Merge pull request #2 from ZowWeb/security

ZowWeb · web-flow · commit 57d23d54a678 · 2021-11-08T18:55:03.000+05:30
🔒 Add security for request &amp; client limitations
diff --git a/middlewares/rateLimiter.js b/middlewares/rateLimiter.js
@@ -0,0 +1,10 @@
+const rateLimit = require('express-rate-limit')
+
+const rateLimiter = rateLimit({
+  windowMs: 5 * 60 * 1000, // 5 mins in milliseconds
+  max: 4,
+  message: { error429: 'Sorry, you can make only 4 requests every 5 minutes!' },
+  headers: true,
+})
+
+module.exports = rateLimiter
diff --git a/package.json b/package.json
@@ -13,6 +13,7 @@
     "cors": "^2.8.5",
     "dotenv": "^10.0.0",
     "express": "^4.17.1",
+    "express-rate-limit": "^5.5.1",
     "mongoose": "^6.0.5",
     "morgan": "^1.10.0",
     "uuid": "^8.3.2"
diff --git a/server.js b/server.js
@@ -4,17 +4,34 @@ const cors = require('cors')
 const morgan = require('morgan')
 require('dotenv').config()
 
+const rateLimiter = require('./middlewares/rateLimiter')
 const api = require('./routes/api')
 const connectDB = require('./connectDB')
 
 const app = express()
 const PORT = process.env.PORT || 5000
 
-app.use(cors())
-app.use(morgan('dev'))
 app.use(express.json())
 app.use(express.urlencoded({ extended: false }))
 
+// Middlewares
+
+// Logger
+app.use(morgan('dev'))
+
+// CORS
+const corsOptions = {
+  credentials: true,
+  origin: [
+    /wallet.zohaib.in$/,
+    /localhost/,
+  ],
+}
+app.use(cors(corsOptions))
+
+// Rate limiter
+app.use(rateLimiter)
+
 // Use Routes
 if (process.env.NODE_ENV === 'development') {
   // Simulate delay while accessing db on local
