Skip to content

Commit

Permalink
Fix code scanning alert no. 8: Missing rate limiting
Browse files Browse the repository at this point in the history 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: marcel <[email protected]>
  • Loading branch information
@wagmarcel @github-advanced-security
wagmarcel and github-advanced-security[bot] committed Dec 5, 2024
1 parent 648bada commit e77ebee
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
8 changes: 7 additions & 1 deletion KafkaBridge/lib/authService/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
'use strict';

const express = require('express');
const rateLimit = require('express-rate-limit');
const Authenticate = require('./authenticate');
const Acl = require('./acl');
const app = express();
Expand All @@ -30,7 +31,12 @@ const init = async function (conf) {
const config = conf;
app.use(express.json());

app.get('/auth', (req, res) => {
const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100 // limit each IP to 100 requests per windowMs
});

app.get('/auth', authLimiter, (req, res) => {
auth.authenticate(req, res);
});

Expand Down
3 changes: 2 additions & 1 deletion KafkaBridge/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@
"openid-client": "^5.1.2",
"redis": "^4.6.11",
"underscore": "^1.13.1",
"winston": "^3.8.1"
"winston": "^3.8.1",
"express-rate-limit": "^7.4.1"
},
"devDependencies": {
"chai": "^4.3.6",
Expand Down

0 comments on commit e77ebee

Please sign in to comment.