ratelimit-middleware
Rate limit middleware for expressjs
var ratelimit = ;var app = ; app
ratelimit(options)
Creates an API rate limiter that can be plugged into the standard restify request handling pipeline.
This throttle gives you three options on which to throttle: username, IP address and 'X-Forwarded-For'. IP/XFF is a /32 match, so keep that in mind if using it. Username takes the user specified on req.username (which gets automagically set for supported Authorization types; otherwise set it yourself with a filter that runs before this).
In both cases, you can set a burst
and a rate
(in requests/seconds),
as an integer/float. Those really translate to the TokenBucket
algorithm, so read up on that (or see the comments above...).
In either case, the top level options burst/rate set a blanket throttling
rate, and then you can pass in an overrides
object with rates for
specific users/IPs. You should use overrides sparingly, as we make a new
TokenBucket to track each.
Options
Name | Default | Type | Description |
---|---|---|---|
rate | - | Number | Steady state number of requests/second to allow |
burst | - | Number | Amount of requests to burst to |
ip | true | Boolean | Throttle on /32 (source id) |
xff | false | Boolean | Throttle on /32 X-Forwarded-For header |
username | false | Boolean | Throttle on req.username |
overrides | null | Object | Per "key" overrides |
tokensTable | - | Object | Storage engine |
maxKeys | 10000 | Number | Maximum distinct throttling keys to allow at a time |
Overrides
burst: 10 rate: 05 ip: true overrides: '192.168.1.1': burst: 0 rate: 0 // unlimited '192.168.1.192/27': burst: 0 rate: 0 }
Handle Ratelimit errors
If a request with exceed the rate limit and cannot be processed, the next
middleware will be invoked with an Error
argument. The error instance will have a status
field with code 429
and a message
indicating the user has exceeded their quota You have exceeded your request rate of %s r/s.
You can handle this response by providing error handling middleware in your express app.
var app = ; app
Prior art
This module is repackaged code from the restify library throttle plugin for use with expressjs
License
MIT
See LICENSE.restify for restify's license.