npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

node-api-limiter

v1.1.3

Published

A Library to add the limits on the routes in server.

Downloads

11

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zee7hanzee7han

Keywords

api-limiternode-api-limiterlimitlimiterapilimiterapiratelimitrate-limitratedomain-based-limiternode-rate-limiterbruteforceapi-throttlingthrottlingapi-windowwindowingnode-server-limiterexpress-limiterdomaindomain-limitersecuritypoliciesmiddlewareauthauthorization

Readme

Node API Limiter

npm downloads

Basic API rate limiting middleware for the NodeJS server. It's used to limit the repeated requests to the public APIs within given time frame.

This module helps the user to limit their public APIs. Right now we are providing the support with the in memory store and redis store.

Memory Store : This is the by default store and it will save all the api-limiter data into the memory, As this is not the persistent storage whenever you restart your server data get purged. Redis Store : This is the persistent store it will never purge your data provides you the higher reliabilitiy on your rate limiting.

The initialization and integration of the module is pretty simple and you can follow the simple below steps to integrate it into your server.

About

This module is just put the api rate limits on the public API of your server.It's provides the capability for the different time/window frame to limit your APIs, like secWindow for the number of requests to be served in given second window frame,minWindow for thr number of requests to be served in minute window and hrWindow to served the number of requests in hour time frame. It allow us the capability to skips the particular server IP to not put the Api limits on and same at the server side as you don't want to put the API limits on a particular routes as well.

Install

$ npm install --save node-api-limiter

Usage

For an API server where the api-limiter should be applied to all requests and the store should be in memory:

const apiLimiter = require("node-api-limiter");

// Enable if you're behind a reverse proxy (AWS ELB, Bluemix, Heroku, Nginx, etc)
// app.set('trust proxy', 1);

//  apply to all requests
app.use(apiLimiter({}));

For an API server where the api-limiter should be applied to all requests and the store should be in redis:

Note: redis store will require additional configuration, such as store url. The default built-in memory store is an exception to this rule.

const apiLimiter = require("node-api-limiter");

//  apply to all requests
app.use(apiLimiter({
  "store": "redis",                      // It should be the type of the store redis in case you want to initiate redis store for presistent storage
  "redisUrl": "redis://localhost:6379"   // A mandatory param in case of the redis store and it's a complete url for the redis server.
}));

An Express example to integrate the apiLimiter middleware.

index.js

const express = require("express")
const bodyParser = require("body-parser")
const apiLimiter = require("node-api-limiter");

const controllers = require("./controllers")

const PORT = process.env.PORT || 7777

const app = express()

app.use(bodyParser.json())
app.use(bodyParser.urlencoded({
    extended: true
}))

app.use(apiLimiter({
      secWindow: 5, // seconds - how long to keep records of requests
      minWindow: 5, // minutes - how long to keep records of requests
      hrWindow: 1, // hours - how long to keep records of requests 
      maxReqSecWinodw: 5, // max number of recent connections during `window` seconds before sending a 429 response
      maxReqMinWinodw: 50, // max number of recent connections during `window` minutes before sending a 429 response
      maxReqHrWindow: 500, // max number of recent connections during `window` hours before sending a 429 response
      message: "Too many requests, please try again later.", // Message to send while limit reached.
      statusCode: 429, // 429 status = Too Many Requests (RFC 6585)
      headers: true, //Send custom rate limit header with limit and remaining
      skipFailRequests: false, // Do not count failed requests (status >= 400)
      skipSuccessRequests: false, // Do not count successful requests (status < 400)
      skipIps: [], // a list of IP addresses which you want to skip for the rate limiting.
      skipRoutes: [], // a list of routes and path addresses which you want to skip for the rate limiting.
      keyGenerator: (req, res) =>{ return req.ip }         // allows to create custom keys (by default user IP is used)
    }))
app.route("/start").get(controllers.start)
app.route("/stop").get(controllers.stop)

app.listen(PORT, () => {
    console.log(`server is running successfully on http://localhost:${PORT}`);
})

controllers.js

module.exports.start = (req, res) => {
    res.status(200).send({
        message: "start successful"
    })
}

module.exports.stop = (req, res) => {
    res.status(200).send({
        message: "stop successful"
    })
}

Request API

A req.rateLimit property is added to all requests with the limit, current, and remaining number of requests for each window and, if the store provides it, a resetTime Date object should be there. These may be help in your application code to take additional actions or inform the user of their status.

Configuration options

secWindow

It is a time frame for the seconds window for the number of requests to be served in the seconds time frame. Defaults to 5 second. You can set to any number to increase/decrease it.

maxReqSecWinodw

It is the number of the requests to be served within given secWindow time frame before sending a 429 response. Defaults to 5 request. You can set to any number to increase/decrease it.

minWindow

It is a time frame for the minutes window for the number of requests to be served in the minutes time frame. Defaults to 5 minute. You can set to any number to increase/decrease it.

maxReqMinWinodw

It is the number of the requests to be served within given minWindow time frame before sending a 429 response. Defaults to 50 request. You can set to any number to increase/decrease it.

hrWindow

It is a time frame for the hour window for the number of requests to be served in the hours time frame. Defaults to 1 hour. You can set to any number to increase/decrease it.

maxReqHrWindow

It is the number of the requests to be served within given hrWindow time frame before sending a 429 response. Defaults to 500 request. You can set to any number to increase/decrease it.

headers

It is a boolean true/false, used to sent the response headers of apiLimiter for current usage & remaining number of request. Defaults set to true. You can set it to false to disable it.

skipFailRequests

It is a boolean true/false, used to skip the failed requests consideration into the API limit usage. Defaults set to false. You can set it to true to enable it.

skipSuccessRequests

It is a boolean true/false, used to skip the success requests consideration into the API limit usage. Defaults set to false. You can set it to true to enable it.

skipIps

It is a Array object value which is used to skip the IP addresses, on which you do not want to put the api rate limits. Defaults set to []. You can pass the value as ['0.0.0.0','127.0.0.1'] to skips the particular IPs from the api rate limiter middleware.

skipRoutes

It is a Array object value which is used to skip the particular routes, on which you do not want to put the api rate limits. Defaults set to []. You can pass the value as ['/start','/stop'] to skips the particular routes from the api rate limiter middleware.

keyGenerator

It is the function used to generate the unique key for the server to maintain the API limits for a particular server. Defaults function used the request IP address to maintain the api limit ledger for the server, you can pass your own custom function to generate the unique keys.

const keyGenerator = (req, res) => {
  return req.ip
}

Addes the sample code for the keyGenerator function for the reference.

Mohammad Zeeshan