-
-
Notifications
You must be signed in to change notification settings - Fork 163
Express Middleware
Roman edited this page Mar 8, 2019
·
15 revisions
Create middleware/rateLimiterRedis.js
const redis = require('redis');
const {RateLimiterRedis} = require('rate-limiter-flexible');
const redisClient = redis.createClient({
host: 'redis',
port: 6379,
enable_offline_queue: false,
});
const rateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'middleware',
points: 10, // 10 requests
duration: 1, // per 1 second by IP
});
const rateLimiterMiddleware = (req, res, next) => {
rateLimiter.consume(req.connection.remoteAddress)
.then(() => {
next();
})
.catch(() => {
res.status(429).send('Too Many Requests');
});
};
module.exports = rateLimiterMiddleware;
Import created middleware and use it
const express = require('express');
const rateLimiterRedisMiddleware = require('./middleware/rateLimiterRedis');
const app = express();
app.use(rateLimiterRedisMiddleware);
Middleware with different logic and limiters can be applied to exact route or application part as well.
Mongo, Memcache, MySQL or any other limiter from this package can be used with the same approach.
Get started
Middlewares and plugins
Migration from other packages
Limiters:
- Redis
- Memory
- DynamoDB
- Prisma
- MongoDB (with sharding support)
- PostgreSQL
- MySQL
- BurstyRateLimiter
- Cluster
- PM2 Cluster
- Memcached
- RateLimiterUnion
- RateLimiterQueue
Wrappers:
- RLWrapperBlackAndWhite Black and White lists
Knowledge base:
- Block Strategy in memory
- Insurance Strategy
- Comparative benchmarks
- Smooth out traffic peaks
-
Usage example
- Minimal protection against password brute-force
- Login endpoint protection
- Websocket connection prevent flooding
- Dynamic block duration
- Different limits for authorized users
- Different limits for different parts of application
- Block Strategy in memory
- Insurance Strategy
- Third-party API, crawler, bot rate limiting