UNPKG

lightweight-api-rate-limiter

Version:

A robust, framework-agnostic rate limiter for Node.js applications, built for scalability and ease of use

github.com/imankii01/lightweight-api-rate-limiter

imankii01/lightweight-api-rate-limiter

135 lines (121 loc) 4.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
const fs = require('fs').promises; const MemoryStore = require('./stores/memory'); const RedisStore = require('./stores/redis'); const { RateLimitError, ConfigurationError } = require('./errors'); const Metrics = require('./metrics'); /** * Creates a rate limiter middleware for Node.js applications. * @param {Object} options - Configuration options * @returns {Function} - Middleware function */ const rateLimiter = (options = {}) => { const { max = 100, windowMs = 60000, keyGenerator = (req) => req.ip || req.ctx?.ip, store = new MemoryStore(), redis = null, logEvents = false, logFile = null, onLimit = null, whitelist = [], blacklist = [], burstMax = 0, burstWindowMs = windowMs, dynamicLimit = null, addHeaders = true, useTokenBucket = false, tokensPerInterval = max, intervalMs = windowMs, metrics = false, } = options; const effectiveStore = redis ? new RedisStore(redis) : store; const metricsTracker = metrics ? new Metrics() : null; const log = async (message) => { if (logEvents) console.log(`[Rate Limiter] ${message}`); if (logFile) await fs.appendFile(logFile, `${new Date().toISOString()} - ${message}\n`); }; if (useTokenBucket && tokensPerInterval <= 0) { throw new ConfigurationError('tokensPerInterval must be positive when using token bucket'); } const middleware = async (req, res, next) => { const key = keyGenerator(req); const now = Date.now(); const clientIp = key.replace(/^::ffff:/, ''); if (whitelist.includes(clientIp)) { return next(); } if (blacklist.includes(clientIp)) { await log(`Blocked blacklisted key: ${clientIp}`); return sendError(res, 403, 'Forbidden'); } const effectiveMax = dynamicLimit ? dynamicLimit(req) : max; if (effectiveMax < 0) throw new ConfigurationError('Dynamic limit must be non-negative'); try { if (useTokenBucket) { const { tokens, resetTime } = await effectiveStore.consumeToken(key, tokensPerInterval, intervalMs); if (tokens < 1) { await log(`Key ${key} out of tokens`); if (addHeaders) setHeaders(res, tokensPerInterval, 0, resetTime); return onLimit ? onLimit(req, res, next) : sendError(res, 429, 'Too Many Requests'); } if (addHeaders) setHeaders(res, tokensPerInterval, tokens - 1, resetTime); } else { const { count, resetTime } = await effectiveStore.increment(key, effectiveMax, windowMs); let totalMax = effectiveMax; let totalCount = count; if (burstMax > 0 && count > effectiveMax) { const burstData = await effectiveStore.increment(`${key}:burst`, burstMax, burstWindowMs); totalMax = effectiveMax + burstMax; totalCount = effectiveMax + burstData.count; } if (totalCount > totalMax) { await log(`Key ${key} hit limit: ${totalCount}/${totalMax}`); if (addHeaders) setHeaders(res, totalMax, 0, resetTime); return onLimit ? onLimit(req, res, next) : sendError(res, 429, 'Too Many Requests'); } if (addHeaders) setHeaders(res, totalMax, totalMax - totalCount, resetTime); } if (metricsTracker) metricsTracker.recordRequest(key); next(); } catch (err) { await log(`Error: ${err.message}`); if (redis && effectiveStore instanceof RedisStore) { await log('Falling back to in-memory store'); const fallbackStore = new MemoryStore(); await fallbackStore.increment(key, effectiveMax, windowMs); next(); } else { throw new RateLimitError(err.message); } } }; // Framework-agnostic response handling const sendError = (res, status, message) => { if (res.ctx) { // Koa res.ctx.status = status; res.ctx.body = message; } else if (res.setHeader) { // Fastify res.status(status).send(message); } else { // Express or plain Node.js res.status(status).send(message); } }; const setHeaders = (res, limit, remaining, reset) => { const headers = { 'X-RateLimit-Limit': limit, 'X-RateLimit-Remaining': remaining, 'X-RateLimit-Reset': Math.ceil(reset / 1000), }; if (res.ctx) { // Koa Object.entries(headers).forEach(([key, value]) => res.ctx.set(key, value)); } else if (res.setHeader) { // Fastify Object.entries(headers).forEach(([key, value]) => res.header(key, value)); } else { // Express or plain Node.js res.set(headers); } }; middleware.getMetrics = () => metricsTracker ? metricsTracker.getStats() : null; return middleware; }; module.exports = rateLimiter;