84 lines
2 KiB
JavaScript
84 lines
2 KiB
JavaScript
const rateLimit = require('express-rate-limit');
|
|
|
|
/**
|
|
* Strict rate limiter for authentication endpoints
|
|
* 5 requests per 15 minutes
|
|
*/
|
|
const authLimiter = rateLimit({
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 5,
|
|
message: { error: 'Too many authentication attempts, please try again later' },
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
});
|
|
|
|
/**
|
|
* Moderate rate limiter for data modification endpoints
|
|
* (Create, Update, Delete operations)
|
|
* 30 requests per 15 minutes
|
|
*/
|
|
const modifyLimiter = rateLimit({
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 30,
|
|
message: { error: 'Too many modification requests, please slow down' },
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
});
|
|
|
|
/**
|
|
* Lenient rate limiter for read operations
|
|
* 100 requests per 15 minutes
|
|
*/
|
|
const readLimiter = rateLimit({
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 100,
|
|
message: { error: 'Too many requests, please slow down' },
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
});
|
|
|
|
/**
|
|
* Moderate rate limiter for resource-intensive operations
|
|
* (Streaming, backup, file uploads)
|
|
* Increased to 1000/min to support HLS streaming which makes many segment requests
|
|
*/
|
|
const heavyLimiter = rateLimit({
|
|
windowMs: 60 * 1000, // 1 minute
|
|
max: 1000,
|
|
message: { error: 'Too many resource-intensive requests, please wait' },
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
});
|
|
|
|
/**
|
|
* Very strict limiter for backup/restore operations
|
|
* 3 requests per hour
|
|
*/
|
|
const backupLimiter = rateLimit({
|
|
windowMs: 60 * 60 * 1000, // 1 hour
|
|
max: 3,
|
|
message: { error: 'Too many backup operations, please wait before trying again' },
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
});
|
|
|
|
/**
|
|
* General API rate limiter
|
|
* 200 requests per 15 minutes
|
|
*/
|
|
const apiLimiter = rateLimit({
|
|
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
max: 200,
|
|
message: { error: 'Too many API requests, please try again later' },
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
});
|
|
|
|
module.exports = {
|
|
authLimiter,
|
|
modifyLimiter,
|
|
readLimiter,
|
|
heavyLimiter,
|
|
backupLimiter,
|
|
apiLimiter
|
|
};
|