Skip to content

feat(dashboard): implement threat analytics dashboard and backend rate limiting (fixes #172)#188

Open
Diwakar-odds wants to merge 1 commit into
Mrinalray:mainfrom
Diwakar-odds:feat/issue-172-dashboard-rate-limiting
Open

feat(dashboard): implement threat analytics dashboard and backend rate limiting (fixes #172)#188
Diwakar-odds wants to merge 1 commit into
Mrinalray:mainfrom
Diwakar-odds:feat/issue-172-dashboard-rate-limiting

Conversation

@Diwakar-odds

Copy link
Copy Markdown

Summary

This PR implements backend rate limiting to secure the /check API endpoint against abuse and restructures the Threat Analytics Dashboard to support sortable columns for better user experience.

Motivation

Fixes #172
The /check endpoint lacked protection against brute-force or spam requests, leading to potential exhaustion of the Google Safe Browsing API quota. Additionally, the dashboard's analytics and history logic was tightly coupled within dashboard.html, and the "Recent Scans" table lacked sorting features, which degraded the UX for users analyzing their history.

Changes

  • Modified package.json: Added express-rate-limit dependency.
  • Modified server.js: Imported express-rate-limit and applied a 15-minute, 100-request rate limiter to the /check endpoint to prevent abuse.
  • Modified dashboard.html: Extracted inline JavaScript related to Chart.js and localStorage out into an external script file.
  • Created public/dashboard.js: Migrated all dashboard logic here and implemented a new sorting functionality for the Recent Scans table, allowing sorting by URL, Result, and Timestamp.

Acceptance Criteria

  • Backend API rate limiting implemented for the /check route.
  • JavaScript logic extracted from dashboard.html to a dedicated file.
  • Recent Scans table features sortable columns.

Impact & Side Effects

  • Users making more than 100 URL scan requests within 15 minutes will receive a 429 Too Many Requests response.
  • No breaking changes for standard usage.

How to Test

  1. Clone the repository and checkout this branch.
  2. Run npm install to install the new express-rate-limit package.
  3. Start the server with node server.js.
  4. Open dashboard.html in the browser, populate some scans, and click the table headers ("URL", "Result", "Scanned") to verify the sorting works in both ascending and descending order.
  5. To test rate limiting, use a script or loop to send over 100 POST requests to http://localhost:3000/check. Verify the 101st request returns a 429 status code.

Quality Checklist

  • Run node -c server.js to verify syntax.
  • Run node -c public/dashboard.js to verify syntax.
  • Ensured no scratch files are included in the commit.
  • Commit follows Conventional Commits format.

@Diwakar-odds

Copy link
Copy Markdown
Author

Hi maintainers! 👋 Could I please get a review on this PR?

Technical Analysis

This PR addresses both frontend modularity and backend security requirements outlined in #172:

  • Backend: Implemented an IP-based rate limiter using express-rate-limit to secure the /check endpoint against abuse (100 reqs / 15 mins).
  • Frontend: Successfully decoupled the analytics, Chart.js, and localStorage logic from dashboard.html into a dedicated public/dashboard.js script. Furthermore, a custom client-side sorting functionality was implemented for the "Recent Scans" table, allowing dynamic ascending/descending sorts by clicking the headers.

ECSoC '26 Label Request

Based on the provided ECSoC '26 scoring criteria, I'd like to request the following labels for this PR:

  • ECSoC26 (required for tracking)
  • Level 3 (15 XP) - This PR modifies core backend logic by adding security rate-limiting middleware, aligning with the Core/Perf category.
  • good-backend (50 XP) - The addition of express-rate-limit enhances the backend's resilience and directly touches server-side logic and security.
  • good-ui (25 XP) - A completely new interactive sorting capability was implemented for the analytics dashboard table.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[FEATURE REQUEST]: Implement Threat Analytics Dashboard and Backend Rate Limiting

1 participant