diff --git a/lib/index.js b/lib/index.js index 8c806bd..26eb086 100644 --- a/lib/index.js +++ b/lib/index.js @@ -22,6 +22,10 @@ const enforceHTTPS = Boolean(process.env.ENFORCE_HTTPS) const app = express() const appLogger = createAppLogger({ dev: isDevelopment }) +const limiter = rateLimit({ + windowMs: 60 * 1000, + max: 10, +}) // Force app to always redirect to HTTPS // use when you can't configure web server @@ -34,6 +38,7 @@ app.use(createRouteLogger({ dev: isDevelopment })) app.set('view engine', 'ejs') app.set('views', path.join(__dirname, 'views')) +app.set('trust proxy', 1) app.use(express.static(path.join(__dirname, 'public'))) app.use(favicon(path.join(__dirname, 'public', 'favicon.ico'))) @@ -66,8 +71,8 @@ app.get('*', (req, res) => { res.status(400).render('404') }) +app.use('/download', limiter) app.use('/download', checkURLParameter) -app.use('/download', rateLimit()) app.post('/download', async (req, res, next) => { try { const { url } = req.body