@otterhttp/rate-limit
v3.0.3
Published
Basic IP rate-limiting middleware for tinyhttp. Use to limit repeated requests to public APIs and/or endpoints such as password reset.
Downloads
71
Maintainers
Readme
@otterhttp/rate-limit
Basic rate-limiting middleware for tinyhttp. Used to limit repeated requests to public APIs and/or endpoints such as password reset.
Install
pnpm i @otterhttp/rate-limit
Usage
import { App } from '@otterhttp/app'
import { rateLimit } from '@otterhttp/rate-limit'
new App().get('limited-route', rateLimit({ max: 10, windowMs: 60 * 1000 /* 1 minute */ }), (_, res) =>
res.send('Limited route')
)
Options
| Name | Type | Default | Description | | :------------------------- | :---------------------------------------------------------------------------: | :----------------------------------------: | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | windowMs | number | 5000 | Timeframe for which requests are checked/remembered. | | max | number | ((req: Request, res: Response) => Promise) | 5 | Max number of connections during windowMs before sending a 429 response. | | message | string | Too many requests, please try again later. | Error message sent to user when max is exceeded. | | statusCode | number | 429 | HTTP status code returned when max is exceeded. | | skipFailedRequests | boolean | false | When set to true, failed requests won't be counted. | | skipSuccessfulRequests | boolean | false | When set to true successful requests (response status < 400) won't be counted. | | keyGenerator | (req: Request, res: Response) => string | (req) => req.ip | Function used to generate keys. | | shouldSkip | (req: Request, res: Response) => boolean | () => false | Determine per request if it should be skipped by the middleware | | onLimitReached | onLimitReached: (req: Request, res: Response) => void | () => {} | Function that is called the first time a user hits the rate limit within a given window. | | store | Store | MemoryStore | By default a MemoryStore is used. Rate Limit Redis, Rate Limit Memcached and Rate Limit Mongo can be used too. |