From f337e6c68143543b764cfefbb0d3b28d2cfe0250 Mon Sep 17 00:00:00 2001
From: ZaydSkaff <m.skaff@syncrow.ae>
Date: Tue, 24 Jun 2025 10:55:38 +0300
Subject: [PATCH] Test/prevent server block on rate limit (#421)

---
 src/app.module.ts | 18 ++++++++++++------
 src/main.ts       | 15 ++++++---------
 2 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/src/app.module.ts b/src/app.module.ts
index ce64932..2401b0c 100644
--- a/src/app.module.ts
+++ b/src/app.module.ts
@@ -1,7 +1,7 @@
 import { SeederModule } from '@app/common/seed/seeder.module';
 import { Module } from '@nestjs/common';
 import { ConfigModule } from '@nestjs/config';
-import { APP_INTERCEPTOR } from '@nestjs/core';
+import { APP_GUARD, APP_INTERCEPTOR } from '@nestjs/core';
 import { WinstonModule } from 'nest-winston';
 import { AuthenticationModule } from './auth/auth.module';
 import { AutomationModule } from './automation/automation.module';
@@ -35,6 +35,8 @@ import { UserNotificationModule } from './user-notification/user-notification.mo
 import { UserModule } from './users/user.module';
 import { VisitorPasswordModule } from './vistor-password/visitor-password.module';
 
+import { ThrottlerGuard } from '@nestjs/throttler';
+import { ThrottlerModule } from '@nestjs/throttler/dist/throttler.module';
 import { winstonLoggerOptions } from '../libs/common/src/logger/services/winston.logger';
 import { AqiModule } from './aqi/aqi.module';
 import { OccupancyModule } from './occupancy/occupancy.module';
@@ -44,9 +46,13 @@ import { WeatherModule } from './weather/weather.module';
     ConfigModule.forRoot({
       load: config,
     }),
-    /*   ThrottlerModule.forRoot({
-      throttlers: [{ ttl: 100000, limit: 30 }],
-    }), */
+    ThrottlerModule.forRoot({
+      throttlers: [{ ttl: 60000, limit: 30 }],
+      generateKey: (context) => {
+        const req = context.switchToHttp().getRequest();
+        return req.headers['x-forwarded-for'] || req.ip;
+      },
+    }),
     WinstonModule.forRoot(winstonLoggerOptions),
     ClientModule,
     AuthenticationModule,
@@ -88,10 +94,10 @@ import { WeatherModule } from './weather/weather.module';
       provide: APP_INTERCEPTOR,
       useClass: LoggingInterceptor,
     },
-    /*  {
+    {
       provide: APP_GUARD,
       useClass: ThrottlerGuard,
-    }, */
+    },
   ],
 })
 export class AppModule {}
diff --git a/src/main.ts b/src/main.ts
index e00dca6..67edc11 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -3,7 +3,6 @@ import { SeederService } from '@app/common/seed/services/seeder.service';
 import { Logger, ValidationPipe } from '@nestjs/common';
 import { NestFactory } from '@nestjs/core';
 import { json, urlencoded } from 'body-parser';
-import rateLimit from 'express-rate-limit';
 import helmet from 'helmet';
 import { WINSTON_MODULE_NEST_PROVIDER } from 'nest-winston';
 import { setupSwaggerAuthentication } from '../libs/common/src/util/user-auth.swagger.utils';
@@ -22,15 +21,13 @@ async function bootstrap() {
 
   app.use(new RequestContextMiddleware().use);
 
-  app.use(
-    rateLimit({
-      windowMs: 5 * 60 * 1000,
-      max: 500,
-    }),
-  );
-
   app.use((req, res, next) => {
-    console.log('Real IP:', req.ip);
+    console.log(
+      'Real IP:',
+      req.ip,
+      req.headers['x-forwarded-for'],
+      req.connection.remoteAddress,
+    );
     next();
   });