added stack trace to some logging

2025-12-25 18:41:42 -05:00
parent b02ec19d5c
commit 76e4039ba8
15 changed files with 307 additions and 173 deletions
--- a/backend/middleware/rateLimiter.js
+++ b/backend/middleware/rateLimiter.js
@@ -1,4 +1,5 @@
 const rateLimit = require("express-rate-limit");
+const logger = require("../utils/logger");

 // General rate limiter for Maps API endpoints
 const createMapsRateLimiter = (windowMs, max, message) => {
@@ -111,6 +112,21 @@ const uploadPresignLimiter = createUserBasedRateLimiter(
  "Too many upload requests. Please slow down."
 );

+// Helper to create a rate limit handler that logs the event
+const createRateLimitHandler = (limiterName) => (req, res, next, options) => {
+  const reqLogger = logger.withRequestId(req.id);
+  reqLogger.warn('Rate limit exceeded', {
+    limiter: limiterName,
+    ip: req.ip,
+    userId: req.user?.id || 'anonymous',
+    method: req.method,
+    url: req.url,
+    userAgent: req.get('User-Agent'),
+    message: options.message?.error || 'Rate limit exceeded'
+  });
+  res.status(options.statusCode).json(options.message);
+};
+
 // Authentication rate limiters
 const authRateLimiters = {
  // Login rate limiter - stricter to prevent brute force
@@ -124,6 +140,7 @@ const authRateLimiters = {
    standardHeaders: true,
    legacyHeaders: false,
    skipSuccessfulRequests: true, // Don't count successful logins
+    handler: createRateLimitHandler('login'),
  }),

  // Registration rate limiter
@@ -136,6 +153,7 @@ const authRateLimiters = {
    },
    standardHeaders: true,
    legacyHeaders: false,
+    handler: createRateLimitHandler('register'),
  }),

  // Password reset rate limiter
@@ -148,6 +166,7 @@ const authRateLimiters = {
    },
    standardHeaders: true,
    legacyHeaders: false,
+    handler: createRateLimitHandler('passwordReset'),
  }),

  // Alpha code validation rate limiter
@@ -160,6 +179,7 @@ const authRateLimiters = {
    },
    standardHeaders: true,
    legacyHeaders: false,
+    handler: createRateLimitHandler('alphaCodeValidation'),
  }),

  // Email verification rate limiter - protect against brute force on 6-digit codes
@@ -172,6 +192,7 @@ const authRateLimiters = {
    },
    standardHeaders: true,
    legacyHeaders: false,
+    handler: createRateLimitHandler('emailVerification'),
  }),

  // General API rate limiter
@@ -184,6 +205,7 @@ const authRateLimiters = {
    },
    standardHeaders: true,
    legacyHeaders: false,
+    handler: createRateLimitHandler('general'),
  }),
 };