feat: Implement API Rate Limiting with ThrottlerModule

.gitignore

@@ -59,7 +59,7 @@ fabric.properties
 # DB
 data/db/
 
-docker-compose.yml
+
 # User-specific files
 *.suo
 *.user
@@ -104,7 +104,7 @@ BenchmarkDotNet.Artifacts/
 
 # .NET Core
 project.lock.json
-package-lock.json
+
 project.fragment.lock.json
 artifacts/
 **/Properties/launchSettings.json
@@ -406,21 +406,30 @@ dist/
 *.prod
 
 
+# database files
+data/db
+
+# 
+
+
+
+
+
 # User specific ignores 
 todo.txt
 /.vscode/
 .vscode/
 
 # Docker compose
-docker-compose.yml
+
 data/
 data/
 docker-compose.yml
-package-lock.json
+
 .dev.env
 
 
-package-lock.json
+
 docker-compose.yml
 data/
 .dev.env
@@ -430,13 +439,14 @@ compose/compose.yaml
 
 data/
 docker-compose.yml
-package-lock.json/
-package-lock.json
+
+
 .dev.env
 
 
-package-lock.json
-docker-compose.yml
+
+
 data/
 .dev.env
 
+

README.md

@@ -2,22 +2,48 @@
 
 ## Overview
 
+## Rate Limiting
+
+This project uses `@nestjs/throttler` for rate limiting to prevent abuse.
+
+### Configuration
+
+- **Global Rate Limit**: 10 requests per minute.
+- **Custom Limits**: Some routes may have different limits.
+
+### Error Handling
+
+If a user exceeds the allowed request rate, they receive:
+
+```json
+{
+  "statusCode": 429,
+  "message": "Too Many Requests"
+}
+
+<img align="right" width="300" src="./screenshot/Screenshot1.png" alt="successful register user request api endpoint" />
+
+<img align="right" width="300" src="./screenshot/ScreenshotE2.png" alt="throttle limiting " />
+
+
 [Description]
 
 ## Folder Structure
 
 ```
+
 |--- src
-|    |--- database
-|    |--- modules
-|    |--- shared
-|    |--- app.module.ts
-|    |--- main.ts
+| |--- database
+| |--- modules
+| |--- shared
+| |--- app.module.ts
+| |--- main.ts
 |--- .env.local
 |--- .gitignore
 |--- package.json
 |--- tsconfig.json
-```
+
+````
 
 ## Dependencies (Dev)
 
@@ -63,7 +89,7 @@ Open a terminal and run the following git command:
 
 ```bash
 git clone "url you just copied"
-```
+````
 
 where "url you just copied" (without the quotation marks) is the url to this repository (your fork of this project). See the previous steps to obtain the url.
 

package.json

@@ -44,6 +44,7 @@
     "@nestjs/schedule": "^5.0.1",
     "@nestjs/serve-static": "^5.0.3",
     "@nestjs/swagger": "^11.0.5",
+    "@nestjs/throttler": "^6.4.0",
     "@nestjs/typeorm": "^11.0.0",
     "@types/nodemailer": "^6.4.17",
     "@types/speakeasy": "^2.0.10",

src/app.module.ts

@@ -1,3 +1,5 @@
+import { ThrottlerModule, ThrottlerGuard } from '@nestjs/throttler';
+import { APP_GUARD } from '@nestjs/core';
 import { MailerModule } from '@nestjs-modules/mailer';
 import { HandlebarsAdapter } from '@nestjs-modules/mailer/dist/adapters/handlebars.adapter';
 import { BullModule } from '@nestjs/bull';
@@ -71,8 +73,21 @@ import s3Config from '@config/s3.config';
       provide: 'APP_GUARD',
       useClass: AuthGuard,
     },
+    {
+      provide: APP_GUARD,
+      useClass: ThrottlerGuard, // Apply rate limiting globally
+    },
   ],
   imports: [
+    // Add ThrottlerModule here
+    ThrottlerModule.forRoot({
+      throttlers: [
+        {
+          ttl: 60000, //Time window in seconds (1 minute)
+          limit: 50, // Maximum number of requests within ttl
+        },
+      ],
+    }),
     ConfigModule.forRoot({
       /*
        * By default, the package looks for a env file in the root directory of the application.

src/modules/auth/auth.controller.ts

@@ -7,8 +7,10 @@ import {
   ApiTags,
   ApiUnauthorizedResponse,
 } from '@nestjs/swagger';
+
 import * as SYS_MSG from '@shared/constants/SystemMessages';
 import { Body, Controller, HttpCode, Post, Req, Request, Patch } from '@nestjs/common';
+
 import { CreateUserDTO } from './dto/create-user.dto';
 import { skipAuth } from '@shared/helpers/skipAuth';
 import AuthenticationService from './auth.service';
@@ -32,6 +34,8 @@ import { GenericAuthResponseDto } from './dto/generic-reponse.dto';
 import { UpdatePasswordDto } from './dto/updatePasswordDto';
 import { LoginErrorResponseDto } from './dto/login-error-dto';
 import { UpdateUserPasswordResponseDTO } from './dto/update-user-password.dto';
+import { Throttle } from '@nestjs/throttler';
+
 import { CustomHttpException } from '@shared/helpers/custom-http-filter';
 
 @ApiTags('Authentication')
@@ -43,6 +47,7 @@ export default class RegistrationController {
   @ApiOperation({ summary: 'User Registration' })
   @ApiResponse({ status: 201, description: 'Register a new user', type: SuccessCreateUserResponse })
   @ApiResponse({ status: 400, description: 'User already exists', type: ErrorCreateUserResponse })
+  @Throttle({ default: { limit: 25, ttl: 30000 } }) // 25 requests per 30 seconds
   @Post('register')
   @HttpCode(201)
   public async register(@Body() body: CreateUserDTO): Promise<any> {

src/modules/auth/tests/auth.service.spec.ts

@@ -16,10 +16,15 @@ import { OrganisationsService } from '@modules/organisations/organisations.servi
 import { User } from '@modules/user/entities/user.entity';
 import { Profile } from '@modules/profile/entities/profile.entity';
 import { LoginDto } from '../dto/login.dto';
+import { INestApplication } from '@nestjs/common';
+import { AppModule } from '../../../app.module';
+import * as request from 'supertest';
+
 import UserResponseDTO from '@modules/user/dto/user-response.dto';
 import { Otp } from '@modules/otp/entities/otp.entity';
 import { Verify2FADto } from '../dto/verify-2fa.dto';
 import { DataSource, EntityManager } from 'typeorm';
+
 jest.mock('speakeasy');
 
 describe('AuthenticationService', () => {

tsconfig.json

@@ -2,6 +2,7 @@
   "compilerOptions": {
     "module": "commonjs",
     "declaration": true,
+    "moduleResolution": "node",
     "removeComments": true,
     "emitDecoratorMetadata": true,
     "experimentalDecorators": true,