node-ratelimiter
Rate limiter for Node.js.
Release Notes
v3.1.0 - #7 - Fix memory adapter & #8 new id retrieval method (no breaking change)
v3.0.0 - Add multiple adapters support (redis, memory, null)
v2.1.2 - #17 by @waleedsamy - Add Travis CI support
v2.1.1 - #13 by @kwizzn - Fixes out-of-sync TTLs after running decr()
v2.1.0 - #12 by @luin - Adding support for ioredis
v2.0.1 - #9 by @ruimarinho - Update redis commands to use array notation.
v2.0.0 - API CHANGE - Change remaining
to include current call instead of decreasing it. Decreasing caused an off-by-one problem and caller could not distinguish between last legit call and a rejected call.
Requirements
- Redis 2.6.12+.
Installation
$ npm install node-ratelimiter
Example
Example Connect middleware implementation limiting against a user._id
:
var Limiter = ;var redisAdapter = LimiterredisAdapter; var limiter = id: requser_id ; limiter;
Result Object
total
-max
valueremaining
- number of calls left in currentduration
without decreasing currentget
reset
- time in milliseconds until the end of currentduration
Options
id
- the identifier to limit against (typically a user id)max [Number]
- max requests withinduration
[2500]duration [Number]
- of limit in milliseconds [3600000]
Adapters
RedisAdapter
Initialize a new adapter with:
var redis = ;var Limiter = ;var redisAdapter = LimiterredisAdapter; var adapter = ;
MemoryAdapter
This adapter is meant to be used in dev. Do not use it in production.
Initialize a new adapter with:
var Limiter = ;var memoryAdapter = LimitermemoryAdapter; var adapter = ;
NullAdapter
This adapter is meant to be used for tests only when you want to disable the rate limiting.
Initialize a new adapter with:
var Limiter = ;var nullAdapter = LimiternullAdapter; var adapter = ;
Custom adapter
The adapter passed to the Limiter
constructor should be a function accepting the following parameters:
id [String]
: the identifier being limited (for example: an ip address)max [Number]
: the number of calls accepted before being rate-limitedduration [Number]
: the duration after which the counter will be reset
The function should return an object with the following methods:
-
newHit()
: registers a new hit and returns the result objecttotal
-max
valueremaining
- number of calls left in currentduration
without decreasing currentget
reset
- time in milliseconds until the end of currentduration
-
get()
: returns the result object without increasing the hit countertotal
-max
valueremaining
- number of calls left in currentduration
without decreasing currentget
reset
- time in milliseconds until the end of currentduration
License
MIT