refactor rate limiting

server/api/AdminAPI.js

@@ -6,23 +6,11 @@ const socketManager = new (require('../modules/SocketManager.js'))().getInstance
 const gameManager = new (require('../modules/GameManager.js'))().getInstance();
 const globals = require('../config/globals.js');
 const cors = require('cors');
-const rateLimit = require('express-rate-limit').default;
 
 const KEY = process.env.NODE_ENV.trim() === 'development'
     ? globals.MOCK_AUTH
     : process.env.ADMIN_KEY;
 
-const apiLimiter = rateLimit({
-    windowMs: 60000,
-    max: 50,
-    standardHeaders: true,
-    legacyHeaders: false
-});
-
-if (process.env.NODE_ENV.trim() === 'production') {
-    router.use(apiLimiter);
-}
-
 router.use(cors(globals.CORS));
 
 router.use((req, res, next) => {

server/api/GamesAPI.js

@@ -9,16 +9,13 @@ const cors = require('cors');
 
 const gameManager = new GameManager().getInstance();
 
-const apiLimiter = rateLimit({
-    windowMs: 60000,
-    max: 100,
-    standardHeaders: true,
-    legacyHeaders: false
-});
+const gameCreationLimit = process.env.NODE_ENV.trim() === 'production'
+    ? 20
+    : 1000
 
-const gameEndpointLimiter = rateLimit({ // further limit the rate of game creation to 30 games per 10 minutes.
+const gameEndpointLimiter = rateLimit({
     windowMs: 600000,
-    max: 30,
+    max: gameCreationLimit,
     standardHeaders: true,
     legacyHeaders: false
 });
@@ -38,12 +35,7 @@ router.patch('/restart', (req, res, next) => {
     globals.CONTENT_TYPE_VALIDATOR(req, res, next);
 });
 
-if (process.env.NODE_ENV.trim() === 'production') {
-    router.use(apiLimiter);
-    router.use('/create', gameEndpointLimiter);
-}
-
-router.post('/create', function (req, res) {
+router.post('/create', gameEndpointLimiter, function (req, res) {
     logger.debug('Received request to create new game: ' + JSON.stringify(req.body, null, 4));
     const gameCreationPromise = gameManager.createGame(req.body, false);
     gameCreationPromise.then((result) => {

server/modules/ServerBootstrapper.js

@@ -7,6 +7,7 @@ const crypto = require('crypto');
 const SocketManager = require('./SocketManager.js');
 const GameManager = require('./GameManager.js');
 const { ENVIRONMENT } = require('../config/globals.js');
+const rateLimit = require('express-rate-limit').default;
 
 const ServerBootstrapper = {
 
@@ -93,22 +94,34 @@ const ServerBootstrapper = {
     },
 
     establishRouting: (app, express) => {
+
+        const standardRateLimit = rateLimit({
+            windowMs: 60000,
+            max: 100,
+            standardHeaders: true,
+            legacyHeaders: false
+        })
+
         /* api endpoints */
         const games = require('../api/GamesAPI');
         const admin = require('../api/AdminAPI');
         app.use('/api/games', games);
         app.use('/api/admin', admin);
 
+        if (process.env.NODE_ENV.trim() === 'production') {
+            app.use('/api/', standardRateLimit);
+        }
+
         /* serve all the app's pages */
-        app.use('/manifest.json', (req, res) => {
+        app.use('/manifest.json', standardRateLimit, (req, res) => {
             res.sendFile(path.join(__dirname, '../../manifest.json'));
         });
 
-        app.use('/favicon.ico', (req, res) => {
+        app.use('/favicon.ico', standardRateLimit, (req, res) => {
             res.sendFile(path.join(__dirname, '../../client/favicon_package/favicon.ico'));
         });
 
-        app.use('/apple-touch-icon.png', (req, res) => {
+        app.use('/apple-touch-icon.png', standardRateLimit, (req, res) => {
             res.sendFile(path.join(__dirname, '../../client/favicon_package/apple-touch-icon.png'));
         });