A minimal Express.js example showing how to apply secure rate limiting and basic security middleware.
Purpose: Demonstrates a small, opinionated setup for protecting Express routes from abuse using a configurable rate limiter and common security middlewares.
Repository layout
- File: src/app.js β Express app setup
- File: src/server.js β Server entrypoint
- File: src/config/rateLimit.config.js β Rate-limit configuration
- File: src/middlewares/security.middleware.js β Security middlewares (helmet, cors, etc.)
- File: src/routes/test.route.js β Example route used for testing
Getting started
Prerequisites:
- Node.js 16+ (or your project's required version)
Install:
npm install
Run (development):
node src/server.js
Or add a script in package.json and run npm start.
Configuration
- Edit rate limiting options in src/config/rateLimit.config.js. Typical options include
windowMs,max, and custom handler behavior. - Security middleware is initialized in src/middlewares/security.middleware.js.
Usage
- The example route in src/routes/test.route.js exposes a simple endpoint you can curl to verify rate limiting and security headers.
Example test commands
curl -i http://localhost:3000/test
If you hit the rate limit you should receive a 429 Too Many Requests response.
Notes & Next steps
- Customize rate limiter keys (IP, user ID, etc.) according to your auth strategy.
- Consider adding logging for rate-limit events and metrics export (Prometheus, etc.).
License
- Check the project root for license information.