From 2a133774c4d86d6bd241b14c1aef84033c8c5b70 Mon Sep 17 00:00:00 2001
From: Claudio Chimera <Claudio.Chimera@gmail.com>
Date: Tue, 9 Jul 2024 19:20:57 +0200
Subject: [PATCH] Added rate limit

---
 alexa/alexa-adapter.js | 9 +++++++++
 package-lock.json      | 6 ++++++
 package.json           | 3 ++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/alexa/alexa-adapter.js b/alexa/alexa-adapter.js
index c4d9680..22f9423 100644
--- a/alexa/alexa-adapter.js
+++ b/alexa/alexa-adapter.js
@@ -60,6 +60,7 @@ module.exports = function (RED) {
     const util = require('util');
     const TokenGenerator = require('uuid-token-generator');
     const express = require('express');
+    const expressRateLimit = require("express-rate-limit");
     const helmet = require('helmet');
     const morgan = require('morgan');
     const cors = require('cors');
@@ -260,7 +261,15 @@ module.exports = function (RED) {
             const node = this;
             if (node.verbose) node._debug("startServer port " + node.http_port);
             const app = express();
+            const rate_limit = 30;
+            const rateLimitMiddleware = expressRateLimit({
+                windowMs: 60 * 1000,
+                max: rate_limit,
+                message: `You have exceeded your ${rate_limit} requests per minute limit.`,
+                headers: true,
+              });
             app.disable('x-powered-by');
+            app.use(rateLimitMiddleware);
             app.use(helmet());
             app.use(cors());
             app.use(morgan('dev'));
diff --git a/package-lock.json b/package-lock.json
index a6ce3ec..3d7e6c3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,6 +14,7 @@
         "ask-sdk-model": "^1.86.0",
         "cors": "^2.8.5",
         "express": "^4.19.2",
+        "express-rate-limiter": "^1.3.1",
         "helmet": "^7.1.0",
         "morgan": "^1.10.0",
         "stoppable": "^1.1.0",
@@ -1877,6 +1878,11 @@
         "node": ">= 0.10.0"
       }
     },
+    "node_modules/express-rate-limiter": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/express-rate-limiter/-/express-rate-limiter-1.3.1.tgz",
+      "integrity": "sha512-qLRc4ZkyCcfUCjPtVjwQOtf4OYPc7hc6ObOFemeeVYLlbam541/B7R33VvhztFsBGRUIT/wJW/oJz8n5k+fRfw=="
+    },
     "node_modules/express-session": {
       "version": "1.18.0",
       "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.0.tgz",
diff --git a/package.json b/package.json
index d9002c5..c38d402 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "node-red-contrib-alexa-virtual-smarthome",
-  "version": "0.0.35",
+  "version": "0.0.36",
   "description": "Node Red Alexa Smarthome node",
   "main": "index.js",
   "scripts": {
@@ -48,6 +48,7 @@
     "ask-sdk-model": "^1.86.0",
     "cors": "^2.8.5",
     "express": "^4.19.2",
+    "express-rate-limiter": "^1.3.1",
     "helmet": "^7.1.0",
     "morgan": "^1.10.0",
     "stoppable": "^1.1.0",