From 415e8452c0fc70df2b03aff6d292f68730556aa4 Mon Sep 17 00:00:00 2001
From: isra el <vernu1997@gmail.com>
Date: Sat, 30 Mar 2024 18:47:31 +0300
Subject: [PATCH] feat(api): throttle all endpoints to 30 requests per minute

---
 api/package.json      |  1 +
 api/pnpm-lock.yaml    | 15 +++++++++++++++
 api/src/app.module.ts | 15 ++++++++++++++-
 3 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/api/package.json b/api/package.json
index 85b36d8..6cd6185 100644
--- a/api/package.json
+++ b/api/package.json
@@ -28,6 +28,7 @@
     "@nestjs/passport": "^8.2.2",
     "@nestjs/platform-express": "^8.4.7",
     "@nestjs/swagger": "^5.2.1",
+    "@nestjs/throttler": "^5.1.2",
     "axios": "^1.4.0",
     "bcryptjs": "^2.4.3",
     "dotenv": "^16.0.3",
diff --git a/api/pnpm-lock.yaml b/api/pnpm-lock.yaml
index 99613d4..9bf6c09 100644
--- a/api/pnpm-lock.yaml
+++ b/api/pnpm-lock.yaml
@@ -29,6 +29,9 @@ dependencies:
   '@nestjs/swagger':
     specifier: ^5.2.1
     version: 5.2.1(@nestjs/common@8.4.7)(@nestjs/core@8.4.7)(reflect-metadata@0.1.13)(swagger-ui-express@4.6.3)
+  '@nestjs/throttler':
+    specifier: ^5.1.2
+    version: 5.1.2(@nestjs/common@8.4.7)(@nestjs/core@8.4.7)(reflect-metadata@0.1.13)
   axios:
     specifier: ^1.4.0
     version: 1.4.0
@@ -2203,6 +2206,18 @@ packages:
       tslib: 2.4.0
     dev: true
 
+  /@nestjs/throttler@5.1.2(@nestjs/common@8.4.7)(@nestjs/core@8.4.7)(reflect-metadata@0.1.13):
+    resolution: {integrity: sha512-60MqhSLYUqWOgc38P6C6f76JIpf6mVjly7gpuPBCKtVd0p5e8Fq855j7bJuO4/v25vgaOo1OdVs0U1qtgYioGw==}
+    peerDependencies:
+      '@nestjs/common': ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0
+      '@nestjs/core': ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0
+      reflect-metadata: ^0.1.13 || ^0.2.0
+    dependencies:
+      '@nestjs/common': 8.4.7(reflect-metadata@0.1.13)(rxjs@7.8.1)
+      '@nestjs/core': 8.4.7(@nestjs/common@8.4.7)(@nestjs/platform-express@8.4.7)(reflect-metadata@0.1.13)(rxjs@7.8.1)
+      reflect-metadata: 0.1.13
+    dev: false
+
   /@nodelib/fs.scandir@2.1.5:
     resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
     engines: {node: '>= 8'}
diff --git a/api/src/app.module.ts b/api/src/app.module.ts
index a53f3e9..e27e2c7 100644
--- a/api/src/app.module.ts
+++ b/api/src/app.module.ts
@@ -3,15 +3,28 @@ import { MongooseModule } from '@nestjs/mongoose'
 import { GatewayModule } from './gateway/gateway.module'
 import { AuthModule } from './auth/auth.module'
 import { UsersModule } from './users/users.module'
+import { ThrottlerGuard, ThrottlerModule } from '@nestjs/throttler'
+import { APP_GUARD } from '@nestjs/core/constants'
 
 @Module({
   imports: [
     MongooseModule.forRoot(process.env.MONGO_URI),
+    ThrottlerModule.forRoot([
+      {
+        ttl: 60000,
+        limit: 30,
+      },
+    ]),
     AuthModule,
     UsersModule,
     GatewayModule,
   ],
   controllers: [],
-  providers: [],
+  providers: [
+    {
+      provide: APP_GUARD,
+      useClass: ThrottlerGuard,
+    },
+  ],
 })
 export class AppModule {}