fastify-rate-limit
A low overhead rate limiter for your routes. Supports Fastify 2.x
versions.
Please refer to this branch and related versions for Fastify 1.x compatibility.
Install
npm i fastify-rate-limit
Usage
Register the plugin pass to it some custom option.
This plugin will add an onRequest
hook to check if the clients (based on their ip) has done too many request in the given timeWindow.
const fastify = fastify fastify fastify
In case a client reaches the maximum number of allowed requests, a standard Fastify error will be returned to the user with the status code setted to 429
:
statusCode: 429 error: 'Too Many Requests' message: 'Rate limit exceeded, retry in 1 minute'
Options
You can pass the following options during the plugin registration, the values will be used in all the routes.
fastify
max
: is the maximum number of requests a single client can perform inside a timeWindow.timeWindow:
the duration of the time window, can be expressed in milliseconds (as a number) or as a string, seems
too see the supported formats.cache
: this plugin internally uses a lru cache to handle the clients, you can change the size of the cache with this option.whitelist
: array of string of ips to exclude from rate limiting.redis
: by default this plugins uses an in-memory store, which is fast but if you application works on more than one server it is useless, since the data is store locally.
You can pass a Redis client here and magically the issue is solved. To achieve the maximum speed, this plugins requires the use ofioredis
.skipOnError
: iftrue
it will skip errors generated by the storage (eg, redis not reachable).keyGenerator
: a function to generate a unique identifier for each incoming request. Defaults to(req) => req.ip
, the IP is resolved by fastify usingreq.connection.remoteAddress
orreq.headers['x-forwarded-for']
if trustProxy option is enabled. Use it if you want to override this behavior. Example usage:
fastify
License
Copyright © 2018 Tomas Della Vedova