add rate limit and app name to env

2025-12-12 02:47:46 +00:00 · 2024-10-03 21:01:19 -04:00
parent e6532752c6
commit e89ee4042a
4 changed files with 18 additions and 4 deletions
--- a/server/environment.ts
+++ b/server/environment.ts
@@ -21,6 +21,15 @@ const environmentSchema = z.object({
        .string()
        .transform((val) => parseInt(val, 10))
        .pipe(z.number()),
+    RATE_LIMIT_WINDOW_MIN: z
+        .string()
+        .transform((val) => parseInt(val, 10))
+        .pipe(z.number()),
+    RATE_LIMIT_MAX: z
+        .string()
+        .transform((val) => parseInt(val, 10))
+        .pipe(z.number()),
+    APP_NAME: z.string(),
    EMAIL_SMTP_HOST: z.string().optional(),
    EMAIL_SMTP_PORT: z
        .string()
@@ -45,6 +54,9 @@ const environment = {
        path.join("config"),
    EXTERNAL_PORT: (process.env.EXTERNAL_PORT as string) || "3000",
    INTERNAL_PORT: (process.env.INTERNAL_PORT as string) || "3001",
+    RATE_LIMIT_WINDOW_MIN: (process.env.RATE_LIMIT_WINDOW_MIN as string) || "1",
+    RATE_LIMIT_MAX: (process.env.RATE_LIMIT_MAX as string) || "100",
+    APP_NAME: (process.env.APP_NAME as string) || "Pangolin",
    EMAIL_SMTP_HOST: process.env.EMAIL_SMTP_HOST as string,
    EMAIL_SMTP_PORT: process.env.EMAIL_SMTP_PORT as string,
    EMAIL_SMTP_USER: process.env.EMAIL_SMTP_USER as string,
--- a/server/middlewares/rateLimit.ts
+++ b/server/middlewares/rateLimit.ts
@@ -3,9 +3,10 @@ import createHttpError from "http-errors";
 import { NextFunction, Request, Response } from "express";
 import logger from "@server/logger";
 import HttpCode from "@server/types/HttpCode";
+import environment from "@server/environment";

-const limit = 100;
-const minutes = 1;
+const limit = environment.RATE_LIMIT_MAX;
+const minutes = environment.RATE_LIMIT_WINDOW_MIN;

 export const rateLimitMiddleware = rateLimit({
    windowMs: minutes * 60 * 1000,
--- a/server/middlewares/verifySession.ts
+++ b/server/middlewares/verifySession.ts
@@ -1,4 +1,4 @@
-import { NextFunction, Response, Request } from "express";
+import { NextFunction, Response } from "express";
 import ErrorResponse from "@server/types/ErrorResponse";
 import { unauthorized, verifySession } from "@server/auth";
 import { db } from "@server/db";
--- a/server/routers/auth/requestTotpSecret.ts
+++ b/server/routers/auth/requestTotpSecret.ts
@@ -11,6 +11,7 @@ import { User, users } from "@server/db/schema";
 import { eq } from "drizzle-orm";
 import { verify } from "@node-rs/argon2";
 import { createTOTPKeyURI } from "oslo/otp";
+import env from "@server/environment";

 export const requestTotpSecretBody = z.object({
    password: z.string(),
@@ -64,7 +65,7 @@ export async function requestTotpSecret(

    const hex = crypto.getRandomValues(new Uint8Array(20));
    const secret = encodeHex(hex);
-    const uri = createTOTPKeyURI("pangolin", user.email, hex);
+    const uri = createTOTPKeyURI(env.APP_NAME, user.email, hex);

    await db
        .update(users)