koajs / ratelimit Goto Github PK

The value of the "const delta = (limit.reset * 1000) - Date.now() | 0" may be less than 0 ？

instead of always using ctx.ip

app.use(ratelimit({
  db: redis.createClient(),
  duration: 60000,
  max: 100
}));

Does this mean that each ip can send 100 requests per minute and if it tries to send more, it is blocked for 1 minute?

support

Maybe session is a better choice, because not every app uses redis. And it is more server-friendly to use session, which will reduce the server load.

It can be handed into the middleware as an option but it is never used?

Now, status can not be modified。Can it be used as a configuration item? like this:
ctx.status = opts.status ? opts.status : 429;

by setting up Max and duration as async function, are there any big pits?

I'm looking to add some whitelist options, I see the whitelist/blacklist properties in the source code from the PR but because there's not a definitive indication that it can be/should be used, that suggests to me that it could change in any patch version without notice.

More specifically I'm trying to use the whitelist to NOT rate limit requests that return true from the whitelist method.

Is it just a matter of adding it to the ReadMe? If so, I'm happy to open a PR.
Example trying to use:

app.use(ratelimit({
  db: new Redis(),
  duration: 60000,
  errorMessage: 'Sometimes You Just Have to Slow Down.',
  id: (ctx) => ctx.ip,
  max: 100,
  disableHeader: false,
  whitelist: (ctx) => {
    // some logic that returns a boolean
  }
}));

it is just does not work for this simple koa app:
`const Koa = require('koa');
const ratelimit = require('koa-ratelimit');
const Promise = require('bluebird');
const redis = require('redis');

const redisOption = {};
const redisClient = redis.createClient(redisOption);
Promise.promisifyAll(redis.RedisClient.prototype);
Promise.promisifyAll(redis.Multi.prototype);
redisClient.once('ready', () => {
console.log('redis connnection ready');
});
redisClient.on('error', (err) => {
console.log('can't connect to redis', err);
process.exit(1);
});

const app = new Koa();

// apply rate limit

app.use(ratelimit({
db: redisClient,
duration: 10000,
max: 10
}));

// response middleware

app.use(async (ctx) => {
ctx.body = 'Stuff!';
});

app.listen(4000);
console.log('listening on port 4000');
`
then keep trying send request use postman, right after the duration pass the remaining time will jump to a random num, even with a negative value, e.g.

Rate limit exceeded, retry in -412 ms.

I am using NodeJs v8.11.1, Redis 3.0.0, "koa": "^2.5.1", "koa-ratelimit": "^4.1.2", "redis": "^2.8.0",

does it support redis (not ioredis) ?

Error
TypeError: Cannot read properties of undefined (reading '1')

Code which does not work

import { createClient } from 'redis';
app.use(
    rateLimit({
      driver: 'redis',
      db: createClient,
      duration: 1000,
      errorMessage: 'You Just Have to Slow Down',
      id: (c) => c.ip,
      headers: {
        remaining: 'Rate-Limit-Remaining',
        reset: 'Rate-Limit-Reset',
        total: 'Rate-Limit-Total',
      },
      max: 99,
      disableHeader: false,
    }),
  );

I see this error multiple times in the logs of my server. Can you tell me what could be the problem? I'm not calling the Limiter class or constructor in my code (at least not directly).
I'm using 4.2.0 version.
The rate limiter is working but sometimes I get this error on the logs.

AssertionError [ERR_ASSERTION]: .id required
      at new Limiter (/home/fer/polyamory-dates-server/node_modules/koa-ratelimit/limiter/memory.js:34:3)
      at ratelimit (/home/fer/polyamory-dates-server/node_modules/koa-ratelimit/index.js:74:17)
      at dispatch (/home/fer/polyamory-dates-server/node_modules/koa-compose/index.js:42:32)
      at cors (/home/fer/polyamory-dates-server/node_modules/@koa/cors/index.js:56:38)
      at dispatch (/home/fer/polyamory-dates-server/node_modules/koa-compose/index.js:42:32)
      at /home/fer/polyamory-dates-server/node_modules/koa-compose/index.js:34:12
      at Application.handleRequest (/home/fer/polyamory-dates-server/node_modules/koa/lib/application.js:168:12)
      at Server.handleRequest (/home/fer/polyamory-dates-server/node_modules/koa/lib/application.js:150:19)
      at Server.emit (events.js:315:20)
      at Server.<anonymous> (/home/fer/.nvm/versions/node/v14.16.1/lib/node_modules/pm2/node_modules/@pm2/io/src/metrics/httpMetrics.ts:181:25)

I suspect the problem is in the index.js line 40. Maybe you should replace the line with this one: id: ctx => ctx.request.ip

In order to deal with unresponsive Redis servers we need to be able to specify a timeout value for Redis operations.

One way to do this is using the timeout method of promises as shown here:
redis/ioredis#61 (comment)

The old ratelimiter library has an ioredis check:

var isIoRedis = Array.isArray(res[0]);
var count = parseInt(isIoRedis ? res[1][1] : res[1]);
var oldest = parseInt(isIoRedis ? res[3][1] : res[3]);
var oldestInRange = parseInt(isIoRedis ? res[4][1] : res[4]);

but async-ratelimiter does not.

This will cause erroneous 429s to occur with the latest version of koa-ratelimit for people using the regular redis library. Please list this as a breaking change.

microlinkhq/async-ratelimiter#22

I'm not interested into support node-redis since ioredis have all the features necessaries and the project is well maintained 🙂

Hello contributors,
Thank you for your work on this package.

I'm raising this to discuss the current implementation,

Click for dark mode users

Node version: 13.0.1
koa-ratelimit version: 4.3.0
koa version: 2.11.0

Tested from localhost with alias => example.com => 127.0.0.1

For me the expected behavior would be that every 60 seconds I can only send two requests.
However, only the third request is blocking me every 60 seconds, (max + 1 request).
The same thing happens with 10, 100 ...

If i console.log db for my ip it has negative remaining values for > max

const db = new Map(); app.use( rateLimit({ driver: 'memory', db: db, duration: 60000, errorMessage: 'rate limit exceded', id: (ctx) => ctx.ip, headers: { remaining: 'Rate-Limit-Remaining', reset: 'Rate-Limit-Reset', total: 'Rate-Limit-Total' }, max: 2, disableHeader: true, whitelist: (ctx) => { }, blacklist: (ctx) => { } }) );

Hi folks.

What think for this memory-only-for-now store implementation - koa-better-ratelimit with only 4 dependencies?
I know it's near between koa-limit and koa-ratelimit, but I think it's smaller and rationally better than koa-limit that is totally broken for me.

There's no db option, cuz I don't need other than in-memory.

Diferences

Between koa-better-ratelimit and koa-ratelimit

• Support blackList and whiteList options
• Pure in-memory store, no other adapters
• duration option in seconds, not in milliseconds
• 7 working tests with Mocha, Supertest and Should
• removed db option
• added Retry-After header
• added separate 403 and 429 option messages

Between koa-better-ratelimit and koa-limit

• koa-limit is totally broken (to v1.0.1)
• removed redis and test dependencies
• smaller, better, working, simple
• added separate 403 and 429 option messages

If you want you can add to wiki page :)

can we cut another release pls? the one on npm is quite outdated.

support

this project need a license file to declare copyright

ratelimiter package use only Redis, it is used as base package now.
if koa ratelimit middleware uses rate-limiter-flexible, it would get access to Memory, Cluster, MongoDB, PostgreSQL, MySQL limiters as well + plus a lot of bonuses.

Hi. As far as I can tell, there is currently no support for setting custom header names (for X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset). Would you consider accepting a PR for it?

Thanks.

Is in-memory only rate limiting supported? If so, it would be great to update the readme. if not, we'd love to see it added. (Running a toy webiste on a single server and don't want the overhead of setting up redis right now).

Express-rate-limit has this[1], and it would be great if some koa middleware has this as well.

https://github.com/nfriedly/express-rate-limit/blob/master/lib/memory-store.js