From d2a17c2745d2fe27815f6f7239c14ce1bbaedd7e Mon Sep 17 00:00:00 2001
From: Shane Kilkelly <shane@kilkelly.me>
Date: Thu, 26 Oct 2017 14:11:31 +0100
Subject: [PATCH] Add rate-limiting to the token endpoints

---
 services/web/app/coffee/router.coffee | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee
index 20ee4ae6da..e749ed44ff 100644
--- a/services/web/app/coffee/router.coffee
+++ b/services/web/app/coffee/router.coffee
@@ -340,9 +340,19 @@ module.exports = class Router
 
 
 		webRouter.get '/read/:read_only_token([a-z]+)',
+			RateLimiterMiddlewear.rateLimit({
+				endpointName: 'read-only-token',
+				maxRequests: 10,
+				timeInterval: 60
+			}),
 			TokenAccessController.readOnlyToken
 
 		webRouter.get '/:read_and_write_token([0-9]+[a-z]+)',
+			RateLimiterMiddlewear.rateLimit({
+				endpointName: 'read-and-write-token',
+				maxRequests: 10,
+				timeInterval: 60
+			}),
 			TokenAccessController.readAndWriteToken
 
 		webRouter.get '*', ErrorController.notFound