feat: rate limit user creation (#3468)

2024-10-18 20:09:08 +02:00 · 2023-04-06 14:45:54 +03:00 · 2023-04-06 14:45:54 +03:00 · 14a2ca700c
commit 14a2ca700c
parent d33f11511a
1 changed files with 8 additions and 0 deletions
--- a/src/lib/routes/admin-api/user-admin.ts
+++ b/src/lib/routes/admin-api/user-admin.ts
@ -39,6 +39,8 @@ import {
 } from '../../openapi/spec/users-groups-base-schema';
 import { IGroup } from '../../types/group';
 import { IFlagResolver } from '../../types/experimental';
+import rateLimit from 'express-rate-limit';
+import { minutesToMilliseconds } from 'date-fns';

 export default class UserAdminController extends Controller {
    private flagResolver: IFlagResolver;
@ -202,6 +204,12 @@ export default class UserAdminController extends Controller {
                    requestBody: createRequestSchema('createUserSchema'),
                    responses: { 200: createResponseSchema('userSchema') },
                }),
+                rateLimit({
+                    windowMs: minutesToMilliseconds(1),
+                    max: 20,
+                    standardHeaders: true,
+                    legacyHeaders: false,
+                }),
            ],
        });