ratelimiter
Rate limiter for Node.js backed by Redis.
Release Notes
See CHANGELOG
Requirements
- Redis 2.6.12+ and Node >=7.6
Installation
$ npm install @destinationstransfers/ratelimiter
Example
Example Koa middleware implementation limiting against a user._id:
const Limiter = require('@destinationstransfers/ratelimiter')
const ms = require('ms');
const redis = require('redis');
const db = redis.createClient(...);
const limiter = new Limiter({ db });
...
app.use('*', async (ctx, next) => {
const limit = await limiter.get(ctx.session.user._id || ctx.ip);
ctx.set("X-RateLimit-Limit", limit.total);
ctx.set("X-RateLimit-Remaining", limit.remaining - 1);
ctx.set("X-RateLimit-Reset", limit.reset);
// all good
debug("remaining %s/%s %s", limit.remaining - 1, limit.total, id);
if (limit.remaining) return next();
// not good
const delta = (limit.reset * 1000 - Date.now()) | 0;
const after = (limit.reset - Date.now() / 1000) | 0;
ctx.set("Retry-After", after);
ctx.throw(429, "Rate limit exceeded, retry in " + ms(delta, { long: true }));
})Result Object
-
total-maxvalue -
remaining- number of calls left in currentdurationwithout decreasing currentget -
reset- time in milliseconds until the end of currentduration
Options
Constructor parameters:
-
db- redis connection instance -
max- max requests withinduration[2500] -
duration- of limit in milliseconds [3600000]
.get parameter:
-
id- the identifier to limit against (typically a user id or IP, or token)
License
MIT