Less Aggressive Rate Limiting

backend/src/rest/modules/rate-limiter.ts

@@ -5,7 +5,7 @@ const windowMs = 10 * 60 * 1000;
 
 // additional layer rate limits
 export const extraRateLimit = (maxRequests: number) => rateLimit({
-  max: maxRequests,
+  max: windowMs / 2,
   message: JSON.stringify({ message: 'You are being rate limited' }),
   store: new RateLimitStore({
     uri: process.env.MONGO_URI,

backend/src/rest/routes/auth-routes.ts

@@ -15,7 +15,7 @@ const sendEmail = Deps.get<EmailFunctions>(EmailFunctions);
 const users = Deps.get<Users>(Users);
 const verification = Deps.get<Verification>(Verification);
 
-router.post('/login', extraRateLimit(30), (req, res, next) => {
+router.post('/login', extraRateLimit(25), (req, res, next) => {
   req['flash'] = (_: string, message: string) => res.status(400).json({ message });
   next();
 }, passport.authenticate('local', {
@@ -37,7 +37,7 @@ router.post('/login', extraRateLimit(30), (req, res, next) => {
     res.status(201).json({ token: await users.createToken(user) });
   });
 
-router.post('/register', extraRateLimit(3), async (req, res) => {
+router.post('/register', extraRateLimit(5), async (req, res) => {
   const user = await users.create({
     email: req.body.email,
     password: req.body.password,
@@ -49,7 +49,7 @@ router.post('/register', extraRateLimit(3), async (req, res) => {
   res.status(201).json(await users.createToken(user));
 });
 
-router.get('/verify', extraRateLimit(30), async (req, res) => {
+router.get('/verify', extraRateLimit(25), async (req, res) => {
   const email = verification.getEmailFromCode(req.query.code as string);
   const user = await User.findOne({ email }) as any;  
   if (!email || !user)
@@ -89,7 +89,7 @@ router.get('/email/forgot-password', extraRateLimit(10), async (req, res) => {
   }
 });
 
-router.post('/change-password', extraRateLimit(3), async (req, res) => {
+router.post('/change-password', extraRateLimit(5), async (req, res) => {
   const { email, oldPassword, newPassword }: REST.To.Post['/auth/change-password'] = req.body;
 
   const user = await User.findOne({ email }) as any as SelfUserDocument;

frontend/src/components/channel/message-box.tsx

@@ -1,5 +1,5 @@
 import classNames from 'classnames';
-import { useState } from 'react';
+import { useEffect, useState } from 'react';
 import { useDispatch, useSelector, useStore } from 'react-redux';
 import { Link } from 'react-router-dom';
 import TextareaAutosize from 'react-textarea-autosize';
@@ -12,6 +12,8 @@ import { getUser } from '../../store/users';
 export interface MessageBoxProps {
   content?: string;
   editingMessageId?: string;
+  cachedContent: Util.Dictionary;
+  setCachedContent: any;
 }
  
 const MessageBox: React.FunctionComponent<MessageBoxProps> = (props) => {
@@ -22,6 +24,11 @@ const MessageBox: React.FunctionComponent<MessageBoxProps> = (props) => {
   const guild = useSelector((s: Store.AppState) => s.ui.activeGuild)!;
   const typers = useSelector(getTypersInChannel(channel.id));
   const perms = usePerms();
+
+  useEffect(() => {
+    const messageBox = document.querySelector('#messageBox') as HTMLTextAreaElement;
+    messageBox.value = props.cachedContent[channel.id] ?? '';
+  }, [channel.id]);
   
   const onKeyDown = (event: React.KeyboardEvent<HTMLTextAreaElement>) => {
     handleEscape(event);
@@ -36,6 +43,9 @@ const MessageBox: React.FunctionComponent<MessageBoxProps> = (props) => {
       || !emptyMessage) return;
     
     saveEdit();
+
+    props.cachedContent[channel.id] = content;
+    props.setCachedContent(props.cachedContent);
   }
 
   const saveEdit = () => {
@@ -63,7 +73,7 @@ const MessageBox: React.FunctionComponent<MessageBoxProps> = (props) => {
     const typingUsers = typers.map(t => user(t.userId)!.username).join(', ');
     return (typers.length > maxTypers)
       ? 'Many users are typing...'
-      : `${typingUsers} is typing...`
+      : `${typingUsers} is typing...`;
   }
 
   const canSend = perms.canInChannel('SEND_MESSAGES', guild.id, channel.id);

types/util.d.ts

@@ -0,0 +1,3 @@
+declare module Util {
+  export interface Dictionary { [k: string]: string };
+}