security: add @nestjs/throttler — rate limiting global 60/min + search 20/min

2026-04-05 07:51:05 +02:00
parent 7b7f2ac8e7
commit d3e9dc61a5
4 changed files with 21 additions and 0 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -13,6 +13,7 @@
        "@nestjs/config": "^4.0.3",
        "@nestjs/core": "^11.1.17",
        "@nestjs/platform-express": "^11.1.17",
+        "@nestjs/throttler": "^6.5.0",
        "@nestjs/typeorm": "^11.0.0",
        "class-transformer": "^0.5.1",
        "class-validator": "^0.15.1",
@@ -2141,6 +2142,17 @@
        }
      }
    },
+    "node_modules/@nestjs/throttler": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/@nestjs/throttler/-/throttler-6.5.0.tgz",
+      "integrity": "sha512-9j0ZRfH0QE1qyrj9JjIRDz5gQLPqq9yVC2nHsrosDVAfI5HHw08/aUAWx9DZLSdQf4HDkmhTTEGLrRFHENvchQ==",
+      "license": "MIT",
+      "peerDependencies": {
+        "@nestjs/common": "^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0",
+        "@nestjs/core": "^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0",
+        "reflect-metadata": "^0.1.13 || ^0.2.0"
+      }
+    },
    "node_modules/@nestjs/typeorm": {
      "version": "11.0.0",
      "resolved": "https://registry.npmjs.org/@nestjs/typeorm/-/typeorm-11.0.0.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@@ -21,6 +21,7 @@
    "@nestjs/config": "^4.0.3",
    "@nestjs/core": "^11.1.17",
    "@nestjs/platform-express": "^11.1.17",
+    "@nestjs/throttler": "^6.5.0",
    "@nestjs/typeorm": "^11.0.0",
    "class-transformer": "^0.5.1",
    "class-validator": "^0.15.1",
--- a/backend/src/app.module.ts
+++ b/backend/src/app.module.ts
@@ -1,6 +1,8 @@
 import { Module } from '@nestjs/common';
+import { APP_GUARD } from '@nestjs/core';
 import { ConfigModule, ConfigService } from '@nestjs/config';
 import { TypeOrmModule } from '@nestjs/typeorm';
+import { ThrottlerModule, ThrottlerGuard } from '@nestjs/throttler';
 import { getDatabaseConfig } from './config/database.config';
 import { HealthModule } from './health/health.module';
 import { AuthModule } from './auth/auth.module';
@@ -11,6 +13,7 @@ import { ListModule } from './list/list.module';
@Module({
  imports: [
    ConfigModule.forRoot({ isGlobal: true }),
+    ThrottlerModule.forRoot([{ ttl: 60000, limit: 60 }]),
    TypeOrmModule.forRootAsync({
      inject: [ConfigService],
      useFactory: getDatabaseConfig,
@@ -21,5 +24,8 @@ import { ListModule } from './list/list.module';
    WorkModule,
    ListModule,
  ],
+  providers: [
+    { provide: APP_GUARD, useClass: ThrottlerGuard },
+  ],
 })
 export class AppModule {}
--- a/backend/src/work/work.controller.ts
+++ b/backend/src/work/work.controller.ts
@@ -1,10 +1,12 @@
 import { Controller, Get, Query } from '@nestjs/common';
+import { Throttle } from '@nestjs/throttler';
 import { WorkService } from './work.service';

@Controller('api/works')
 export class WorkController {
  constructor(private readonly workService: WorkService) {}

+  @Throttle([{ ttl: 60000, limit: 20 }])
  @Get('search')
  async search(
    @Query('q') query: string,