gitea

backend/src/middleware/rateLimiter.ts

@@ -0,0 +1,29 @@
+import rateLimit from 'express-rate-limit';
+
+// General API rate limit
+export const apiLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // Limit each IP to 100 requests per windowMs
+  message: { error: 'rate_limit_exceeded', message: 'Too many requests, please try again later.' },
+  standardHeaders: true,
+  legacyHeaders: false,
+});
+
+// Strict rate limit for auth endpoints (prevent brute force)
+export const authLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 5, // Limit each IP to 5 requests per windowMs
+  message: { error: 'rate_limit_exceeded', message: 'Too many authentication attempts, please try again later.' },
+  standardHeaders: true,
+  legacyHeaders: false,
+  skipSuccessfulRequests: true, // Don't count successful logins
+});
+
+// Moderate rate limit for monitor checks
+export const checkLimiter = rateLimit({
+  windowMs: 5 * 60 * 1000, // 5 minutes
+  max: 20, // Limit each IP to 20 manual checks per 5 minutes
+  message: { error: 'rate_limit_exceeded', message: 'Too many manual checks, please wait before trying again.' },
+  standardHeaders: true,
+  legacyHeaders: false,
+});