From 415eb2194f9feca9f972fcd9ef4e0a7c5074711a Mon Sep 17 00:00:00 2001
From: Philipp Schmid <schmidp@schmidp.com>
Date: Fri, 31 Mar 2023 12:26:34 +0200
Subject: [PATCH 1/2] introduce env variable DISABLE_RATE_LIMIT to disable rate
 limit

---
 server/src/index.ts | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/server/src/index.ts b/server/src/index.ts
index 1720daf..514c398 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -67,13 +67,15 @@ export default class ChatServer {
         this.app.use(express.json({ limit: '1mb' }));
         this.app.use(compression());
 
-        const { default: rateLimit } = await import('express-rate-limit'); // esm
-        const limiter = rateLimit({
-            windowMs: 15 * 60 * 1000, // 15 minutes
-            max: 100, // limit each IP to 100 requests per windowMs
-        });
+        if (process.env.DISABLE_RATE_LIMIT !== 'true') {
+            const { default: rateLimit } = await import('express-rate-limit'); // esm
+            const limiter = rateLimit({
+                windowMs: 15 * 60 * 1000, // 15 minutes
+                max: 100, // limit each IP to 100 requests per windowMs
+            });
 
-        this.app.use(limiter);
+            this.app.use(limiter);
+        }
 
         this.app.get('/chatapi/health', (req, res) => new HealthRequestHandler(this, req, res));
         this.app.get('/chatapi/session', (req, res) => new SessionRequestHandler(this, req, res));

From 129336c16820a788325cad640fadb0ab5fb24ec6 Mon Sep 17 00:00:00 2001
From: Philipp Schmid <schmidp@schmidp.com>
Date: Wed, 5 Apr 2023 11:04:59 +0200
Subject: [PATCH 2/2] introduce rate limit variables

---
 server/src/index.ts | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/server/src/index.ts b/server/src/index.ts
index 514c398..992a7dc 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -67,15 +67,16 @@ export default class ChatServer {
         this.app.use(express.json({ limit: '1mb' }));
         this.app.use(compression());
 
-        if (process.env.DISABLE_RATE_LIMIT !== 'true') {
-            const { default: rateLimit } = await import('express-rate-limit'); // esm
-            const limiter = rateLimit({
-                windowMs: 15 * 60 * 1000, // 15 minutes
-                max: 100, // limit each IP to 100 requests per windowMs
-            });
+        
+        const rateLimitWindowMs = process.env.RATE_LIMIT_WINDOW_MS ? parseInt(process.env.RATE_LIMIT_WINDOW_MS, 10) : 15 * 60 * 1000; // 15 minutes
+        const rateLimitMax = process.env.RATE_LIMIT_MAX ? parseInt(process.env.RATE_LIMIT_MAX, 10) : 100; // limit each IP to 100 requests per windowMs
 
-            this.app.use(limiter);
-        }
+        const { default: rateLimit } = await import('express-rate-limit'); // esm
+        const limiter = rateLimit({
+            windowMs: rateLimitWindowMs,
+            max: rateLimitMax,
+        });
+        this.app.use(limiter);
 
         this.app.get('/chatapi/health', (req, res) => new HealthRequestHandler(this, req, res));
         this.app.get('/chatapi/session', (req, res) => new SessionRequestHandler(this, req, res));