blah

Web-Server/modules/express.js

@@ -1,24 +1,34 @@
-/*
-1) api route 
-2) enforce best practice for api routes
-*/
 const express = require("express");
 const helmet = require("helmet");
+const { rateLimit } = require("express-rate-limit");
 const { APIlogger } = require('../middleware/apiLogger.js');
 
 const app = express();
 app.use(helmet());
 const port = 80;
 
+//express-rate-limit stolen from docs
+const limiter = rateLimit({
+	windowMs: 15 * 60 * 1000, // 15 minutes
+	limit: 600, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
+	standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
+	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+})
+
+// Apply the rate limiting middleware to all requests.
+app.use(limiter)
+
 //disable x-powered-by header for security reasons
 app.disable("x-powered-by");
 
+//parse json body format 
 app.use(express.json());
 app.set("json spaces", 2);
 
 
-//middleware logic ( called by next() )
-
+/*
+middleware logic ( called by next() )
+*/
 //app.use('/api/v0', require('../middleware/ApiKey.js'));
 app.use('/api/v0', APIlogger, require('../routes/api_route.js'));