Implement cost-optimized bootstrap-ready ASL biometric system#3
Implement cost-optimized bootstrap-ready ASL biometric system#3pinkycollie with Copilot wants to merge 3 commits into
Conversation
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
Co-authored-by: pinkycollie <199848471+pinkycollie@users.noreply.github.com>
| app.post('/api/telehealth/session/:sessionId/verify', rateLimitMiddleware, async (req, res) => { | ||
| try { | ||
| const { sessionId } = req.params; | ||
| const { motionSequence } = req.body; | ||
|
|
||
| if (!motionSequence) { | ||
| return res.status(400).json({ | ||
| success: false, | ||
| error: 'motionSequence is required', | ||
| }); | ||
| } | ||
|
|
||
| const result = await verifyPatientIdentity(sessionId, motionSequence); | ||
| res.json(result); | ||
| } catch (error) { | ||
| console.error('Verification error:', error); | ||
| res.status(500).json({ | ||
| success: false, | ||
| error: 'Failed to verify identity', | ||
| }); | ||
| } | ||
| }); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
To properly rate-limit the authorization (verify identity) and enrollment endpoints, we should use a proven rate-limiting middleware such as express-rate-limit. We need to import express-rate-limit, define a suitable limiter instance that governs how many requests can be made to these endpoints within a given time window, and replace or add the rateLimitMiddleware reference to use it. The code block should also show the initialization of the limiter before route definitions, and apply it directly to the sensitive endpoints (enroll and verify). Specifically, add the following to services/asl-biometrics/src/index.ts:
- Import the express-rate-limit package.
- Define a limiter instance (e.g., 100 requests per 15 minutes, or a stricter limit as appropriate for biometric operations).
- Remove/replace the placeholder
rateLimitMiddlewarewith the new limiter in the route definitions.
| @@ -9,7 +9,7 @@ | ||
| import cors from 'cors'; | ||
| import helmet from 'helmet'; | ||
| import dotenv from 'dotenv'; | ||
|
|
||
| import rateLimit from 'express-rate-limit'; | ||
| import { MotionSequenceSchema } from './modules/hand-motion-detection.js'; | ||
| import { getUserProfile, deleteUserBiometrics } from './modules/identity-matching.js'; | ||
| import { generateVerificationChallenge, analyzeGesture } from './modules/motion-analysis.js'; | ||
| @@ -26,6 +26,16 @@ | ||
|
|
||
| dotenv.config(); | ||
|
|
||
|
|
||
| // Rate limiter for sensitive endpoints (biometrics and verification) | ||
| const rateLimitMiddleware = rateLimit({ | ||
| windowMs: 15 * 60 * 1000, // 15 minutes | ||
| max: 20, // max 20 requests per windowMs per IP (adjust as appropriate) | ||
| message: { | ||
| success: false, | ||
| error: 'Too many requests, please try again later.' | ||
| }, | ||
| }); | ||
| const app = express(); | ||
| const PORT = process.env.ASL_BIOMETRICS_PORT || 3007; | ||
|
|
| @@ -20,7 +20,8 @@ | ||
| "dotenv": "^16.4.5", | ||
| "sharp": "^0.33.5", | ||
| "zod": "^3.23.8", | ||
| "uuid": "^9.0.0" | ||
| "uuid": "^9.0.0", | ||
| "express-rate-limit": "^8.2.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@types/express": "^5.0.0", |
| Package | Version | Security advisories |
| express-rate-limit (npm) | 8.2.1 | None |
Adds ASL-based biometric identity verification for telehealth, optimized for free-tier cloud deployment (Vercel, Supabase, Railway).
ASL Biometrics Service (
services/asl-biometrics/)BIOMETRIC_VERIFICATION_THRESHOLDFree-Tier Deployment (
configs/deployment/free-tier/)Legal Templates (
legal/)Security
/verifyand/enrollendpoints (10 req/min per IP+session)Lean dependencies: express, cors, helmet, sharp, zod, uuid. No cloud AI costs—detection runs client-side via MediaPipe.
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
https://api.github.com//advisories/home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js(http block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
This pull request was created as a result of the following prompt from Copilot chat.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.