Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
rate-limit-redis
Advanced tools
The rate-limit-redis npm package is a Redis-backed store for the express-rate-limit middleware. It allows you to implement rate limiting in your Express applications using Redis as the storage backend. This is particularly useful for distributed applications where you need to share rate limit data across multiple instances.
Basic Rate Limiting
This code demonstrates how to set up basic rate limiting in an Express application using Redis as the storage backend. The rate limiter is configured to allow 100 requests per 15 minutes per IP address.
const rateLimit = require('express-rate-limit');
const RedisStore = require('rate-limit-redis');
const redisClient = require('redis').createClient();
const limiter = rateLimit({
store: new RedisStore({
client: redisClient
}),
max: 100, // limit each IP to 100 requests per windowMs
windowMs: 15 * 60 * 1000 // 15 minutes
});
const express = require('express');
const app = express();
app.use(limiter);
app.get('/', (req, res) => {
res.send('Hello, world!');
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});
Custom Redis Client
This example shows how to use a custom Redis client configuration with the rate-limit-redis package. This is useful if you need to connect to a Redis instance with specific connection settings.
const rateLimit = require('express-rate-limit');
const RedisStore = require('rate-limit-redis');
const redis = require('redis');
const customRedisClient = redis.createClient({
host: 'custom-redis-host',
port: 6379,
password: 'your-redis-password'
});
const limiter = rateLimit({
store: new RedisStore({
client: customRedisClient
}),
max: 50, // limit each IP to 50 requests per windowMs
windowMs: 10 * 60 * 1000 // 10 minutes
});
const express = require('express');
const app = express();
app.use(limiter);
app.get('/', (req, res) => {
res.send('Hello, world!');
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});
Dynamic Rate Limiting
This code demonstrates how to implement dynamic rate limiting based on user properties. In this example, premium users are allowed more requests compared to regular users.
const rateLimit = require('express-rate-limit');
const RedisStore = require('rate-limit-redis');
const redisClient = require('redis').createClient();
const dynamicLimiter = rateLimit({
store: new RedisStore({
client: redisClient
}),
max: (req, res) => {
if (req.user && req.user.isPremium) {
return 200; // higher limit for premium users
}
return 100; // default limit
},
windowMs: 15 * 60 * 1000 // 15 minutes
});
const express = require('express');
const app = express();
app.use(dynamicLimiter);
app.get('/', (req, res) => {
res.send('Hello, world!');
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});
The express-rate-limit package is a middleware for rate limiting in Express applications. It does not include a built-in store for Redis, but it can be extended with custom stores like rate-limit-redis. It is a good choice if you need a simple rate limiting solution without a specific storage backend.
The rate-limiter-flexible package is a highly flexible rate limiting library that supports various backends including Redis, MongoDB, and in-memory storage. It offers more advanced features and customization options compared to rate-limit-redis, making it suitable for complex rate limiting requirements.
The redis-rate-limiter package is a Redis-based rate limiter that can be used with any Node.js application. It provides a simple API for rate limiting and is not tied to Express, making it a versatile choice for different types of applications.
rate-limit-redis
A redis
store for the
express-rate-limit
middleware.
From the npm registry:
# Using npm
> npm install rate-limit-redis
# Using yarn or pnpm
> yarn/pnpm add rate-limit-redis
From Github Releases:
# Using npm
> npm install https://github.com/wyattjoh/rate-limit-redis/releases/download/v{version}/rate-limit-redis.tgz
# Using yarn or pnpm
> yarn/pnpm add https://github.com/wyattjoh/rate-limit-redis/releases/download/v{version}/rate-limit-redis.tgz
Replace {version}
with the version of the package that you want to your, e.g.:
3.0.0
.
This library is provided in ESM as well as CJS forms, and works with both Javascript and Typescript projects.
This package requires you to use Node 14 or above.
Import it in a CommonJS project (type: commonjs
or no type
field in
package.json
) as follows:
const RedisStore = require("rate-limit-redis");
Import it in a ESM project (type: module
in package.json
) as follows:
import RedisStore from "rate-limit-redis";
To use it with a node-redis
client:
import rateLimit from "express-rate-limit";
import RedisStore from "rate-limit-redis";
import { createClient } from "redis";
// Create a `node-redis` client
const client = createClient({
// ... (see https://github.com/redis/node-redis/blob/master/docs/client-configuration.md)
});
// Then connect to the Redis server
await client.connect();
// Create and use the rate limiter
const limiter = rateLimit({
// Rate limiter configuration
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
// Redis store configuration
store: new RedisStore({
sendCommand: (...args: string[]) => client.sendCommand(args),
}),
});
app.use(limiter);
To use it with a ioredis
client:
import rateLimit from "express-rate-limit";
import RedisStore from "rate-limit-redis";
import RedisClient from "ioredis";
// Create a `ioredis` client
const client = new RedisClient();
// ... (see https://github.com/luin/ioredis#connect-to-redis)
// Create and use the rate limiter
const limiter = rateLimit({
// Rate limiter configuration
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
// Redis store configuration
store: new RedisStore({
// @ts-expect-error - Known issue: the `call` function is not present in @types/ioredis
sendCommand: (...args: string[]) => client.call(args),
}),
});
app.use(limiter);
sendCommand
The function used to send commands to Redis. The function signature is as follows:
(...args: string[]) => Promise<number> | number
The raw command sending function varies from library to library; some are given below:
Library | Function |
---|---|
node-redis | async (...args: string[]) => client.sendCommand(args) |
ioredis | async (...args: string[]) => client.call(...args) |
handy-redis | async (...args: string[]) => client.nodeRedis.sendCommand(args) |
tedis | async (...args: string[]) => client.command(...args) |
redis-fast-driver | async (...args: string[]) => client.rawCallAsync(args) |
yoredis | async (...args: string[]) => (await client.callMany([args]))[0] |
noderis | async (...args: string[]) => client.callRedis(...args) |
prefix
The text to prepend to the key in Redis.
Defaults to rl:
.
resetExpiryOnChange
Whether to reset the expiry for a particular key whenever its hit count changes.
Defaults to false
.
MIT © Wyatt Johnson
FAQs
A Redis store for the `express-rate-limit` middleware
The npm package rate-limit-redis receives a total of 164,739 weekly downloads. As such, rate-limit-redis popularity was classified as popular.
We found that rate-limit-redis demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.