feat: add rate limit to claim and partner

Author: Markkop

package.json

@@ -18,6 +18,7 @@
     "csv-parser": "^3.0.0",
     "dotenv": "^10.0.0",
     "express": "^4.17.1",
+    "express-rate-limit": "^7.4.0",
     "luxon": "^3.3.0",
     "mongoose": "^5.13.7",
     "morgan": "^1.10.0",

src/routes/token.ts

@@ -1,14 +1,24 @@
 import { NextFunction, Request, Response, Router } from 'express'
+import rateLimit from 'express-rate-limit'
 import multer from 'multer'
 import { MulterRequest, TokenController } from '../controllers/token'
 import middlewares from '../middlewares'
 
 const router = Router()
 const upload = multer({ dest: 'uploads/' })
 
+const claimLimiter = rateLimit({
+  windowMs: 1 * 60 * 1000, // 1 minute
+  max: 20, // Limit each IP to 5 requests per windowMs
+  message: 'Too many attempts, please try again later.',
+  standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+})
+
 router.post(
   '/claim',
   middlewares.authentication,
+  claimLimiter,
   async (request, response, next) => {
     try {
       const controller = new TokenController()
@@ -123,6 +133,7 @@ router.post(
 router.post(
   '/partner',
   [middlewares.setHasPartnerAuth, middlewares.authentication],
+  claimLimiter,
   async (_request: Request, response: Response, next: NextFunction) => {
     try {
       const controller = new TokenController()

yarn.lock

@@ -2165,6 +2165,11 @@ expect@^27.1.0:
     jest-message-util "^27.1.0"
     jest-regex-util "^27.0.6"
 
+express-rate-limit@^7.4.0:
+  version "7.4.0"
+  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.4.0.tgz#5db412b8de83fa07ddb40f610c585ac8c1dab988"
+  integrity sha512-v1204w3cXu5gCDmAvgvzI6qjzZzoMWKnyVDk3ACgfswTQLYiGen+r8w0VnXnGMmzEN/g8fwIQ4JrFFd4ZP6ssg==
+
 express@^4.17.1:
   version "4.17.1"
   resolved "https://registry.yarnpkg.com/express/-/express-4.17.1.tgz#4491fc38605cf51f8629d39c2b5d026f98a4c134"