add express rate limiting

2026-06-21 13:40:46 +00:00 · 2025-02-21 08:33:16 -08:00
parent b711ea4975
commit 19794e4c65
4 changed files with 44 additions and 0 deletions
@@ -26,6 +26,7 @@
        "dompurify": "^3.1.7",
        "dotenv": "^16.4.7",
        "express": "^4.21.1",
+        "express-rate-limit": "^7.5.0",
        "google-auth-library": "^9.14.0",
        "googleapis": "^143.0.0",
        "hammerjs": "^2.0.8",
@@ -8254,6 +8255,21 @@
        "node": ">= 0.10.0"
      }
    },
+    "node_modules/express-rate-limit": {
+      "version": "7.5.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.5.0.tgz",
+      "integrity": "sha512-eB5zbQh5h+VenMPM3fh+nw1YExi5nMr6HUCR62ELSP11huvxm/Uir1H1QEyTkk5QX6A58pX6NmaTMceKZ0Eodg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": "^4.11 || 5 || ^5.0.0-beta.1"
+      }
+    },
    "node_modules/express/node_modules/debug": {
      "version": "2.6.9",
      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -90,6 +90,7 @@
    "dompurify": "^3.1.7",
    "dotenv": "^16.4.7",
    "express": "^4.21.1",
+    "express-rate-limit": "^7.5.0",
    "google-auth-library": "^9.14.0",
    "googleapis": "^143.0.0",
    "hammerjs": "^2.0.8",
@@ -31,6 +31,8 @@ import { SecretManagerServiceClient } from "@google-cloud/secret-manager";
 import dotenv from "dotenv";
 import crypto from "crypto";
 dotenv.config();
+import rateLimit from "express-rate-limit";
+
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);

@@ -51,6 +53,22 @@ let DISCORD_CLIENT_SECRET: string;
 app.use(express.static(path.join(__dirname, "../../out")));
 app.use(express.json());

+app.set("trust proxy", 2);
+app.use(
+  rateLimit({
+    windowMs: 1000, // 1 second
+    max: 20, // 20 requests per IP per second
+  }),
+);
+
+app.set("trust proxy", 2);
+app.use(
+  rateLimit({
+    windowMs: 1000, // 1 second
+    max: 20, // 20 requests per IP per second
+  }),
+);
+
 const gm = new GameManager(serverConfig);

 let lobbiesString = "";
@@ -208,6 +226,14 @@ app.get("/private_lobby/:id", (req, res) => {
  });
 });

+app.get("/debug-ip", (req, res) => {
+  res.send({
+    "x-forwarded-for": req.headers["x-forwarded-for"],
+    "real-ip": req.ip,
+    "raw-headers": req.rawHeaders,
+  });
+});
+
 app.get("*", function (req, res) {
  // SPA routing
  res.sendFile(path.join(__dirname, "../../out/index.html"));
@@ -138,6 +138,7 @@ export default (env, argv) => {
                "/lobby",
                "/archive_singleplayer_game",
                "/validate-username",
+                "/debug-ip",
                "/auth/callback",
                "/auth/discord",
              ],