QT/bigcapital
1
0
Fork 0
mirror of https://github.com/bigcapitalhq/bigcapital.git synced 2026-02-19 06:10:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Rate limiter on requests and login attempts.

Browse Source
This commit is contained in:
a.bouhuolia
2020-12-15 20:25:23 +02:00
parent 27483495cb
commit 6dd1229412
11 changed files with 170 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
server/src/loaders/dependencyInjector.ts
View File

@@ -7,6 +7,8 @@ import dbManagerFactory from 'loaders/dbManager';
import i18n from 'loaders/i18n';
import repositoriesLoader from 'loaders/systemRepositories';
import Cache from 'services/Cache';
import redisLoader from './redisLoader';
import rateLimiterLoaders from './rateLimiterLoader';
export default ({ mongoConnection, knex }) => {
try {
@@ -42,6 +44,9 @@ export default ({ mongoConnection, knex }) => {
Container.set('repositories', repositoriesLoader());
LoggerInstance.info('[DI] repositories has been injected into container');
rateLimiterLoaders();
LoggerInstance.info('[DI] rate limiter has been injected into container.');
return { agenda: agendaInstance };
} catch (e) {
LoggerInstance.error('Error on dependency injector loader: %o', e);

2
server/src/loaders/express.ts
View File

@@ -8,6 +8,7 @@ import routes from 'api';
import LoggerMiddleware from 'api/middleware/LoggerMiddleware';
import AgendashController from 'api/controllers/Agendash';
import ConvertEmptyStringsToNull from 'api/middleware/ConvertEmptyStringsToNull';
import RateLimiterMiddleware from 'api/middleware/RateLimiterMiddleware'
import config from 'config';
export default ({ app }) => {
@@ -41,6 +42,7 @@ export default ({ app }) => {
app.use(ConvertEmptyStringsToNull);
// Prefix all application routes.
app.use(config.api.prefix, RateLimiterMiddleware)
app.use(config.api.prefix, routes());
// Agendash application load.

24
server/src/loaders/rateLimiterLoader.ts Normal file
View File

@@ -0,0 +1,24 @@
import RateLimiter from 'services/Authentication/RateLimiter';
import { Container } from 'typedi';
import { RateLimiterMemory } from 'rate-limiter-flexible';
import config from 'config';
export default () => {
const rateLimiterRequestsMemory = new RateLimiterMemory({
points: config.throttler.requests.points,
duration: config.throttler.requests.duration,
blockDuration: config.throttler.requests.blockDuration,
});
const rateLimiterMemoryLogin = new RateLimiterMemory({
points: config.throttler.login.points,
duration: config.throttler.login.duration,
blockDuration: config.throttler.login.blockDuration,
});
const rateLimiterRequest = new RateLimiter(rateLimiterRequestsMemory);
const rateLimiterLogin = new RateLimiter(rateLimiterMemoryLogin)
// Inject the rate limiter of the global requests and login into the container.
Container.set('rateLimiter.request', rateLimiterRequest);
Container.set('rateLimiter.login', rateLimiterLogin);
};