const rateLimit = require('express-rate-limit'); /** * Strict rate limiter for authentication endpoints * 5 requests per 15 minutes */ const authLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 5, message: { error: 'Too many authentication attempts, please try again later' }, standardHeaders: true, legacyHeaders: false, }); /** * Moderate rate limiter for data modification endpoints * (Create, Update, Delete operations) * 30 requests per 15 minutes */ const modifyLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 30, message: { error: 'Too many modification requests, please slow down' }, standardHeaders: true, legacyHeaders: false, }); /** * Lenient rate limiter for read operations * 100 requests per 15 minutes */ const readLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 100, message: { error: 'Too many requests, please slow down' }, standardHeaders: true, legacyHeaders: false, }); /** * Moderate rate limiter for resource-intensive operations * (Streaming, backup, file uploads) * Increased to 1000/min to support HLS streaming which makes many segment requests */ const heavyLimiter = rateLimit({ windowMs: 60 * 1000, // 1 minute max: 1000, message: { error: 'Too many resource-intensive requests, please wait' }, standardHeaders: true, legacyHeaders: false, }); /** * Very strict limiter for backup/restore operations * 3 requests per hour */ const backupLimiter = rateLimit({ windowMs: 60 * 60 * 1000, // 1 hour max: 3, message: { error: 'Too many backup operations, please wait before trying again' }, standardHeaders: true, legacyHeaders: false, }); /** * General API rate limiter * 200 requests per 15 minutes */ const apiLimiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 200, message: { error: 'Too many API requests, please try again later' }, standardHeaders: true, legacyHeaders: false, }); module.exports = { authLimiter, modifyLimiter, readLimiter, heavyLimiter, backupLimiter, apiLimiter };