http-ratelimit

0.2.3 • Public • Published

HTTP-RateLimit v0.2.3

This package counts the incoming client requests and determines whether a requesting client has reached a specified request threshold per defined timeframe






Installation:

npm i http-ratelimit






Example Usage:

const http = require("http"); // also works with the https package
const rateLimit = require("http-ratelimit");
 
 
http.createServer((req, res) => {
    rateLimit.inboundRequest(req); // this function has to run in the createServer callback, optimally at the very top of it like shown here
 
    if(rateLimit.isRateLimited(req, 20) === true) { // this checks whether the request is from an IP that has already sent x amount of requests in the defined timeframe (two minutes in this example). x is specified with the second attribute.
        // if this part is reached, that means the requester has sent more than 20 requests in two minutes
        // it is best to end the request here with status code 429, like the following lines suggest:
 
        res.writeHead(429, {"Content-Type": "text/plain; utf-8"});
        res.end("Too many requests - max is 20 requests in two minutes");
    }
    else {
        // the requester has sent less than 20 requests in the defined timeframe (two minutes in this example)
        // do your normal stuff here
 
        res.writeHead(200, {"Content-Type": "text/plain; utf-8"});
        res.end("https://data.whicdn.com/images/325197845/superthumb.jpg");
    }
 
}).listen(80, null, err => {
    if(!err) {
        // server was successfully started
        rateLimit.init(2, true); // HTTP-RateLimit has to be initialized before running any other function. It's best to put it right in here.
        // In this example, a timeframe of two minutes is chosen (first parameter) - (defaults to 1 if left undefined)
        // If you are using a reverse proxy, the second parameter has to be set to true - (defaults to false if left undefined)
 
        console.log("success");
    }
    else {
        // error while starting server
        console.log(`Error: ${err}`);
        process.exit(1);
    }
});






Function List:

  • rateLimit.init(timeframe: Number, usingReverseProxy: Boolean) - Initializes all variables etc. | If you are using a reverse proxy, make sure to set the second parameter to true as then the IP address has to be pulled from the "x-forwarded-for" request header
  • rateLimit.inboundRequest(req: http.IncomingMessage) - Adds the requestee's IP address to the list of requests per timeframe
  • rateLimit.isRateLimited(req: http.IncomingMessage, requestLimitPerMinute: Number) - Checks if the request's IP address occurs more than requestLimitPerMinute times in the above mentioned list and should therefore be rate limited | Returns true or false




Back to the Top

Package Sidebar

Install

npm i http-ratelimit

Weekly Downloads

9

Version

0.2.3

License

MIT (https://sv443.net/LICENSE)

Unpacked Size

10.7 kB

Total Files

4

Last publish

Collaborators

  • sv443