Home Explore Help
Sign In
cturan
/
vendure
mirror of https://github.com/vendure-ecommerce/vendure
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix(admin-ui-plugin): Implement rate limiting on static server

Michael Bromley 1 year ago
parent
cb556d8cdf
commit
9516c71ba2
3 changed files with 27 additions and 2 deletions
Split View Show Diff Stats
  1. 15 0
      package-lock.json
  2. 1 0
      packages/admin-ui-plugin/package.json
  3. 11 2
      packages/admin-ui-plugin/src/plugin.ts

+ 15 - 0
package-lock.json
View File 

@@ -19404,6 +19404,20 @@
 
         "node": ">= 0.10.0"
 
       }
 
     },
 
+    "node_modules/express-rate-limit": {
 
+      "version": "7.4.0",
 
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.4.0.tgz",
 
+      "integrity": "sha512-v1204w3cXu5gCDmAvgvzI6qjzZzoMWKnyVDk3ACgfswTQLYiGen+r8w0VnXnGMmzEN/g8fwIQ4JrFFd4ZP6ssg==",
 
+      "engines": {
 
+        "node": ">= 16"
 
+      },
 
+      "funding": {
 
+        "url": "https://github.com/sponsors/express-rate-limit"
 
+      },
 
+      "peerDependencies": {
 
+        "express": "4 || 5 || ^5.0.0-beta.1"
 
+      }
 
+    },
 
     "node_modules/express/node_modules/debug": {
 
       "version": "2.6.9",
 
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
 
@@ -36567,6 +36581,7 @@
 
       "license": "GPL-3.0-or-later",
 
       "dependencies": {
 
         "date-fns": "^2.30.0",
 
+        "express-rate-limit": "^7.4.0",
 
         "fs-extra": "^11.2.0"
 
       },
 
       "devDependencies": {

+ 1 - 0
packages/admin-ui-plugin/package.json
View File 

@@ -30,6 +30,7 @@
 
     },
 
     "dependencies": {
 
         "date-fns": "^2.30.0",
 
+        "express-rate-limit": "^7.4.0",
 
         "fs-extra": "^11.2.0"
 
     }
 
 }

+ 11 - 2
packages/admin-ui-plugin/src/plugin.ts
View File 

@@ -19,6 +19,7 @@ import {
 
     VendurePlugin,
 
 } from '@vendure/core';
 
 import express from 'express';
 
+import { rateLimit } from 'express-rate-limit';
 
 import fs from 'fs-extra';
 
 import path from 'path';
 
 
@@ -220,7 +221,7 @@ export class AdminUiPlugin implements NestModule {
 
             await overwriteConfig();
 
         } else {
 
             Logger.info('Creating admin ui middleware (prod mode)', loggerCtx);
 
-            consumer.apply(await this.createStaticServer(app)).forRoutes(route);
 
+            consumer.apply(this.createStaticServer(app)).forRoutes(route);
 
 
             if (app && typeof app.compile === 'function') {
 
                 Logger.info('Compiling Admin UI app in production mode...', loggerCtx);
 
@@ -241,10 +242,18 @@ export class AdminUiPlugin implements NestModule {
 
         registerPluginStartupMessage('Admin UI', route);
 
     }
 
 
-    private async createStaticServer(app?: AdminUiAppConfig) {
 
+    private createStaticServer(app?: AdminUiAppConfig) {
 
         const adminUiAppPath = (app && app.path) || DEFAULT_APP_PATH;
 
 
+        const limiter = rateLimit({
 
+            windowMs: 60 * 1000,
 
+            limit: process.env.NODE_ENV === 'production' ? 500 : 2000,
 
+            standardHeaders: true,
 
+            legacyHeaders: false,
 
+        });
 
+
 
         const adminUiServer = express.Router();
 
+        adminUiServer.use(limiter);
 
         adminUiServer.use(express.static(adminUiAppPath));
 
         adminUiServer.use((req, res) => {
 
             res.sendFile(path.join(adminUiAppPath, 'index.html'));