npm
Sign UpSign In

ration.js

2.1.0 • Public • Published

Ration.js

Author: Austin K. Smith

Website: Github

Description: 100% Vanilla Javascript Rate Limiting / DDOS Protection Library

License: Artistic License 2.0

About

Ration.js is 100% Vanilla Javascript Rate Limiting / DDOS Protection Library for use with Node.js / Express, inspired by Network Tarpits it works the same way to intentionally slow down requests from users who are making too many requests within a limited timeframe.

Install

  • Add Ration.js to your project using the instructions below

Node

  • Use npm install to add the project to your dependencies npm install --save ration.js
  • Require the npm module in your app.js file
    const ration = require('ration.js');

Then make sure your app is set to use ration with the following

// Declare Application
let app = express();

/* Set Ration.js Options */
const rations = {
  maxRequestsPerTimeFrame: 600,
  timeFrameInSeconds: 30,
  removeRecordsAfter: (1000 * 60 * 5),
  dropConnections: false
};

/* Initialize Ration.js */
rationjs.setRations(rations);

/* Use Ration.js */
app.use(rationjs.startRations);

Ration.js Options

  • maxRequestsPerTimeFrame - This is the maximum number of requests you want to allow an unique visitor within the timeFrameInSeconds time period. Value should be an Integer - Defaults to 600.
  • timeFrameInSeconds - This is the time frame you want to limit the number of requests within eg. Use 1 to limit requests by individual seconds - Defaults to 30
  • removeRecordsAfter - This is the amount of time since the requestors last request that the requestors records are kept in memory - milliseconds - Defaults to 30000 (ie. 5 minutes).
  • dropConnections - This new option changes how the library operates to forcabily drop connections from users who have exceeded their rations instead of processing requests with a delay.

How it works

The library acts as a middleware layer for incoming requests to your Node.js/Express application, with each unique visitor a request record is created and saved internally to keep track of time interval between each new request and the previous request. If the number of requests exceeds the set limit of requests within the set time threadshold, requests by the offending users are then delayed using a delayMultiplier, this delayMultiplier is doubled for each request exceeding the number of requests allowed within the set time.

If the time difference between the last request and the current request exceeds the removeRecordsAfter time frame setting, the request count for the user is reset to 1.

If there are no new requests from a unique visitor within the removeRecordsAfter time frame setting, their request records are removed automatically to prevent the visits log from growing using too much memory.

Readme

Keywords

Package Sidebar

Install

npm i ration.js

Repository

github.com/austinksmith/Ration.js

Homepage

github.com/austinksmith/Ration.js

Weekly Downloads

1

Version

2.1.0

License

Artistic-2.0

Unpacked Size

39.1 kB

Total Files

10

Last publish

Collaborators

  • advanced.kinetic.systems
Try on RunKit
Report malware