Use the Express.js rate limiter middleware if not disabled

2026-04-17 07:50:31 +00:00 · 2025-08-26 11:34:29 -07:00
parent 9856719e38
commit 8438d44ac3
1 changed files with 39 additions and 18 deletions
--- a/src/index.ts
+++ b/src/index.ts
@@ -6,6 +6,8 @@ import { InterchangeSystem, InterchangeSystemBuilderArguments } from "./entities
 import { ChapmanApiBasedParkingRepositoryLoader } from "./loaders/parking/ChapmanApiBasedParkingRepositoryLoader";
 import express from "express";
 import { expressMiddleware } from "@as-integrations/express5";
+import { RATE_LIMITS_DISABLED } from "./environment";
+import rateLimit from "express-rate-limit";

 const typeDefs = readFileSync("./schema.graphqls", "utf8");

@@ -36,24 +38,43 @@ async function main() {
  ));

  const app = express();
-  app.use(
-    "/",
-    express.json(),
-    expressMiddleware(server, {
-      context: async () => {
-        return {
-          systems,
-          findSystemById: (id: string) => {
-            const system = systems.find((system) => system.id === id);
-            if (!system) {
-              return null;
-            }
-            return system;
-          },
-        }
-      },
-    })
-  );
+  const options = {
+    context: async () => {
+      return {
+        systems,
+        findSystemById: (id: string) => {
+          const system = systems.find((system) => system.id === id);
+          if (!system) {
+            return null;
+          }
+          return system;
+        },
+      }
+    },
+  };
+
+  if (RATE_LIMITS_DISABLED) {
+    app.use(
+      "/",
+      express.json(),
+      expressMiddleware(server, options)
+    );
+  } else {
+    const limiter = rateLimit({
+      windowMs: 60 * 1000, // Every minute
+      limit: 20000,
+      standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
+      legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+      ipv6Subnet: 60, // Set to 60 or 64 to be less aggressive, or 52 or 48 to be more aggressive
+    });
+    app.use(
+      "/",
+      express.json(),
+      limiter,
+      expressMiddleware(server, options),
+    );
+  }
+

  const port = process.env.PORT ? parseInt(process.env.PORT) : 4000;
  app.listen(port, () => {