From e77ebeefc530302181a92369c8c8e44c258c6bdd Mon Sep 17 00:00:00 2001
From: Marcel Wagner <wagmarcel@web.de>
Date: Tue, 3 Dec 2024 13:58:19 +0100
Subject: [PATCH] Fix code scanning alert no. 8: Missing rate limiting

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: marcel <wagmarcel@web.de>
---
 KafkaBridge/lib/authService/index.js | 8 +++++++-
 KafkaBridge/package.json             | 3 ++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/KafkaBridge/lib/authService/index.js b/KafkaBridge/lib/authService/index.js
index 58b1e584..0ce1e523 100644
--- a/KafkaBridge/lib/authService/index.js
+++ b/KafkaBridge/lib/authService/index.js
@@ -16,6 +16,7 @@
 'use strict';
 
 const express = require('express');
+const rateLimit = require('express-rate-limit');
 const Authenticate = require('./authenticate');
 const Acl = require('./acl');
 const app = express();
@@ -30,7 +31,12 @@ const init = async function (conf) {
   const config = conf;
   app.use(express.json());
 
-  app.get('/auth', (req, res) => {
+  const authLimiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100 // limit each IP to 100 requests per windowMs
+  });
+
+  app.get('/auth', authLimiter, (req, res) => {
     auth.authenticate(req, res);
   });
 
diff --git a/KafkaBridge/package.json b/KafkaBridge/package.json
index be2082a8..c229297f 100644
--- a/KafkaBridge/package.json
+++ b/KafkaBridge/package.json
@@ -22,7 +22,8 @@
     "openid-client": "^5.1.2",
     "redis": "^4.6.11",
     "underscore": "^1.13.1",
-    "winston": "^3.8.1"
+    "winston": "^3.8.1",
+    "express-rate-limit": "^7.4.1"
   },
   "devDependencies": {
     "chai": "^4.3.6",