-by')
 app.set('json spaces', 2)
 app.set('trust proxy', true)
 logger(app)
+app.use(rateLimit({
+    windowMs: 5 * 60 * 1000, // 5 minutes
+    limit: 10, // each IP can make up to 10 requests per `windowsMs` (5 minutes)
+    standardHeaders: true, // add the `RateLimit-*` headers to the response
+    legacyHeaders: false,
+    delayAfter: 10, // allow 10 requests per `windowMs` (5 minutes) without slowing them down
+    delayMs: (hits) => hits * 200, // add 200 ms of delay to every request after the 10th
+    maxDelayMs: 5000
+}))
 app.use(
     express.json({ type: apex.consts.jsonldTypes }),
     express.urlencoded({ extended: true }),