Skip to content

#111 enhancement : added Rate-Limiter-Flexible #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

#111 enhancement : added Rate-Limiter-Flexible #124

wants to merge 2 commits into from
+180 −126

Conversation

SEEDART007
Copy link

#111 enhancement : added Rate-Limiter-Flexible

Added Rate-Limiter-Flexible

@Copilot Copilot AI review requested due to automatic review settings October 11, 2025 14:59
@netlify Netlify
Copy link

netlify bot commented Oct 11, 2025
edited
Loading

Deploy Preview for paisable ready!

Name Link
🔨 Latest commit b2de1a7
🔍 Latest deploy log https://app.netlify.com/projects/paisable/deploys/68f0bb0c4a118300087a549d
😎 Deploy Preview https://deploy-preview-124--paisable.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 94
Accessibility: 100
Best Practices: 100
SEO: 91
PWA: 80
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

Copilot
Copilot AI reviewed Oct 11, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements rate limiting functionality using the rate-limiter-flexible library to protect API endpoints from abuse. The enhancement adds different rate limiting tiers for sensitive authentication routes versus public API routes.

  • Added rate-limiter-flexible dependency and import
  • Configured different rate limiters for sensitive vs public routes
  • Applied rate limiting middleware to all API endpoints

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

File Description
backend/server.js Implemented rate limiting with two tiers (sensitive and public) and applied middleware to all API routes
backend/package.json Added rate-limiter-flexible dependency
Files not reviewed (1)
  • backend/package-lock.json: Language not supported

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

backend/server.js
Comment on lines +57 to +64
const rateLimitMiddleware = (limiter) => async (req, res, next) => {
try {
await limiter.consume(req.ip);
next();
} catch {
res.status(429).json({ message: 'Too Many Requests. Slow down!' });
}
};
Copy link

Copilot AI Oct 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using req.ip directly for rate limiting can be bypassed by clients using proxies or load balancers. Consider implementing a more robust client identification strategy that checks for forwarded headers (X-Forwarded-For, X-Real-IP) or uses a combination of IP and user authentication for authenticated routes.

Copilot uses AI. Check for mistakes.

backend/server.js
app.use('/api/auth', rateLimitMiddleware(sensitiveLimiter), require('./routes/authRoutes'));
app.use('/api/transactions', rateLimitMiddleware(publicLimiter), require('./routes/transactionRoutes'));
app.use('/api/receipts', rateLimitMiddleware(publicLimiter), require('./routes/receiptRoutes'));
app.use('/api/users', rateLimitMiddleware(publicLimiter), require('./routes/userRoutes'));
Copy link

Copilot AI Oct 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

User management routes should use the sensitive limiter instead of the public limiter, as they likely contain operations like password changes, profile updates, or user data retrieval that should be more strictly rate limited.

Suggested change
app.use('/api/users', rateLimitMiddleware(publicLimiter), require('./routes/userRoutes'));
app.use('/api/users', rateLimitMiddleware(sensitiveLimiter), require('./routes/userRoutes'));

Copilot uses AI. Check for mistakes.

@archa8
Copy link
Member

archa8 commented Oct 16, 2025

Hey @SEEDART007, you had not been assigned this issue yet but you opened a PR. I'll give this PR the hacktoberfest-accepted label, but I cannot merge this. You are requested not to open a PR unless it is assigned to you. Thank you for the contribution. I am closing this now.

@archa8 archa8 closed this Oct 16, 2025
@archa8 archa8 added the hacktoberfest-accepted The pull request is a valid, non-spam contribution for Hacktoberfest label Oct 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Avdhesh-Varshney Avdhesh-Varshney Awaiting requested review from Avdhesh-Varshney

Assignees

No one assigned

Labels

hacktoberfest-accepted The pull request is a valid, non-spam contribution for Hacktoberfest

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@SEEDART007 @archa8