diff --git a/server/api/AdminAPI.js b/server/api/AdminAPI.js index 394c581..b1491fd 100644 --- a/server/api/AdminAPI.js +++ b/server/api/AdminAPI.js @@ -6,23 +6,11 @@ const socketManager = new (require('../modules/SocketManager.js'))().getInstance const gameManager = new (require('../modules/GameManager.js'))().getInstance(); const globals = require('../config/globals.js'); const cors = require('cors'); -const rateLimit = require('express-rate-limit').default; const KEY = process.env.NODE_ENV.trim() === 'development' ? globals.MOCK_AUTH : process.env.ADMIN_KEY; -const apiLimiter = rateLimit({ - windowMs: 60000, - max: 50, - standardHeaders: true, - legacyHeaders: false -}); - -if (process.env.NODE_ENV.trim() === 'production') { - router.use(apiLimiter); -} - router.use(cors(globals.CORS)); router.use((req, res, next) => { diff --git a/server/api/GamesAPI.js b/server/api/GamesAPI.js index 8c1344b..c6aa657 100644 --- a/server/api/GamesAPI.js +++ b/server/api/GamesAPI.js @@ -9,16 +9,13 @@ const cors = require('cors'); const gameManager = new GameManager().getInstance(); -const apiLimiter = rateLimit({ - windowMs: 60000, - max: 100, - standardHeaders: true, - legacyHeaders: false -}); +const gameCreationLimit = process.env.NODE_ENV.trim() === 'production' + ? 20 + : 1000 -const gameEndpointLimiter = rateLimit({ // further limit the rate of game creation to 30 games per 10 minutes. +const gameEndpointLimiter = rateLimit({ windowMs: 600000, - max: 30, + max: gameCreationLimit, standardHeaders: true, legacyHeaders: false }); @@ -38,12 +35,7 @@ router.patch('/restart', (req, res, next) => { globals.CONTENT_TYPE_VALIDATOR(req, res, next); }); -if (process.env.NODE_ENV.trim() === 'production') { - router.use(apiLimiter); - router.use('/create', gameEndpointLimiter); -} - -router.post('/create', function (req, res) { +router.post('/create', gameEndpointLimiter, function (req, res) { logger.debug('Received request to create new game: ' + JSON.stringify(req.body, null, 4)); const gameCreationPromise = gameManager.createGame(req.body, false); gameCreationPromise.then((result) => { diff --git a/server/modules/ServerBootstrapper.js b/server/modules/ServerBootstrapper.js index 17b65d2..0123ed0 100644 --- a/server/modules/ServerBootstrapper.js +++ b/server/modules/ServerBootstrapper.js @@ -7,6 +7,7 @@ const crypto = require('crypto'); const SocketManager = require('./SocketManager.js'); const GameManager = require('./GameManager.js'); const { ENVIRONMENT } = require('../config/globals.js'); +const rateLimit = require('express-rate-limit').default; const ServerBootstrapper = { @@ -93,22 +94,34 @@ const ServerBootstrapper = { }, establishRouting: (app, express) => { + + const standardRateLimit = rateLimit({ + windowMs: 60000, + max: 100, + standardHeaders: true, + legacyHeaders: false + }) + /* api endpoints */ const games = require('../api/GamesAPI'); const admin = require('../api/AdminAPI'); app.use('/api/games', games); app.use('/api/admin', admin); + if (process.env.NODE_ENV.trim() === 'production') { + app.use('/api/', standardRateLimit); + } + /* serve all the app's pages */ - app.use('/manifest.json', (req, res) => { + app.use('/manifest.json', standardRateLimit, (req, res) => { res.sendFile(path.join(__dirname, '../../manifest.json')); }); - app.use('/favicon.ico', (req, res) => { + app.use('/favicon.ico', standardRateLimit, (req, res) => { res.sendFile(path.join(__dirname, '../../client/favicon_package/favicon.ico')); }); - app.use('/apple-touch-icon.png', (req, res) => { + app.use('/apple-touch-icon.png', standardRateLimit, (req, res) => { res.sendFile(path.join(__dirname, '../../client/favicon_package/apple-touch-icon.png')); });