To keep the limiter up-to-date across multiple workers or nodes, it uses a lock mechanism to throttle the connection while the previous connection is not yet dispatched and the limiter is saved to the redis database. The lock mechanism throttles only those concurrent connections coming from the same origin (identified by the ID).

Requirements

Redis 2.6.12+ (2.8 recommended)

Dependecies

github.com/kriskowal/q

Install

$ npm install strict-rate-limiter

Usage

var redisClient = redis.createClient();

var id = req.apiKey;

// allow 100 request / 60s
limiters[id] = new RateLimiter({
  id: id,
  limit: 100, // 100 tokens
  duration: 60000 // 60s duration
}, redisClient);

limiters[id].get(function(err, limit, remaining, reset) {
  if (err) {
    return next(err);
  }

  res.setHeader('X-RateLimit-Limit', limit);
  res.setHeader('X-RateLimit-Remaining', remaining);
  res.setHeader('X-RateLimit-Reset', Math.floor(reset / 1000));
  
  if (remaining >= 0) {
    // allowed, call next middleware
    next();
    
  } else {
    // limit exceeded
    res.setHeader('Retry-After', Math.floor((reset - new Date()) / 1000));
    res.statusCode = 429;
    res.end('Rate limit exceeded.');
  }
});

Options

id Unique identifier (API key, IP address or user ID)
limit Number of tokens
duration Duration in milliseconds
namespace (optional) Overwrite key prefix (defaults to ratelimit:) (actual redis key is namespace + id)

Test

$ npm test

License

MIT

FAQs

What is strict-rate-limiter?

Is strict-rate-limiter popular?

Is strict-rate-limiter well maintained?

Package last updated on 03 Feb 2016

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install