UNPKG

secure-mern

Version:

A lightweight yet powerful npm package to enhance security in MERN stack applications. Built with enterprise-grade architecture in mind, secure-mern helps you integrate essential security features with minimal configuration.

41 lines (31 loc) 1.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
const rateLimit = require("express-rate-limit"); const User = require("../models/User"); // adjust path if needed const Role = require("../models/Role"); const jwt = require("jsonwebtoken"); const limiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 100, }); async function conditionalRateLimit(req, res, next) { try { // Get token from header const authHeader = req.headers.authorization; if (!authHeader) return limiter(req, res, next); // apply limiter if no token const token = authHeader.split(" ")[1]; if (!token) return limiter(req, res, next); // Verify token (example using JWT) const decoded = jwt.verify(token, process.env.JWT_SECRET); const user = await User.findById(decoded.id).populate("role"); if (!user) return limiter(req, res, next); // If admin, skip rate limit if (user.role && user.role.name === "admin") { return next(); } // Otherwise apply rate limiter return limiter(req, res, next); } catch (err) { console.error("Rate limit check failed:", err); return limiter(req, res, next); // fallback to limiter } } module.exports = conditionalRateLimit;