redis rate limit

NishantGupt786 · NishantGupt786 · commit b5f144bd4006 · 2024-10-20T16:23:40.000+05:30
diff --git a/package.json b/package.json
@@ -24,6 +24,8 @@
     "@react-pdf-viewer/zoom": "^3.12.0",
     "@t3-oss/env-nextjs": "^0.10.1",
     "@types/mongoose": "^5.11.97",
+    "@upstash/ratelimit": "^2.0.3",
+    "@vercel/kv": "^3.0.0",
     "axios": "^1.7.2",
     "bcrypt": "^5.1.1",
     "class-variance-authority": "^0.7.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/middleware.ts b/src/middleware.ts
@@ -1,19 +1,22 @@
-import { NextResponse } from "next/server";
-import { verifyToken } from "./lib/auth";
+import { type NextRequest, NextResponse } from 'next/server';
+import { Ratelimit } from '@upstash/ratelimit';
+import { kv } from '@vercel/kv';
 
-export async function middleware(request: Request) {
-  const authtoken = request.headers.get("Authorization");
-  if (!authtoken ?? !authtoken?.startsWith("Bearer ")) {
-    return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
-  }
-  const token = authtoken.split(" ")[1];
-  const isValidToken = await verifyToken(token);
-  if (!isValidToken) {
-    return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
-  }
-  return NextResponse.next();
-}
+const ratelimit = new Ratelimit({
+  redis: kv,
+  limiter: Ratelimit.slidingWindow(5, '900 s'),
+});
 
 export const config = {
-  matcher: ["/api/admin/:path*"],
+  matcher: '/api/mail',
 };
+
+export default async function middleware(request: NextRequest) {
+  const ip = request.ip ?? '127.0.0.1';
+  const { success } = await ratelimit.limit(
+    ip
+  );
+  return success
+    ? NextResponse.next()
+    : NextResponse.json({ message: "You can upload a maximum of 5 papers every 15 minutes" }, { status: 429 });
+}
