Skip to content

Latest commit

 

History

History
160 lines (124 loc) · 3.5 KB

README.md

File metadata and controls

160 lines (124 loc) · 3.5 KB

express-limit Build Status

express-limit is a small project that add rate limitations to your API.

Installation

npm install --save express-limit

Usage

const limit = require("express-limit").limit;

app.get(
  "/api/users",
  limit({
    max: 5, // 5 requests
    period: 60 * 1000, // per minute (60 seconds)
  }),
  function (req, res) {
    res.status(200).json({});
  }
);

Options

{
  (max = 60), // Maximum request per period
    (period = 60 * 1000), // Period in milliseconds
    (prefix = "rate-limit-"), // Prefix of the key
    (status = 429), // Status code in case of rate limit reached
    (message = "Too many requests"), // Message in case of rate limit reached
    (identifier = (request) => {
      // The identifier function/value of the key (IP by default, could be "req.user.id")
      return request.ip || request.ips; // Read from Default properties
    }),
    (headers = {
      // Headers names
      remaining: "X-RateLimit-Remaining",
      reset: "X-RateLimit-Reset",
      limit: "X-RateLimit-Limit",
    }),
    (store = new Store()); // The storage, default storage: in-memory
}

In some cases, you could want to skip the limitation you made for trusted client. In this case, you can add a special field in the request object:

req._skip_limits = true;

Also, you could want to add specific limitations for a special client. In this case, you can add a special field in the request object:

req._custom_limits = {
  max: 1000, // 1000 requests
  period: 60 * 1000, // per minutes
};

Just don't forget where you place this modification! It could be applied for all routes!

Available Stores

Actually, two stores have been made:

  • InMemoryStore (default store, nothing to do)
const RateLimiter = require("express-limit").RateLimiter;
const InMemoryStore = require("express-limit").InMemoryStore;

const store = new InMemoryStore();

const limit = (options = {}) => {
  options.store = store;

  return new RateLimiter(options).middleware;
};

app.get(
  "/api/users",
  limit({
    max: 5, // 5 requests
    period: 60 * 1000, // per minute (60 seconds)
  }),
  function (req, res) {
    res.status(200).json({});
  }
);
  • RedisStore
const redis = require("redis");
const client = redis.createClient();

const RateLimiter = require("express-limit").RateLimiter;
const RedisStore = require("express-limit").RedisStore;

const store = new RedisStore(client);

const limit = (options = {}) => {
  options.store = store;

  return new RateLimiter(options).middleware;
};

app.get(
  "/api/users",
  limit({
    max: 5, // 5 requests
    period: 60 * 1000, // per minute (60 seconds)
  }),
  function (req, res) {
    res.status(200).json({});
  }
);
  • RedisLegacyStore (node-redis v3 or node-redis v4 with legacyMode true)
const redis = require("redis");
const client = redis.createClient({
  legacyMode: true,
});

const RateLimiter = require("express-limit").RateLimiter;
const RedisLegacyStore = require("express-limit").RedisLegacyStore;

const store = new RedisLegacyStore(client);

const limit = (options = {}) => {
  options.store = store;

  return new RateLimiter(options).middleware;
};

app.get(
  "/api/users",
  limit({
    max: 5, // 5 requests
    period: 60 * 1000, // per minute (60 seconds)
  }),
  function (req, res) {
    res.status(200).json({});
  }
);

Keep in touch!