myex-cli/src/security/rateLimit.js

Opinionated Express.js framework with CLI tools

import rateLimit from 'express-rate-limit';
import { logger } from '../utils/logger.js';

/**
 * Configure rate limiting middleware for Express
 * @param {import('express').Application} app - Express application
 */
export const configureRateLimit = (app) => {
  // Parse environment variables
  const windowMs = parseInt(process.env.RATE_LIMIT_WINDOW_MS) || 15 * 60 * 1000; // 15 minutes
  const max = parseInt(process.env.RATE_LIMIT_MAX) || 100; // Limit each IP to 100 requests per windowMs
  
  // Configure rate limiter
  const limiter = rateLimit({
    windowMs,
    max,
    standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
    legacyHeaders: false, // Disable the `X-RateLimit-*` headers
    message: 'Too many requests from this IP, please try again later',
    handler: (req, res, next, options) => {
      logger.warn(`Rate limit exceeded for IP: ${req.ip}`);
      res.status(options.statusCode).send(options.message);
    },
  });
  
  // Apply rate limiting middleware to all requests
  app.use(limiter);
};