@destinationstransfers/ratelimiter
v4.0.0
Published
abstract rate limiter backed by redis
Downloads
1
Maintainers
Readme
ratelimiter
Rate limiter for Node.js backed by Redis.
Release Notes
See CHANGELOG
Requirements
- Redis 2.6.12+ and Node >=7.6
Installation
$ npm install @destinationstransfers/ratelimiter
Example
Example Koa middleware implementation limiting against a user._id
:
const Limiter = require('@destinationstransfers/ratelimiter')
const ms = require('ms');
const redis = require('redis');
const db = redis.createClient(...);
const limiter = new Limiter({ db });
...
app.use('*', async (ctx, next) => {
const limit = await limiter.get(ctx.session.user._id || ctx.ip);
ctx.set("X-RateLimit-Limit", limit.total);
ctx.set("X-RateLimit-Remaining", limit.remaining - 1);
ctx.set("X-RateLimit-Reset", limit.reset);
// all good
debug("remaining %s/%s %s", limit.remaining - 1, limit.total, id);
if (limit.remaining) return next();
// not good
const delta = (limit.reset * 1000 - Date.now()) | 0;
const after = (limit.reset - Date.now() / 1000) | 0;
ctx.set("Retry-After", after);
ctx.throw(429, "Rate limit exceeded, retry in " + ms(delta, { long: true }));
})
Result Object
total
-max
valueremaining
- number of calls left in currentduration
without decreasing currentget
reset
- time in milliseconds until the end of currentduration
Options
Constructor parameters:
db
- redis connection instancemax
- max requests withinduration
[2500]duration
- of limit in milliseconds [3600000]
.get
parameter:
id
- the identifier to limit against (typically a user id or IP, or token)
License
MIT