Rate limiting middleware for Express applications built on redis
npm install express-limiter --savevar express = require('express')
var app = express()
var client = require('redis').createClient()
var limiter = require('express-limiter')(app, client)
/**
* you may also pass it an Express 4.0 `Router`
*
* router = express.Router()
* limiter = require('express-limiter')(router, client)
*/
limiter({
path: '/api/action',
method: 'get',
lookup: ['connection.remoteAddress'],
// 150 requests per hour
total: 150,
expire: 1000 * 60 * 60
})
app.get('/api/action', function (req, res) {
res.send(200, 'ok')
})limiter(options)path:Stringoptional route path to the requestmethod:Stringoptional http method. acceptsget,post,put,delete, and of course Express'alllookup:String|Array.<String>value lookup on the request object. Can be a single value or array. See examples for common usagestotal:Numberallowed number of requests before getting rate limitedexpire:Numberamount of time inmsbefore the rate-limited is resetwhitelist:function(req)optional param allowing the ability to whitelist. returnboolean,trueto whitelist,falseto passthru to limiter.
// limit by IP address
limiter({
...
lookup: 'connection.remoteAddress'
...
})
// or if you are behind a trusted proxy (like nginx)
limiter({
lookup: 'headers.x-forwarded-for'
})
// by user (assuming a user is logged in with a valid id)
limiter({
lookup: 'user.id'
})
// limit your entire app
limiter({
path: '*',
method: 'all',
lookup: 'connection.remoteAddress'
})
// limit users on same IP
limiter({
path: '*',
method: 'all',
lookup: ['user.id', 'connection.remoteAddress']
})
// whitelist user admins
limiter({
path: '/delete/thing',
method: 'post',
lookup: 'user.id',
whitelist: function (req) {
return !!req.user.is_admin
}
})app.post('/user/update', limiter({ lookup: 'user.id' }), function (req, res) {
User.find(req.user.id).update(function (err) {
if (err) next(err)
else res.send('ok')
})
})Happy Rate Limiting!
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent