streamflow/backend/middleware/rateLimiter.js

const rateLimit = require('express-rate-limit');

/**
 * Strict rate limiter for authentication endpoints
 * 5 requests per 15 minutes
 */
const authLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 5,
  message: { error: 'Too many authentication attempts, please try again later' },
  standardHeaders: true,
  legacyHeaders: false,
});

/**
 * Moderate rate limiter for data modification endpoints
 * (Create, Update, Delete operations)
 * 30 requests per 15 minutes
 */
const modifyLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 30,
  message: { error: 'Too many modification requests, please slow down' },
  standardHeaders: true,
  legacyHeaders: false,
});

/**
 * Lenient rate limiter for read operations
 * 100 requests per 15 minutes
 */
const readLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100,
  message: { error: 'Too many requests, please slow down' },
  standardHeaders: true,
  legacyHeaders: false,
});

/**
 * Moderate rate limiter for resource-intensive operations
 * (Streaming, backup, file uploads)
 * Increased to 1000/min to support HLS streaming which makes many segment requests
 */
const heavyLimiter = rateLimit({
  windowMs: 60 * 1000, // 1 minute
  max: 1000,
  message: { error: 'Too many resource-intensive requests, please wait' },
  standardHeaders: true,
  legacyHeaders: false,
});

/**
 * Very strict limiter for backup/restore operations
 * 3 requests per hour
 */
const backupLimiter = rateLimit({
  windowMs: 60 * 60 * 1000, // 1 hour
  max: 3,
  message: { error: 'Too many backup operations, please wait before trying again' },
  standardHeaders: true,
  legacyHeaders: false,
});

/**
 * General API rate limiter
 * 200 requests per 15 minutes
 */
const apiLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 200,
  message: { error: 'Too many API requests, please try again later' },
  standardHeaders: true,
  legacyHeaders: false,
});

module.exports = {
  authLimiter,
  modifyLimiter,
  readLimiter,
  heavyLimiter,
  backupLimiter,
  apiLimiter
};
Initial commit: StreamFlow IPTV platform 2025-12-17 00:42:43 +00:00			`const rateLimit = require('express-rate-limit');`

			`/**`
			`* Strict rate limiter for authentication endpoints`
			`* 5 requests per 15 minutes`
			`*/`
			`const authLimiter = rateLimit({`
			`windowMs: 15 * 60 * 1000, // 15 minutes`
			`max: 5,`
			`message: { error: 'Too many authentication attempts, please try again later' },`
			`standardHeaders: true,`
			`legacyHeaders: false,`
			`});`

			`/**`
			`* Moderate rate limiter for data modification endpoints`
			`* (Create, Update, Delete operations)`
			`* 30 requests per 15 minutes`
			`*/`
			`const modifyLimiter = rateLimit({`
			`windowMs: 15 * 60 * 1000, // 15 minutes`
			`max: 30,`
			`message: { error: 'Too many modification requests, please slow down' },`
			`standardHeaders: true,`
			`legacyHeaders: false,`
			`});`

			`/**`
			`* Lenient rate limiter for read operations`
			`* 100 requests per 15 minutes`
			`*/`
			`const readLimiter = rateLimit({`
			`windowMs: 15 * 60 * 1000, // 15 minutes`
			`max: 100,`
			`message: { error: 'Too many requests, please slow down' },`
			`standardHeaders: true,`
			`legacyHeaders: false,`
			`});`

			`/**`
			`* Moderate rate limiter for resource-intensive operations`
			`* (Streaming, backup, file uploads)`
			`* Increased to 1000/min to support HLS streaming which makes many segment requests`
			`*/`
			`const heavyLimiter = rateLimit({`
			`windowMs: 60 * 1000, // 1 minute`
			`max: 1000,`
			`message: { error: 'Too many resource-intensive requests, please wait' },`
			`standardHeaders: true,`
			`legacyHeaders: false,`
			`});`

			`/**`
			`* Very strict limiter for backup/restore operations`
			`* 3 requests per hour`
			`*/`
			`const backupLimiter = rateLimit({`
			`windowMs: 60 * 60 * 1000, // 1 hour`
			`max: 3,`
			`message: { error: 'Too many backup operations, please wait before trying again' },`
			`standardHeaders: true,`
			`legacyHeaders: false,`
			`});`

			`/**`
			`* General API rate limiter`
			`* 200 requests per 15 minutes`
			`*/`
			`const apiLimiter = rateLimit({`
			`windowMs: 15 * 60 * 1000, // 15 minutes`
			`max: 200,`
			`message: { error: 'Too many API requests, please try again later' },`
			`standardHeaders: true,`
			`legacyHeaders: false,`
			`});`

			`module.exports = {`
			`authLimiter,`
			`modifyLimiter,`
			`readLimiter,`
			`heavyLimiter,`
			`backupLimiter,`
			`apiLimiter`
			`};`