Rate limit nginx routes that verify the password

Also remove rate-limit middleware Test using something like: ab -v 1 -n 1000 -c 10 -s 5 -m POST https://my.<doamain>/api/v1/developer/login Part of #187
2017-03-26 23:27:34 -07:00
parent 64cb951206
commit 18e59c4754
5 changed files with 11 additions and 16 deletions
--- a/src/server.js
+++ b/src/server.js
@@ -18,7 +18,6 @@ var assert = require('assert'),
    middleware = require('./middleware'),
    passport = require('passport'),
    path = require('path'),
-    RateLimit = require('express-rate-limit'),
    routes = require('./routes/index.js');

 var gHttpServer = null;
@@ -44,19 +43,12 @@ function initializeExpressSync() {
    // for rate limiting
    app.enable('trust proxy');

-    var limiter = new RateLimit({
-        windowMs: 60*1000,  // 1 minute
-        max: 200,           // limit each IP to 200 requests per windowMs
-        delayMs: 0          // disable delaying - full speed until the max limit is reached
-    });
-
    if (process.env.BOX_ENV !== 'test') app.use(middleware.morgan('Box :method :url :status :response-time ms - :res[content-length]', { immediate: false }));

    var router = new express.Router();
    router.del = router.delete; // amend router.del for readability further on

    app
-       .use(limiter)
       .use(middleware.timeout(REQUEST_TIMEOUT))
       .use(json)
       .use(urlencoded)