add Rate limiter middleware

package.json

@@ -19,6 +19,7 @@
         "dotenv": "^16.4.5",
         "ejs": "^3.1.9",
         "express": "^4.19.2",
+        "express-rate-limit": "^7.2.0",
         "express-session": "^1.17.3",
         "helmet": "^7.1.0",
         "http-errors": "~2.0.0",

src/routes/index.js

@@ -7,6 +7,26 @@
 const express = require('express');
 const router = express.Router();
 const url = require('url');
+const rateLimit = require("express-rate-limit");
+
+// Rate limiter middleware
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 250, // limit each IP/user to 500 requests per windowMs
+    standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
+    legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+    skipSuccessfulRequests: true, // Do not count successful requests
+    handler: function (req, res, next) {        
+        res.locals.message = "Rate limit exceeded";
+        res.locals.error = "Too many requests, please try again later.";
+        res.locals.status = 429;
+        // render the error page
+        res.status(res.locals.status);
+        res.render('error');
+    },
+});
+
+router.use(limiter);
 
 // eslint-disable-next-line no-unused-vars
 router.get('/', function (req, res, _next) {