round2

consumerWebsite/app.js

@@ -1,4 +1,5 @@
 const express = require("express");
+const { rateLimit } = require("express-rate-limit");
 const path = require("path");
 const app = express();
 const port = 3000;
@@ -8,6 +9,20 @@ const ejs = require("ejs");
 app.use(express.json());
 app.set("json spaces", 2);
 
+//express-rate-limit stolen from docs
+const limiter = rateLimit({
+	windowMs: 15 * 60 * 1000, // 15 minutes
+	limit: 600, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
+	standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
+	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+});
+
+// Apply the rate limiting middleware to all requests.
+app.use(limiter);
+
+//disable x-powered-by header for security reasons
+app.disable("x-powered-by");
+
 // Set up the templating engine to build HTML for the front end.
 app.set("views", path.join(__dirname, "./views"));
 app.set("view engine", "ejs");
@@ -15,11 +30,9 @@ app.set("view engine", "ejs");
 // Have express server static content( images, CSS, browser JS) from the public
 app.use(express.static(path.join(__dirname, "./public")));
 
-//middleware logic ( called by next() )
-const auth = require("./middleware/authChecker"); 
-
 
 //route logic
+app.use("/api/seed/v0" ,require("./routes/seed_route.js"));
 app.use("/api/v0", require("./routes/api_routes")); 
 
 //render logic