UNPKG

express-brute-guard

Version:

A customizable and production-ready rate-limiting middleware for Node.js.

github.com/Taran1508/express-brute-guard/

Taran1508/express-brute-guard

189 lines (123 loc) โ€ข 4.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
## ๐Ÿ›ก๏ธ Express-Brute-Guard A lightweight, customizable, and production-ready rate-limiting middleware for Node.js, designed to protect APIs from brute-force and abuse attacks. Built with in-memory storage and optional headers, with support for auto-cleanup of expired IP entries. --- ### ๐Ÿš€ Features - ๐Ÿ”’ Per-IP rate limiting - โฒ๏ธ Configurable request window and block duration - โšก Fast in-memory store - ๐Ÿ“ก Customizable response headers - ๐Ÿงน Auto cleanup of expired entries (no cron needed) - ๐Ÿงฑ Pluggable store system (Redis/DB support planned for v2) --- ### ๐Ÿ“ฆ Installation ```bash bash npm install express-brute-guard ``` --- ### ๐Ÿ“š Usage ``` typescript import express from 'express'; import { BruteGuard } from 'express-brute-guard'; const app = express(); const bruteGuard = new BruteGuard({ maxRequests: 5, windowMs: 10 * 60 * 1000, // 10 minutes blockDuration: 5 * 60 * 1000, // 5 minutes errormessage: 'Too many attempts. Please try again later.', headers: true, // Add X-RateLimit-* headers }); // Apply middleware app.use((req, res, next) => bruteGuard.createGuard(req, res, next)); // Your routes app.get('/', (req, res) => { res.send('Welcome!'); }); app.listen(3000, () => console.log('Server running on port 3000')); ``` ### ๐Ÿ“ฆ Default Export (Plug & Play Middleware) If you just want to use BruteGuard with default or minimal config: ``` typescript import bruteGuard from 'express-brute-guard'; import express from 'express'; const app = express(); // Apply brute-force protection globally app.use(bruteGuard.createGuard()); app.listen(3000, () => { console.log('Server running on port 3000'); }); ``` > โœ… Best for: Quick setup and global protection. ### โš™๏ธ Named Export (Custom Configs per Route) If you need custom configurations (e.g., different rate limits per route): ``` typescript import { BruteGuard } from 'express-brute-guard'; import express from 'express'; const app = express(); // Create multiple instances with custom configs const loginLimiter = new BruteGuard({ maxRequests: 5, windowMs: 60 * 1000, // 1 minute }); const signupLimiter = new BruteGuard({ maxRequests: 2, windowMs: 5 * 60 * 1000, // 5 minutes }); // Apply per-route brute-force protection app.post('/login', loginLimiter.createGuard(), (req, res) => { res.send('Login route'); }); app.post('/signup', signupLimiter.createGuard(), (req, res) => { res.send('Signup route'); }); app.listen(3000, () => { console.log('Server running on port 3000'); }); ``` > ๐Ÿ”ง Best for: Apps needing fine-grained control, customization, or testing. --- ### โš™๏ธ Options | Option | Type | Default | Description | | --------------- | --------- | --------------------- | ----------------------------------------------------- | | `maxRequests` | `number` | `10` | Max requests allowed before blocking | | `windowMs` | `number` | `5 * 60 * 1000` | Time window for tracking requests (in ms) | | `blockDuration` | `number` | `3 * 60 * 1000` | How long to block the IP after limit exceeded (in ms) | | `statusCode` | `number` | `429` | HTTP status code for blocked requests | | `errormessage` | `string` | `'Too many Requests'` | Message shown when limit is exceeded | | `headers` | `boolean` | `true` | Whether to set rate-limit headers | | `store` | `any` | `memoryStore` | Optional custom store (e.g., Redis support in v2) | --- ### ๐Ÿง  How It Works - Each IP gets tracked on request. - If requests exceed `maxRequests` in `windowMs`, IP is **temporarily blocked**. - If an entry expires, it is automatically **cleaned up** by a background process using `setInterval`. --- ### ๐Ÿ”ฎ Coming in v2 - โœ… Redis store support - โœ… Sliding window algorithm - โœ… Per-route configuration - โœ… Type-safe middleware usage - โœ… Dashboard / monitoring integration --- ### ๐Ÿงช Testing Basic test setup (optional): ```bash bash npm install --save-dev jest supertest ``` You can write tests to validate: - Blocking after limit - Reset after window - Cleanup behavior --- ## ๐Ÿค Contributing PRs and feature requests are welcome! Open issues or reach out via GitHub. ### ๐Ÿง‘โ€๐Ÿ’ป Author Developed by [Taran Mesala](https://github.com/Taran1508) For support or feature requests, open an issue. --- ## ๐Ÿ“„ License This project is licensed under the [MIT License](./LICENSE).