npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@vs-org/rate-limiter

v0.0.2

Published

This is simple rate limit express middleware implementation with mongo DB.

Downloads

1

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vs-orgvs-org

Keywords

mogngo rate limiterexpress rate limiterrate limitvs-org rate limiterVsRateLimiterexpress middlewareexpress rate limiter middleware

Readme

vs-rate-limit

This is simple rate limit express middleware implementation with mongo DB.

Description

VsRateLimiter constructor will always return express middleware and additional function reset to reset rate limit for provided key.

Usage

const VsRateLimiter = required("@vs-org/rate-limiter");

const keyGenerator = (req) => {
  return req.ip;
}

const genericRateLimiter = VsRateLimiter({
  url: "mongodb://localhost:27017/vs-rate-limiter",
  collectionName: "rateLimit",
  loggerLevel: "debug",
  limit: 10,
  responseMsg: { msg: "Too many requests" },
  updateExpiryOnConsumption: false,
  keepOnConsumingAfterRLHit: true,
  tarpitTimeStepInSeconds: 0,
  keyGenerator,
  whiteLister: (req) => {
    return false;
  },
  responseHandler: (req, resp, next) => {
    return resp.status(429).send("blahhh");
  }
});
app.use(genericRateLimiter);

Examples

  1. Custom rate limit for different flows and reset

const loginRateLimit = VsRateLimiter({
    url: "mongodb://localhost:27017/vs-rate-limiter",
    collectionName: "loginRateLimit",
    loggerLevel: "debug",
    limit: 10,
    responseMsg: { msg: "Too many requests" },
    updateExpiryOnConsumption: false,
    keepOnConsumingAfterRLHit: true,
    tarpitTimeStepInSeconds: 10,
    responseHandler: (req: Request, resp: Response) => {
      // ... operation for user like blocking IP and sending email
      return resp.send("Too many request");
    }
  });

app.get("/login", loginRateLimit, async (req, resp) => {
  return resp.send("login successful response");
});


/**
* 1. If user is blocked and connot login and has received email of blocked IP.
* 2. User can interact through email to unblock account and reset rate limit
*    (This is important if not rate limit is not cleared for user, user cannot login even after unbloking account)
*/

app.get("/unblock-user", async (req, resp) => {
  loginRateLimit.reset(keyGenerator(req));
  return resp.send("unblock successful response");
});

/**
* 1. If user is blocked and connot login and has received email of blocked IP.
* 2. User can decide to reset password through email, and reset rate limit should be cleared
*/

app.get("/reset-password", async (req, resp) => {
  loginRateLimit.reset(keyGenerator(req));
  return resp.send("reset password successful response");
});

| option | required | Description | | --------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | url | true | Mongo DB connection URL | | username | false | Mongo DB connection username | | password | false | Mongo DB connection password | | loggerLevel | false | Mongo DB logger level for mongodb package | | collectionName | false | Mongo DB collection name for rate limit documents | | limit | true | Rate limit points, if only 10 request allowed then set it as 10 | | resetInSeconds | false | Rate limit reset time, default it is 24 hours | | keepOnConsumingAfterRLHit | false | Default false, if rate limit points needs to be consumed even after limit is reached, set this as true | | tarpitTimeStepInSeconds | false | Default 0, if use case to raise response time for every request after rate limit reached. This option works with configuration of keepOnConsumingAfterRLHit as it step is calculated based on the consumed points. If keepOnConsumingAfterRLHit is false this every request response is delayed only for tarpitTimeStepInSeconds but if it is true then response is stepped up by tarpitTimeStepInSeconds for every request after rate limit. | | updateExpiryOnConsumption | false | Default false, update reset date after every request to block user for resetInSeconds time from latest request rather than first request | | updateExpiryOnConsumption | false | Default false, update reset date after every request to block user for resetInSeconds time from latest request rather than first request | | responseMsg | false | If response message needs to be updated, it is possible to pass either string or object which will be returned in response | | keyGenerator | false | This function can be used to customize keys, default is IP address. Not this function always needs to return string or else default key will be used. This function gets access to request. | | whiteLister | false | This function can be used to skip rate limit for some users based on conditions. Note this function should always return truthy value if rate limit needs to be skipped for the request. This function gets access to request. | | responseHandler | false | This function can be used to handle whole response as needed. This function gets access to request, response and nextFunction. |

License

MIT (see LICENSE)

Note

This package is not tested with concurrent requests and heavy load (Not production ready).