From 3ad47820214da0ac79b1fcb0954cfe4f2337aa85 Mon Sep 17 00:00:00 2001
From: Jake Kasper <jake.kasper@hpe.com>
Date: Sat, 23 Aug 2025 14:16:47 -0400
Subject: [PATCH] rate limiting

---
 backend/src/app.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/backend/src/app.js b/backend/src/app.js
index b454727..7e3b1a3 100644
--- a/backend/src/app.js
+++ b/backend/src/app.js
@@ -39,10 +39,10 @@ app.use(helmet({
   }
 }));
 
-// Rate limiting
+// Rate limiting - relaxed for development
 const limiter = rateLimit({
   windowMs: 15 * 60 * 1000, // 15 minutes
-  max: 100, // Limit each IP to 100 requests per windowMs
+  max: 1000, // Increased to 1000 requests per 15 minutes for development
   message: 'Too many requests from this IP, please try again later.',
   standardHeaders: true,
   legacyHeaders: false,
@@ -52,7 +52,7 @@ app.use(limiter);
 // Stricter rate limiting for auth routes
 const authLimiter = rateLimit({
   windowMs: 15 * 60 * 1000, // 15 minutes
-  max: 50, // Limit each IP to 50 auth requests per windowMs (increased for development)
+  max: 200, // Increased to 200 auth requests per 15 minutes for development
   message: 'Too many authentication attempts, please try again later.',
   standardHeaders: true,
   legacyHeaders: false,