chore(throttling): add api-throttling (request limiting) so users can

only request routes 120times per minute (aka, 2req/second but spread out
for sanity). fixes #2645
This commit is contained in:
Tyler Renelle 2014-01-31 10:32:33 -07:00
parent ab86ba11bd
commit 92563915ef
3 changed files with 21 additions and 1 deletions

View file

@ -44,7 +44,8 @@
"swagger-node-express": "git://github.com/lefnire/swagger-node-express#habitrpg",
"passport": "~0.1.18",
"passport-facebook": "~1.0.2",
"newrelic": "~1.3.0"
"newrelic": "~1.3.0",
"connect-ratelimit": "0.0.6"
},
"private": true,
"subdomain": "habitrpg",

View file

@ -3,6 +3,24 @@ var _ = require('lodash');
var fs = require('fs');
var path = require('path');
var User = require('./models/user').model
var limiter = require('connect-ratelimit');
module.exports.apiThrottle = function(app) {
app.use(limiter({
end:false,
catagories:{
normal: {
// 2 req/s, but split as minutes
totalRequests: 120,
every: 60000
}
}
})).use(function(req,res,next){
//console.log(res.ratelimit);
if (res.ratelimit.exceeded) return res.json(429,{err:'Rate limit exceeded'});
next();
});
}
module.exports.forceSSL = function(req, res, next){
var baseUrl = nconf.get("BASE_URL");

View file

@ -125,6 +125,7 @@ if (cluster.isMaster && (nconf.get('NODE_ENV') == 'development' || nconf.get('NO
//}
// Custom Directives
middleware.apiThrottle(app);
app.use(require('./routes/pages').middleware);
app.use(require('./routes/auth').middleware);
var v2 = express();