express-limit-master
Advanced tools
express-limit is a small project that add rate limitations to your API.
npm install --save express-limit
const limit = require('express-limit').limit;
app.get('/api/users', limit({
max: 5, // 5 requests
period: 60 * 1000 // per minute (60 seconds)
}), function(req, res) {
res.status(200).json({});
});
{
max = 60, // Maximum request per period
period = 60 * 1000, // Period in milliseconds
prefix = 'rate-limit-', // Prefix of the key
status = 429, // Status code in case of rate limit reached
message = 'Too many requests', // Message in case of rate limit reached
identifier = request => { // The identifier function/value of the key (IP by default, could be "req.user.id")
return request.ip || request.ips; // Read from Default properties
},
headers = { // Headers names
remaining: 'X-RateLimit-Remaining',
reset: 'X-RateLimit-Reset',
limit: 'X-RateLimit-Limit'
},
store = new Store() // The storage, default storage: in-memory
}
In some cases, you could want to skip the limitation you made for trusted client. In this case, you can add a special field in the request object:
req._skip_limits = true;
Also, you could want to add specific limitations for a special client. In this case, you can add a special field in the request object:
req._custom_limits = {
max: 1000, // 1000 requests
period: 60 * 1000 // per minutes
};
Just don't forget where you place this modification! It could be applied for all routes!
Actually, two stores have been made:
const RateLimiter = require('express-limit').RateLimiter;
const InMemoryStore = require('express-limit').InMemoryStore;
const store = new InMemoryStore();
const limit = (options = {}) => {
options.store = store;
return new RateLimiter(options).middleware;
};
app.get('/api/users', limit({
max: 5, // 5 requests
period: 60 * 1000 // per minute (60 seconds)
}), function(req, res) {
res.status(200).json({});
});
const redis = require('redis');
const client = redis.createClient();
const RateLimiter = require('express-limit').RateLimiter;
const RedisStore = require('express-limit').RedisStore;
const store = new RedisStore(client);
const limit = (options = {}) => {
options.store = store;
return new RateLimiter(options).middleware;
};
app.get('/api/users', limit({
max: 5, // 5 requests
period: 60 * 1000 // per minute (60 seconds)
}), function(req, res) {
res.status(200).json({});
});
FAQs
A rate-limiter for Express JS.
We found that express-limit-master demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.
Security News
Socket CEO Feross Aboukhadijeh joins 10 Minutes or Less, a podcast by Ali Rohde, to discuss the recent surge in open source supply chain attacks.
Research
/Security News
Campaign of 108 extensions harvests identities, steals sessions, and adds backdoors to browsers, all tied to the same C2 infrastructure.