callum/binit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feat. Added rate limiting

Browse Source
This commit is contained in:
callum5892
2026-03-10 23:02:15 +00:00
parent b2bd85aa2c
commit b1b9d5772e
4 changed files with 93 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/index.js
View File

@@ -1,15 +1,68 @@
require('dotenv').config();
const express = require('express');
const path = require('path');
const helmet = require('helmet');
const rateLimit = require('express-rate-limit');
const { ensureBucket } = require('./lib/minio');
const pastesRouter = require('./routes/pastes');
const app = express();
const PORT = process.env.PORT || 3000;
function envInt(name, fallback) {
const raw = process.env[name];
if (!raw) {
return fallback;
}
const parsed = Number.parseInt(raw, 10);
return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
}
const READ_LIMIT_WINDOW_MS = envInt('RATE_LIMIT_READ_WINDOW_MS', 60 * 1000);
const READ_LIMIT_MAX = envInt('RATE_LIMIT_READ_MAX', 240);
const CREATE_LIMIT_WINDOW_MS = envInt('RATE_LIMIT_CREATE_WINDOW_MS', 10 * 60 * 1000);
const CREATE_LIMIT_MAX = envInt('RATE_LIMIT_CREATE_MAX', 40);
app.disable('x-powered-by');
// If deployed behind a reverse proxy/load balancer, set TRUST_PROXY=true.
if (process.env.TRUST_PROXY === 'true') {
app.set('trust proxy', 1);
}
app.use(helmet({
contentSecurityPolicy: false,
crossOriginEmbedderPolicy: false,
}));
const createPasteLimiter = rateLimit({
windowMs: CREATE_LIMIT_WINDOW_MS,
max: CREATE_LIMIT_MAX,
standardHeaders: true,
legacyHeaders: false,
message: { error: 'Too many paste creations. Try again later.' },
});
const readPasteLimiter = rateLimit({
windowMs: READ_LIMIT_WINDOW_MS,
max: READ_LIMIT_MAX,
standardHeaders: true,
legacyHeaders: false,
message: { error: 'Too many requests. Slow down.' },
});
app.use(express.json({ limit: '110kb' }));
app.use(express.urlencoded({ extended: false, limit: '110kb' }));
app.use(express.static(path.join(__dirname, 'public')));
app.use('/api/pastes', readPasteLimiter);
app.use('/api/pastes', (req, res, next) => {
if (req.method === 'POST') {
return createPasteLimiter(req, res, next);
}
next();
});
app.use('/api/pastes', pastesRouter);
// Serve the view page for any paste URL