From 2feef397df9de6f66b8f01bf20d0bd98147373a9 Mon Sep 17 00:00:00 2001
From: "theis.gaedigk" <theis.gaedigk@icloud.com>
Date: Sat, 23 May 2026 12:42:18 +0200
Subject: [PATCH] edited rate limiter

---
 backend/server.js | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/backend/server.js b/backend/server.js
index be1bbeb..1cc4876 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -4,7 +4,7 @@ import env from "dotenv";
 env.config();
 const app = express();
 const port = 7001;
-import rateLimit from "express-rate-limit";
+import { rateLimit } from "express-rate-limit";
 
 app.use(cors());
 app.use(express.urlencoded({ extended: true }));
@@ -13,14 +13,15 @@ app.use(express.json());
 
 const limits = {
   time: 1, // = 1 minute
-  requests: 10,
-  message: "Too many requests from this IP, please try again in 15 minutes",
+  requests: 10, // = maximum 10 requests
 };
 
 const limiter = rateLimit({
   windowMs: limits.time * 60 * 1000,
-  max: limits.requests,
-  message: limits.message,
+  limit: limits.requests,
+  standardHeaders: "draft-8", // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
+  legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
+  ipv6Subnet: 56, // Set to 60 or 64 to be less aggressive, or 52 or 48 to be more aggressive
 });
 
 app.use(limiter);