updated bootstrap and added retelimit

salman90 · salman90 · commit 1ff64ec2f3d2 · 2022-11-16T14:51:54.000-08:00
diff --git a/1-Authentication/1-sign-in/App/index.html b/1-Authentication/1-sign-in/App/index.html
@@ -6,20 +6,22 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
   <title>Microsoft identity platform</title>
   <link rel="SHORTCUT ICON" href="./favicon.svg" type="image/x-icon">
+  <link rel="stylesheet" href="./styles.css">
+
 
   <!-- msal.min.js can be used in the place of msal.js; included msal.js to make debug easy -->
   <script id="load-msal" src="https://alcdn.msauth.net/browser/2.31.0/js/msal-browser.js"
     integrity="sha384-BO4qQ2RTxj2akCJc7t6IdU9aRg6do4LGIkVVa01Hm33jxM+v2G+4q+vZjmOCywYq"
     crossorigin="anonymous"></script>
 
-  <!-- adding Bootstrap 4 for UI components  -->
-  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+  <!-- adding Bootstrap 5 for UI components  -->
+  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-Zenh87qX5JnK2Jl0vWa8Ck2rdkQ2Bzep5IDxbcnCeuOxjzrPF/et3URy9Bv1WTRi" crossorigin="anonymous">
 </head>
 
 <body>
-  <nav class="navbar navbar-expand-lg navbar-dark bg-primary">
+  <nav class="navbar navbar-expand-lg navbar-dark bg-primary navbarStyle">
     <a class="navbar-brand" href="/">Microsoft identity platform</a>
-    <div class="btn-group ml-auto dropleft">
+    <div class="collapse navbar-collapse justify-content-end">
       <button type="button" id="signIn" class="btn btn-secondary" onclick="signIn()">Sign-in</button>
       <button type="button" id="signOut" class="btn btn-success d-none" onclick="signOut()">Sign-out</button>
     </div>
@@ -50,12 +52,10 @@ <h5 id="welcome-div" class="card-header text-center d-none"></h5>
   <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" 
   integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous">
   </script>
-  <script src="https://cdn.jsdelivr.net/npm/popper.js@1.14.7/dist/umd/popper.min.js" 
-  integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous">
-  </script>
-  <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.min.js" 
-  integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous">
-  </script>
+  <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js" integrity="sha384-oBqDVmMz9ATKxIep9tiCxS/Z9fNfEXiDAYTujMAeBAsjFuCZSmKbSSUnQlmh/jp3" crossorigin="anonymous"></script>
+
+  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-OERcA2EqjJCMA+/3y+gxIOqMEjwtxJY7qPCqsdltbNJuaOe923+mo//f6V8Qbsw3" crossorigin="anonymous"></script>
+
 
   <!-- importing app scripts (load order is important) -->
   <script type="text/javascript" src="./authConfig.js"></script>
diff --git a/1-Authentication/1-sign-in/App/styles.css b/1-Authentication/1-sign-in/App/styles.css
@@ -0,0 +1,3 @@
+.navbarStyle {
+    padding: .5rem 1rem !important;
+}
diff --git a/1-Authentication/1-sign-in/package-lock.json b/1-Authentication/1-sign-in/package-lock.json
diff --git a/1-Authentication/1-sign-in/package.json b/1-Authentication/1-sign-in/package.json
@@ -30,6 +30,7 @@
   "homepage": "https://github.com/Azure-Samples/ms-identity-javascript-tutorial#readme",
   "dependencies": {
     "express": "^4.18.2",
+    "express-rate-limit": "^6.7.0",
     "morgan": "^1.10.0"
   },
   "devDependencies": {
diff --git a/1-Authentication/1-sign-in/server.js b/1-Authentication/1-sign-in/server.js
@@ -2,11 +2,34 @@ const express = require('express');
 const morgan = require('morgan');
 const path = require('path');
 
+const rateLimit = require('express-rate-limit');
+
+
 const DEFAULT_PORT = process.env.PORT || 3000;
 
 // initialize express.
 const app = express();
 
+
+/**
+ * HTTP request handlers should not perform expensive operations such as accessing the file system,
+ * executing an operating system command or interacting with a database without limiting the rate at
+ * which requests are accepted. Otherwise, the application becomes vulnerable to denial-of-service attacks
+ * where an attacker can cause the application to crash or become unresponsive by issuing a large number of
+ * requests at the same time. For more information, visit: https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html
+ */
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
+    standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
+    legacyHeaders: false, // Disable the `X-RateLimit-*` headers
+});
+
+
+// Apply the rate limiting middleware to all requests
+app.use(limiter);
+
+
 // Configure morgan module to log all requests.
 app.use(morgan('dev'));
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+.navbarStyle {`
	`2`	`+ padding: .5rem 1rem !important;`
	`3`	`+}`