diff --git a/api/example.env b/api/example.env index a0a22e33dc..bea3064d4f 100644 --- a/api/example.env +++ b/api/example.env @@ -26,6 +26,12 @@ REDIS_HOST="127.0.0.1" REDIS_PORT="6379" REDIS_PASSWORD=null +#################################################################################################### +# Rate Limiting +CONSUMED_POINTS_LIMIT=5 +CONSUMED_RESET_DURATION=5 +EXEC_EVENLY=true +BLOCK_POINT_DURATION=0 #################################################################################################### # File Storage diff --git a/api/src/cli/utils/create-env/index.ts b/api/src/cli/utils/create-env/index.ts index 1cbbc7d3af..b27d2b6d2d 100644 --- a/api/src/cli/utils/create-env/index.ts +++ b/api/src/cli/utils/create-env/index.ts @@ -30,6 +30,12 @@ const defaults = { REDIS_PORT: '6379', REDIS_PASSWORD: null, }, + rateLimits: { + CONSUMED_POINTS_LIMIT: 5, + CONSUMED_RESET_DURATION: 5, + EXEC_EVENLY: true, + BLOCK_POINT_DURATION: 0, + }, security: { KEY: uuidv4(), SECRET: nanoid(32), diff --git a/api/src/middleware/rate-limiter.ts b/api/src/middleware/rate-limiter.ts index 66ecfa5fa4..bfd96ad931 100644 --- a/api/src/middleware/rate-limiter.ts +++ b/api/src/middleware/rate-limiter.ts @@ -28,12 +28,12 @@ const rateLimiter: RequestHandler = (req, res, next) => { // at https://github.com/animir/node-rate-limiter-flexible/wiki/Options const opts = { storeClient: redisClient, - points: 5, // Number of points - duration: 5, // Number of seconds before consumed points are reset. + points: env.CONSUMED_POINTS_LIMIT, // Number of points + duration: env.CONSUMED_RESET_DURATION, // Number of seconds before consumed points are reset. // Custom - execEvenly: true, // delay actions after first action - this may need adjusting (leaky bucket) - blockDuration: 0, // Do not block if consumed more than points + execEvenly: env.EXEC_EVENLY, // delay actions after first action - this may need adjusting (leaky bucket) + blockDuration: env.BLOCK_POINT_DURATION, // Do not block if consumed more than points keyPrefix: 'rlflx', // must be unique for limiters with different purpose };