Skip to content

Commit

Permalink
[Backend] Introduce rate limit to some routes
Browse files Browse the repository at this point in the history
  • Loading branch information
@MananGandhi1810
MananGandhi1810 committed Nov 13, 2024
1 parent 1b62cdd commit ad61685
Show file tree
Hide file tree
Showing 4 changed files with 62 additions and 7 deletions.
7 changes: 7 additions & 0 deletions backend/handlers/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,13 @@ const forgotPasswordHandler = async (req, res) => {
data: null,
});
}
if (user.authProvider != "EMAIL") {
return res.status(403).json({
success: false,
message: "This account does not have a password associated",
data: null,
});
}
const otp = await randomNum();
sendEmail(
email,
Expand Down
28 changes: 28 additions & 0 deletions backend/middlewares/rate-limit.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
import { createClient } from "redis";

const redis = createClient({ url: process.env.REDIS_URL });
redis.connect();

const rateLimit = async (req, res, next, limit = 5, use = "") => {
const ip =
req.headers["x-forwarded-for"] ||
req.connection.remoteAddress ||
req.socket.remoteAddress ||
req.connection.socket.remoteAddress;
const redisId = `rate-limit:${use}/${ip}`;
const requests = await redis.incr(redisId);
if (requests === 1) {
await redis.expire(redisId, 60);
}
if (requests > limit) {
res.locals.message = "Rate limit exceeded";
return res.status(429).json({
success: false,
message: "Requests over limit, please wait for some time.",
data: null,
});
}
next();
};

export { rateLimit };
19 changes: 16 additions & 3 deletions backend/router/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,27 @@ import {
githubCallbackHandler,
accessTokenHandler,
} from "../handlers/auth.js";
import { rateLimit } from "../middlewares/rate-limit.js";

const router = Router();

router.post("/register", registerHandler);
router.post(
"/register",
(req, res, next) => rateLimit(req, res, next, 2, "register"),
registerHandler,
);
router.get("/verify", verifyHandler);
router.post("/login", loginHandler);
router.post(
"/login",
(req, res, next) => rateLimit(req, res, next, 4, "login"),
loginHandler,
);
router.post("/resend-verification", resendVerificationHandler);
router.post("/forgot-password", forgotPasswordHandler);
router.post(
"/forgot-password",
(req, res, next) => rateLimit(req, res, next, 2, "password-reset"),
forgotPasswordHandler,
);
router.post("/verify-otp", verifyOtpHandler);
router.post("/reset-password", resetPasswordHandler);
router.get("/gh-callback", githubCallbackHandler);
Expand Down
15 changes: 11 additions & 4 deletions backend/router/code.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,21 @@ import {
checkExecutionHandler,
aiHelperHandler,
} from "../handlers/code.js";
import { rateLimit } from "../middlewares/rate-limit.js";

const router = Router();

router.post("/submit/:problemStatementId/:language", checkAuth, (req, res) =>
queueCodeHandler(req, res),
router.post(
"/submit/:problemStatementId/:language",
checkAuth,
(req, res, next) => rateLimit(req, res, next, 5, "code-execution"),
(req, res) => queueCodeHandler(req, res),
);
router.post("/run/:problemStatementId/:language", checkAuth, (req, res) =>
queueCodeHandler(req, res, true),
router.post(
"/run/:problemStatementId/:language",
checkAuth,
(req, res, next) => rateLimit(req, res, next, 5, "code-submission"),
(req, res) => queueCodeHandler(req, res, true),
);
router.get("/check/:submissionId", checkAuth, (req, res) =>
checkExecutionHandler(req, res),
Expand Down

0 comments on commit ad61685

Please sign in to comment.