From ffc97f15d1ea3c3f956ef745ff4377ed7de41cf6 Mon Sep 17 00:00:00 2001
From: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>
Date: Fri, 10 Feb 2023 18:43:54 +0530
Subject: [PATCH] fix(api): update mobile-auth ratelimit config (#49194)

* fix(api): use proper name for collection

* fix(api): use the x-forwarded-for ip address
---
 api-server/src/server/middlewares/rate-limit.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/api-server/src/server/middlewares/rate-limit.js b/api-server/src/server/middlewares/rate-limit.js
index 08f7b8e0d29..b461039a12c 100644
--- a/api-server/src/server/middlewares/rate-limit.js
+++ b/api-server/src/server/middlewares/rate-limit.js
@@ -11,7 +11,11 @@ export default function rateLimitMiddleware() {
     max: 10,
     standardHeaders: true,
     legacyHeaders: false,
+    keyGenerator: req => {
+      return req.headers['x-forwarded-for'] || 'localhost';
+    },
     store: new MongoStore({
+      collectionName: 'UserRateLimit',
       uri: url,
       expireTimeMs: 15 * 60 * 1000
     })