Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-12 15:53:02 +10:00
Code Issues Packages Projects Releases Wiki Activity

fix: rate limit api endpoints (#1863)

Browse Source 
Rate limit API endpoint
This commit is contained in:
David Nguyen
2025-06-27 18:50:22 +10:00
committed by GitHub
parent bb9ba80edb
commit dc2042a1ee
3 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/remix/package.json
View File

@ -41,6 +41,7 @@
"colord": "^2.9.3", "colord": "^2.9.3",
"framer-motion": "^10.12.8", "framer-motion": "^10.12.8",
"hono": "4.7.0", "hono": "4.7.0",
"hono-rate-limiter": "^0.4.2",
"hono-react-router-adapter": "^0.6.2", "hono-react-router-adapter": "^0.6.2",
"input-otp": "^1.2.4", "input-otp": "^1.2.4",
"isbot": "^5.1.17", "isbot": "^5.1.17",

20
apps/remix/server/router.ts
View File

@ -1,4 +1,5 @@
import { Hono } from 'hono'; import { Hono } from 'hono';
import { rateLimiter } from 'hono-rate-limiter';
import { contextStorage } from 'hono/context-storage'; import { contextStorage } from 'hono/context-storage';
import { tsRestHonoApp } from '@documenso/api/hono'; import { tsRestHonoApp } from '@documenso/api/hono';
@ -21,6 +22,21 @@ export interface HonoEnv {
const app = new Hono<HonoEnv>(); const app = new Hono<HonoEnv>();
/**
* Rate limiting for v1 and v2 API routes only.
* - 100 requests per minute per IP address
*/
const rateLimitMiddleware = rateLimiter({
windowMs: 60 * 1000, // 1 minute
limit: 100, // 100 requests per window
keyGenerator: (c) => {
return c.req.header('x-forwarded-for') || c.req.header('x-real-ip') || 'unknown';
},
message: {
error: 'Too many requests, please try again later.',
},
});
/** /**
* Attach session and context to requests. * Attach session and context to requests.
*/ */
@ -32,6 +48,10 @@ app.use(appContext);
*/ */
app.use('*', appMiddleware); app.use('*', appMiddleware);
// Apply rate limit to /api/v1/*
app.use('/api/v1/*', rateLimitMiddleware);
app.use('/api/v2/*', rateLimitMiddleware);
// Auth server. // Auth server.
app.route('/api/auth', auth); app.route('/api/auth', auth);

10
package-lock.json generated
View File

@ -118,6 +118,7 @@
"colord": "^2.9.3", "colord": "^2.9.3",
"framer-motion": "^10.12.8", "framer-motion": "^10.12.8",
"hono": "4.7.0", "hono": "4.7.0",
"hono-rate-limiter": "^0.4.2",
"hono-react-router-adapter": "^0.6.2", "hono-react-router-adapter": "^0.6.2",
"input-otp": "^1.2.4", "input-otp": "^1.2.4",
"isbot": "^5.1.17", "isbot": "^5.1.17",
@ -20241,6 +20242,15 @@
"node": ">=16.9.0" "node": ">=16.9.0"
} }
}, },
"node_modules/hono-rate-limiter": {
"version": "0.4.2",
"resolved": "https://registry.npmjs.org/hono-rate-limiter/-/hono-rate-limiter-0.4.2.tgz",
"integrity": "sha512-AAtFqgADyrmbDijcRTT/HJfwqfvhalya2Zo+MgfdrMPas3zSMD8SU03cv+ZsYwRU1swv7zgVt0shwN059yzhjw==",
"license": "MIT",
"peerDependencies": {
"hono": "^4.1.1"
}
},
"node_modules/hono-react-router-adapter": { "node_modules/hono-react-router-adapter": {
"version": "0.6.5", "version": "0.6.5",
"resolved": "https://registry.npmjs.org/hono-react-router-adapter/-/hono-react-router-adapter-0.6.5.tgz", "resolved": "https://registry.npmjs.org/hono-react-router-adapter/-/hono-react-router-adapter-0.6.5.tgz",