UNPKG

async-ratelimiter

Version:

Rate limit made simple, easy, async.

github.com/microlinkhq/async-ratelimiter

microlinkhq/async-ratelimiter

191 lines (126 loc) 5.14 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
<div align="center"> <img src="https://github.com/microlinkhq/cdn/raw/master/dist/logo/banner.png#gh-light-mode-only" alt="microlink logo"> <img src="https://github.com/microlinkhq/cdn/raw/master/dist/logo/banner-dark.png#gh-dark-mode-only" alt="microlink logo"> <br> <br> </div> ![Last version](https://img.shields.io/github/tag/microlinkhq/async-ratelimiter.svg?style=flat-square) [![Coverage Status](https://img.shields.io/coveralls/microlinkhq/async-ratelimiter.svg?style=flat-square)](https://coveralls.io/github/microlinkhq/async-ratelimiter) [![NPM Status](https://img.shields.io/npm/dm/async-ratelimiter.svg?style=flat-square)](https://www.npmjs.org/package/async-ratelimiter) > Rate limit made simple, easy, async. Based on [ratelimiter](https://github.com/tj/node-ratelimiter). ## Install ```bash $ npm install async-ratelimiter --save ``` ## Usage The most straightforward way to use the rate limiter: ```js 'use strict' const RateLimiter = require('async-ratelimiter') const { getClientIp } = require('request-ip') const Redis = require('ioredis') const rateLimiter = new RateLimiter({ db: new Redis() }) const apiQuota = async (req, res, next) => { const clientIp = getClientIp(req) const limit = await rateLimiter.get({ id: clientIp }) if (!res.writableEnded) { res.setHeader('X-Rate-Limit-Limit', limit.total) res.setHeader('X-Rate-Limit-Remaining', Math.max(0, limit.remaining - 1)) res.setHeader('X-Rate-Limit-Reset', limit.reset) } return !limit.remaining ? sendFail({ req, res, code: HTTPStatus.TOO_MANY_REQUESTS, message: MESSAGES.RATE_LIMIT_EXCEDEED() }) : next(req, res) } ``` For scenarios where you want to check the limit status before consuming a request, you should to pass `{ peek: true }`: ```js const apiQuota = async (req, res, next) => { const clientIp = getClientIp(req) // Check rate limit status without consuming a request const status = await rateLimiter.get({ id: clientIp, peek: true }) if (status.remaining === 0) { return sendFail({ req, res, code: HTTPStatus.TOO_MANY_REQUESTS, message: MESSAGES.RATE_LIMIT_EXCEDEED() }) } // Consume a request const limit = await rateLimiter.get({ id: clientIp }) if (!res.writableEnded) { res.setHeader('X-Rate-Limit-Limit', limit.total) res.setHeader('X-Rate-Limit-Remaining', limit.remaining) res.setHeader('X-Rate-Limit-Reset', limit.reset) } return next(req, res) } ``` ## API ### constructor(options) It creates an rate limiter instance. #### options ##### db _Required_<br> Type: `object` The redis connection instance. ##### max Type: `number`<br> Default: `2500` The maximum number of requests within `duration`. ##### duration Type: `number`<br> Default: `3600000` How long keep records of requests in milliseconds. ##### namespace Type: `string`<br> Default: `'limit'` The prefix used for compound the key. ##### id Type: `string` The identifier to limit against (typically a user id). You can pass this value using when you use `.get` method as well. ### .get(options) Given an `id`, returns a Promise with the status of the limit with the following structure: - `total`: `max` value. - `remaining`: number of calls left in current `duration` without decreasing current `get`. - `reset`: time since epoch in seconds that the rate limiting period will end (or already ended). #### options ##### id Type: `string` Default: `this.id` The identifier to limit against (typically a user id). ##### max Type: `number`</br> Default: `this.max` The maximum number of requests within `duration`. If provided, it overrides the default `max` value. This is useful for custom limits that differ between IDs. ##### duration Type: `number`</br> Default: `this.duration` How long keep records of requests in milliseconds. If provided, it overrides the default `duration` value. ##### peek Type: `boolean`<br> Default: `false` When set to `true`, returns the current rate limit status **without consuming a request**. This is useful for checking the current rate limit status before deciding whether to proceed with an operation. ### defineCommand It provides the command definition so you can load it into any [ioredis](https://github.com/redis/ioredis) instance: ```js const Redis = require('ioredis') const redis = new Redis(uri, { scripts: { ...require('async-ratelimiter').defineCommand } }) ``` ## Related - [express-slow-down](https://github.com/nfriedly/express-slow-down) – Slow down repeated requests; use as an alternative (or addition) to express-rate-limit. ## License **async-ratelimiter** © [microlink.io](https://microlink.io), released under the [MIT](https://github.com/microlinkhq/async-ratelimiter/blob/master/LICENSE.md) License.<br> Authored and maintained by [Kiko Beats](https://kikobeats.com) with help from [contributors](https://github.com/microlinkhq/async-ratelimiter/contributors). > [microlink.io](https://microlink.io) · GitHub [microlink.io](https://github.com/microlinkhq) · X [@microlinkhq](https://x.com/microlinkhq)