From da78300e3c1cf9689e7fa512759fb6e063440a7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Sep 2023 08:15:39 +0000
Subject: [PATCH 1/2] Bump express-rate-limit from 6.11.1 to 7.0.1

Bumps [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) from 6.11.1 to 7.0.1.
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Changelog](https://github.com/express-rate-limit/express-rate-limit/blob/main/changelog.md)
- [Commits](https://github.com/express-rate-limit/express-rate-limit/compare/v6.11.1...v7.0.1)

---
updated-dependencies:
- dependency-name: express-rate-limit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 packages/api/package.json | 2 +-
 yarn.lock                 | 7 +------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/packages/api/package.json b/packages/api/package.json
index 582eb7081..2c0f6ca31 100644
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -56,7 +56,7 @@
         "csvtojson": "2.0.10",
         "ethers": "5.7.2",
         "express": "4.18.2",
-        "express-rate-limit": "6.11.1",
+        "express-rate-limit": "7.0.1",
         "helmet": "4.6.0",
         "json2csv": "5.0.7",
         "jsonwebtoken": "9.0.0",
diff --git a/yarn.lock b/yarn.lock
index 6fb90cd6e..3836d4e13 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -13692,16 +13692,11 @@ exponential-backoff@^3.1.0, exponential-backoff@^3.1.1:
   resolved "https://registry.yarnpkg.com/exponential-backoff/-/exponential-backoff-3.1.1.tgz#64ac7526fe341ab18a39016cd22c787d01e00bf6"
   integrity sha512-dX7e/LHVJ6W3DE1MHWi9S1EYzDESENfLrYohG2G++ovZrYOkm4Knwa0mc1cn84xJOR4KEU0WSchhLbd0UklbHw==
 
-express-rate-limit@*:
+express-rate-limit@*, express-rate-limit@7.0.1:
   version "7.0.1"
   resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.0.1.tgz#933af24166990ea4fc8004335e6cd6c86fd31562"
   integrity sha512-oTIPm094gh8c7nbShl4TNLqnayzOcbDGY7dCRnFqUAvptyb0pp5231LaH34JtvVEbZlOJMiixikU5AVK8VN3FA==
 
-express-rate-limit@6.11.1:
-  version "6.11.1"
-  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-6.11.1.tgz#52e05c5d379cd5d06ae29665862436eb712e414a"
-  integrity sha512-8+UpWtQY25lJaa4+3WxDBGDcAu4atcTruSs3QSL5VPEplYy6kmk84wutG9rUkkK5LmMQQ7TFHWLZYITwVNbbEg==
-
 express-status-monitor@1.3.4:
   version "1.3.4"
   resolved "https://registry.yarnpkg.com/express-status-monitor/-/express-status-monitor-1.3.4.tgz#37a11aa450db2322307c28ea9c4781c8c46add45"

From eaccba7aef08b38cb622b222a8986f4150b5be41 Mon Sep 17 00:00:00 2001
From: Joao Pedro da Silva <joao@impactmarket.com>
Date: Wed, 27 Sep 2023 17:02:11 -0300
Subject: [PATCH 2/2] fix rate limit

---
 packages/api/src/middlewares/index.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/api/src/middlewares/index.ts b/packages/api/src/middlewares/index.ts
index 6708ef1a1..35c11359a 100644
--- a/packages/api/src/middlewares/index.ts
+++ b/packages/api/src/middlewares/index.ts
@@ -111,9 +111,12 @@ export function adminAuthentication(req: RequestWithUser, res: Response, next: N
 }
 
 export const rateLimiter = rateLimit({
-    max: config.maxRequestPerUser,
+    limit: config.maxRequestPerUser,
     message: `You have exceeded the ${config.maxRequestPerUser} requests in 15 minutes limit!`,
     headers: true,
+    validate: {
+        trustProxy: false
+    },
     // standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
     // legacyHeaders: false, // Disable the `X-RateLimit-*` headers
     // windowMs: 900000, // 15 minutes in milliseconds