Here we learn How node js api rate limiting
First you need to install npm i ioredis this package
COnfigure redis client
const Redis = require('ioredis');
const redis = new Redis(); // You might need to configure this properly
async function incr(key) {
return await redis.incr(key);
}
async function expire(key, seconds) {
return await redis.expire(key, seconds);
}
async function ttl(key) {
return await redis.ttl(key);
}
module.exports = {
incr,
expire,
ttl
};
Make a generic rate limiter function
const redis = require('./redis-client');
function rateLimiter = ({secondWindow, allowdHits}) {
return async function (req, res, next) {
// we use client ip as redis key here
const ip = req.headers['x-forworded-for'] ||
req.connection.remoteAddress || req.ip
// if you use express use `req.ip` to get client ip
const requests = await redis.incr(ip);
let ttl;
if(requests === 1) {
await redis.expire(ip, secondWindow);
ttl = secondWindow;
}else {
ttl = await redis.ttl(ip);
}
if(requests > allowdHits) {
return res.status(503).json({
response: 'error',
callsInMinute: requests,
ttl
})
} else {
req.requests = requests;
req.ttl = ttl;
next();
}
}
}
How to use it.
app.post('/api/login', rateLimiter({secondWindow: 5,
allowdHits: 3}), async(req, res) => {
return res.json({
response: 'ok',
callsInMinute: req.requests,
ttl: req.ttl
})
})
app.post('/api/checkout', rateLimiter({secondWindow: 12,
allowdHits: 7}), async(req, res) => {
return res.json({
response: 'ok',
callsInMinute: req.requests,
ttl: req.ttl
})
})
Top comments (0)