Express rate-limiter
Rate limiting middleware for Express applications built on redis
npm install express-limiter --save
var express =var app =var client =var limiter = app client/*** you may also pass it an Express 4.0 `Router`** router = express.Router()* limiter = require('express-limiter')(router, client)*/app
API options
path
:String
optional route path to the requestmethod
:String
optional http method. acceptsget
,post
,put
,delete
, and of course Express'all
lookup
:Function|String|Array.<String>
value lookup on the request object. Can be a single value, array or function. See examples for common usagestotal
:Number
allowed number of requests before getting rate limitedexpire
:Number
amount of time inms
before the rate-limited is resetwhitelist
:function(req)
optional param allowing the ability to whitelist. returnboolean
,true
to whitelist,false
to passthru to limiter.skipHeaders
:Boolean
whether to skip sending HTTP headers for rate limits ()ignoreErrors
:Boolean
whether errors generated from redis should allow the middleware to call next(). Defaults to false.onRateLimited
:Function
called when a request exceeds the configured rate limit.
Examples
// limit by IP address// or if you are behind a trusted proxy (like nginx)// by user (assuming a user is logged in with a valid id)// limit your entire app// limit users on same IP// whitelist user admins// skip sending HTTP limit headers// call a custom limit handler// with a function for dynamic-ness
as direct middleware
app
License MIT
Happy Rate Limiting!