Skip to content

Express Middleware

Roman edited this page Nov 10, 2023 · 15 revisions

Express Middleware

Create middleware/rateLimiterRedis.js. You can use any limiter from this package the same way.

Note, be careful with express trust proxy set to true. You should always expect x-forwarded-for headers can be spoofed. You can limit it to specific IPs or number of hops from your server. Read more on express behind proxies docs.

const Redis = require('ioredis');
const {RateLimiterRedis} = require('rate-limiter-flexible');

const redisClient = new Redis({ enableOfflineQueue: false });

const rateLimiter = new RateLimiterRedis({
  storeClient: redisClient,
  keyPrefix: 'middleware',
  points: 10, // 10 requests
  duration: 1, // per 1 second by IP

  // Use this flag for the `redis` package
  useRedisPackage: true,
});

const rateLimiterMiddleware = (req, res, next) => {
  rateLimiter.consume(req.ip)
    .then(() => {
      next();
    })
    .catch(() => {
      res.status(429).send('Too Many Requests');
    });
};

module.exports = rateLimiterMiddleware;

See all options here

Import created middleware and use it

const express = require('express');
const rateLimiterRedisMiddleware = require('./middleware/rateLimiterRedis');

const app = express();
app.use(rateLimiterRedisMiddleware);

Middleware with different logic and limiters can be applied to exact route or application part as well.

Mongo, Memcache, MySQL or any other limiter from this package can be used with the same approach.

Alternatively, you can try express-rate-limit package, which may be more appropriate for your case.