<img width="320" src="https://i.ibb.co/1rvrF22/redimiter.png" alt="Redimiter">
$ npm install redimiter
Connect to Redis
Create a simple
Redimiter instance and pass a redis client as an argument.
const redis = ;const redimiter = redis;
If you pass no arguments to the Redis constructor, as shown above, it will automatically connect to a local Redis server which is great for developement.
Using as express middleware
Simply add it as middleware with no args and it will rate limit 10 requests/second using the client's ip address:
app = ;const rateLimiter = redimiterapp;
You can easily add customizable rate limiting on each path using the rateLimiter method options argument,
app = ;const rateLimiter = redimiter;const pagesOptions =path: "GET/pages"expire: 30000limit: 20;const catsOptions = path: "/cats" ;app;app;
group similar requests easily,
app = ;const rateLimiter = redimiter;const getLimit = ;const postLimit = ;app;app;app;app;app;app;
or use a general one size fits all:
app = ;const rateLimiter = redimiter;const limit = ;app;app;
Using as Promise
You can also return a promise:
const rateLimiterPromise = redimiter;const options =username: 'name'action: 'createComment'
Redimiter is a contructor that takes a redis client as an argument.
;;redis = ;redimiter = redis;
It is tested to work with both ioredis and node_redis clients.
.rateLimiter is an Express middleware.
It stores the ip of the client + optional path (
ip:path) as a Redis list and for each client request it adds an item. This sum of items can be called the rate score and is compared to the rate limit to determine if the client request should be allowed. Once over the rate limit the score is no longer increased and requests are blocked, unless overdrive is set to true (see below). The list has an expiration time and when it expires the the whole process repeats after the next client request from the same ip.
|path||A string that will be appended to the client's ip, used as the key in Redis.|
|expire||1,000||The miliseconds before Redis key expires.|
|limit||10||The number at which client requests will be limited.|
With no option object arg,
rateLimiter() defaults to 10 requests per second.
When no path is specified, Redimiter uses the clients ip as the redis key. This means that all requests will be counted indesciminate of request type.
To change the limit to 2 per second, simply add:
path option defined, the redis key will be
ip:path and will now be able to set seperate limits on different requests and also not have all requests count towards the same rate score.
expire values, it defaults to a max of 10 requests in the specified 3 seconds. The 3 seconds will begin at the client's first request and each subsequent request that happens when no matching Redis key exists.
limit values, it allows a max of 20 requests per 4 seconds.
The following rate limiter has
overdrive set to true. It will continue to increase the rate score value per request until it gets to 10x the
limit, at which it will kick into 'overdrive' and limit the client for 1000x the
expire, thus blocking the oboxious user/bot for quite some time... in this case it would be 3000ms x 1000, or 50 minutes. While in 'overdrive' it will discontinue keeping score and simply block requests until the time expires.
This method returns a promise and can be used in a Nodejs application anywhere you may need rate limiting but express middleware is not available or appropriate.
|username||(REQUIRED) A string that will be used as the key in Redis for the client request.|
|action||(REQUIRED) A string that will be appended to username.|
|expire||1,000||The miliseconds before redis key expires.|
|limit||10||The limit at which client requests will be limited|
This works much like .rateLimiter() only here you need to specify the
action. If the client is over the limit, the promise will reject with an error and the
.then() will be skipped.
rateLimiterPromise = redimiterconst options =limit: 20username: clientUsernameaction: 'addComment'