a111d2930d
Task #11: Formular gegen Spam schützen - Installed `express-rate-limit` (^8.5.2) as a runtime dependency in `@workspace/api-server` - Created a rate limiter (5 requests per IP per hour, 1-hour sliding window) using `rateLimit()` from express-rate-limit - Applied the limiter as inline middleware on POST /contact so it runs before the handler - On limit exceeded the API returns HTTP 429 with a German-language JSON error: { success: false, message: "Zu viele Anfragen. Bitte versuchen Sie es in einer Stunde erneut." } - Uses `standardHeaders: "draft-8"` (RateLimit header group) and disables legacy X-RateLimit-* headers - Added `app.set("trust proxy", 1)` in app.ts so that Express reads the real client IP from X-Forwarded-For (set by Replit's reverse proxy), ensuring the rate limit is applied per actual client rather than per proxy IP - No other changes to the contact handler flow No deviations from the task description. Replit-Task-Id: de2cecbd-511f-4046-8e87-567ec96e19fb
949 B
949 B