rate-limiter-flexible
Advanced tools
Readme
Flexible rate limiter with Redis as broker allows to control requests rate in cluster or distributed environment. Backed on native Promises. It uses fixed window to limit requests.
npm i rate-limiter-flexible
Redis client must be created with offline queue switched off
const redis = require('redis');
const { RateLimiter } = require('rate-limiter-flexible');
const redisClient = redis.createClient({ enable_offline_queue: false });
// It is recommended to process Redis errors and setup some reconnection strategy
redisClient.on('error', (err) => {
});
const opts = {
points: 5, // Number of points
duration: 5, // Per second(s)
};
const rateLimiter = new RateLimiter(redisClient, opts);
rateLimiter.consume(remoteAddress)
.then(() => {
// ... Some app logic here ...
// Depending on results it allows to fine
rateLimiter.penalty(remoteAddress, 3);
// or rise number of points for current duration
rateLimiter.reward(remoteAddress, 2);
})
.catch((rejRes) => {
if (rejRes instanceof Error) {
// Some Redis error
// Decide what to do with it on your own
} else {
// Can't consume
// If there is no error, rateLimiter promise rejected with number of ms before next request allowed
const secs = Math.round(rejRes.msBeforeNext / 1000) || 1;
res.set('Retry-After', String(secs));
res.status(429).send('Too Many Requests');
}
});
Both Promise resolve and reject returns object of RateLimiterRes class if there is no any error.
Object attributes:
RateLimiterRes = {
msBeforeNext: 250, // Number of milliseconds before next action can be done
points: 0 // Number of left points in current duration
}
Returns Promise, which:
rejRes is Error objectrejRes is RateLimiterRes objectArguments:
key is usually IP address or some unique client idpoints number of points consumed. default: 1Fine key by points number of points.
Doesn't return anything
Reward key by points number of points.
Doesn't return anything
FAQs
Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM
The npm package rate-limiter-flexible receives a total of 407,342 weekly downloads. As such, rate-limiter-flexible popularity was classified as popular.
We found that rate-limiter-flexible demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.