hsp-gdh/modules/requestHandler.js

import rateLimit from 'express-rate-limit';
import slowDown from 'express-slow-down';
import http from 'http';
import os from 'os';
import { log } from './logManager';

const requestLimiter = rateLimit({
	windowMs: 60 * 1000,
	max: process.env.RATE_LIMIT_REQUESTS || 100,
	standardHeaders: true,
	legacyHeaders: false,
	message: 'Too many requests from this IP, please try again later',
});

const speedLimiter = slowDown({
	windowMs: 60 * 1000,
	delayAfter: 5,
	delayMs: (hits) => hits * 100,
});

const antiBruteForce = rateLimit({
	windowMs: 60 * 60 * 1000,
	max: process.env.RATE_LIMIT_LOGIN_ATTEMPTS || 5,
	standardHeaders: true,
	legacyHeaders: false,
	message: 'Too many login attempts, please try again later',
});

const antiVerificationSpam = rateLimit({
	windowMs: 60 * 1000,
	max: process.env.RATE_LIMIT_VERIFICATION_REQUESTS || 5,
	standardHeaders: true,
	legacyHeaders: false,
	message: 'Too many verification requests, please try again later',
});

function checkSystemLoad(req, res, next) {
	const load = os.loadavg()[0];
	const cores = os.cpus().length;
	const threshold = cores * 0.7;

	if (load > threshold) {
		log('System load too high, please try again later');
		return res.status(503).send(http.STATUS_CODES[503]);
	}

	return next();
}

function respondWithStatus(res, statusCode, message) {
	const response = { status: statusCode, message: message };
	if (statusCode >= 400 && statusCode <= 599) {
		response.error = http.STATUS_CODES[statusCode];
	}
	return res.status(statusCode).json(response);
}

function respondWithStatusJSON(res, statusCode, JSON) {
	const response = { status: statusCode, JSON };
	if (statusCode >= 400 && statusCode <= 599) {
		response.error = http.STATUS_CODES[statusCode];
	}
	return res.status(statusCode).json(response);
}

export {
	requestLimiter,
	antiBruteForce,
	antiVerificationSpam,
	speedLimiter,
	checkSystemLoad,
	respondWithStatus,
	respondWithStatusJSON,
};