UNPKG

rate-limiter-flexible

Version:

Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM

github.com/animir/node-rate-limiter-flexible

animir/node-rate-limiter-flexible

189 lines (167 loc) 5.74 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
const RateLimiterStoreAbstract = require('./RateLimiterStoreAbstract'); const RateLimiterRes = require('./RateLimiterRes'); const incrTtlLuaScript = `redis.call('set', KEYS[1], 0, 'EX', ARGV[2], 'NX') \ local consumed = redis.call('incrby', KEYS[1], ARGV[1]) \ local ttl = redis.call('pttl', KEYS[1]) \ if ttl == -1 then \ redis.call('expire', KEYS[1], ARGV[2]) \ ttl = 1000 * ARGV[2] \ end \ return {consumed, ttl} \ `; class RateLimiterRedis extends RateLimiterStoreAbstract { /** * * @param {Object} opts * Defaults { * ... see other in RateLimiterStoreAbstract * * redis: RedisClient * rejectIfRedisNotReady: boolean = false - reject / invoke insuranceLimiter immediately when redis connection is not "ready" * } */ constructor(opts) { super(opts); this.client = opts.storeClient; this._rejectIfRedisNotReady = !!opts.rejectIfRedisNotReady; this._incrTtlLuaScript = opts.customIncrTtlLuaScript || incrTtlLuaScript; this.useRedisPackage = opts.useRedisPackage || this.client.constructor.name === 'Commander' || false; this.useRedis3AndLowerPackage = opts.useRedis3AndLowerPackage; if (typeof this.client.defineCommand === 'function') { this.client.defineCommand("rlflxIncr", { numberOfKeys: 1, lua: this._incrTtlLuaScript, }); } } /** * Prevent actual redis call if redis connection is not ready * Because of different connection state checks for ioredis and node-redis, only this clients would be actually checked. * For any other clients all the requests would be passed directly to redis client * @return {boolean} * @private */ _isRedisReady() { if (!this._rejectIfRedisNotReady) { return true; } // ioredis client if (this.client.status && this.client.status !== 'ready') { return false; } // node-redis client if (typeof this.client.isReady === 'function' && !this.client.isReady()) { return false; } return true; } _getRateLimiterRes(rlKey, changedPoints, result) { let [consumed, resTtlMs] = result; // Support ioredis results format if (Array.isArray(consumed)) { [, consumed] = consumed; [, resTtlMs] = resTtlMs; } const res = new RateLimiterRes(); res.consumedPoints = parseInt(consumed); res.isFirstInDuration = res.consumedPoints === changedPoints; res.remainingPoints = Math.max(this.points - res.consumedPoints, 0); res.msBeforeNext = resTtlMs; return res; } async _upsert(rlKey, points, msDuration, forceExpire = false) { if( typeof points == 'string' ){ if(!RegExp("^[1-9][0-9]*$").test(points)){ throw new Error("Consuming string different than integer values is not supported by this package"); } } else if (!Number.isInteger(points)){ throw new Error("Consuming decimal number of points is not supported by this package"); } if (!this._isRedisReady()) { throw new Error('Redis connection is not ready'); } const secDuration = Math.floor(msDuration / 1000); const multi = this.client.multi(); if (forceExpire) { if (secDuration > 0) { if(!this.useRedisPackage && !this.useRedis3AndLowerPackage){ multi.set(rlKey, points, "EX", secDuration); }else{ multi.set(rlKey, points, { EX: secDuration }); } } else { multi.set(rlKey, points); } if(!this.useRedisPackage && !this.useRedis3AndLowerPackage){ return multi.pttl(rlKey).exec(true); } return multi.pTTL(rlKey).exec(true); } if (secDuration > 0) { if(!this.useRedisPackage && !this.useRedis3AndLowerPackage){ return this.client.rlflxIncr( [rlKey].concat([String(points), String(secDuration), String(this.points), String(this.duration)])); } if (this.useRedis3AndLowerPackage) { return new Promise((resolve, reject) => { const incrCallback = function (err, result) { if (err) { return reject(err); } return resolve(result); }; if (typeof this.client.rlflxIncr === 'function') { this.client.rlflxIncr(rlKey, points, secDuration, this.points, this.duration, incrCallback); } else { this.client.eval(this._incrTtlLuaScript, 1, rlKey, points, secDuration, this.points, this.duration, incrCallback); } }); } else { return this.client.eval(this._incrTtlLuaScript, { keys: [rlKey], arguments: [String(points), String(secDuration), String(this.points), String(this.duration)], }); } } else { if(!this.useRedisPackage && !this.useRedis3AndLowerPackage){ return multi.incrby(rlKey, points).pttl(rlKey).exec(true); } return multi.incrBy(rlKey, points).pTTL(rlKey).exec(true); } } async _get(rlKey) { if (!this._isRedisReady()) { throw new Error('Redis connection is not ready'); } if(!this.useRedisPackage && !this.useRedis3AndLowerPackage){ return this.client .multi() .get(rlKey) .pttl(rlKey) .exec() .then((result) => { const [[,points]] = result; if (points === null) return null; return result; }); } return this.client .multi() .get(rlKey) .pTTL(rlKey) .exec(true) .then((result) => { const [points] = result; if (points === null) return null; return result; }); } _delete(rlKey) { return this.client .del(rlKey) .then(result => result > 0); } } module.exports = RateLimiterRedis;