Fix code scanning alert no. 2: Missing rate limiting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
yllst-testing-labs · Jan 14, 2025 · 073108d · 073108d
1 parent eb46c1e
commit 073108d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/main.cjs b/main.cjs
@@ -8,6 +8,7 @@ const JS7z = require("./libraries/js7z/js7z.cjs");
 const crypto = require("crypto");
 
 const express = require("express");
+const RateLimit = require("express-rate-limit");
 const DEFAULT_PORT = 8998;
 const MIN_PORT = 1024; // Minimum valid port number
 const MAX_PORT = 65535; // Maximum valid port number
@@ -314,6 +315,15 @@ function createWindow() {
     applog.info(`App started. Version ${version}`);
 }
 
+// Set up rate limiter: maximum of 100 requests per 15 minutes
+const limiter = RateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // max 100 requests per windowMs
+});
+
+// Apply rate limiter to all requests
+expressApp.use(limiter);
+
 // Set up the express server to serve video files
 expressApp.get("/video/:folderName/:fileName", (req, res) => {
     const { folderName, fileName } = req.params;

diff --git a/package.json b/package.json
@@ -46,7 +46,8 @@
         "react-loading-skeleton": "^3.5.0",
         "react-router-dom": "^7.1.1",
         "sonner": "^1.7.1",
-        "wavesurfer.js": "^7.8.15"
+        "wavesurfer.js": "^7.8.15",
+        "express-rate-limit": "^7.5.0"
     },
     "devDependencies": {
         "@electron-forge/cli": "^7.6.0",