ADD: rate limiting

controllers/api.js

@@ -57,7 +57,6 @@ const rateLimit = require('express-rate-limit');
 const postLimiter = rateLimit({
   windowMs: 30 * 60 * 1000,
   max: 50,
-  message: 'You are going too fast',
 });
 
 router.post('/create', postLimiter, async function(req, res) {

index.js

@@ -14,6 +14,14 @@ morgan.token('id', function getId(req) {
 });
 
 let app = express();
+app.enable('trust proxy');
+
+const rateLimit = require('express-rate-limit');
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 100,
+});
+app.use(limiter);
 
 app.use(function(req, res, next) {
   req.id = uuid.v4();
@@ -26,8 +34,6 @@ app.use(
   ),
 );
 
-app.set('trust proxy', 'loopback');
-
 let bodyParser = require('body-parser');
 let config = require('./config');