inbox: add rate limiting (#59)

2026-06-09 22:53:54 +02:00 · 2025-10-14 09:16:35 +05:00
parent a8cc02ef1a
commit 0cc3365e44
3 changed files with 13 additions and 0 deletions
@@ -1,6 +1,7 @@
 import express from "express";
 import _sodium, { base64_variants } from "libsodium-wrappers-sumo";
 import { z } from "zod";
+import { rateLimit } from "express-rate-limit";

 const NOTESNOOK_API_SERVER_URL = process.env.NOTESNOOK_API_SERVER_URL;
 if (!NOTESNOOK_API_SERVER_URL) {
@@ -126,6 +127,12 @@ async function postEncryptedInboxItem(

 const app = express();
 app.use(express.json({ limit: "10mb" }));
+app.use(
+  rateLimit({
+    windowMs: 1 * 60 * 1000, // 1 minute
+    limit: 60,
+  })
+);
 app.post("/inbox", async (req, res) => {
  try {
    const apiKey = req.headers["authorization"];