-
Notifications
You must be signed in to change notification settings - Fork 0
rate limit
awekrx edited this page May 29, 2026
·
1 revision
import { rateLimit } from '@dev-suite/decorators/rate-limit'
method
Apply request quotas per time window.
- Timestamp arrays and window filtering in methods
- Custom throttle guards in endpoints
class LoginService {
private attempts: number[] = [];
requestOtp(phone: string) {
const now = Date.now();
this.attempts = this.attempts.filter((t) => now - t < 60_000);
if (this.attempts.length >= 5) throw new Error('Too many requests');
this.attempts.push(now);
return this.otp.send(phone);
}
}import { rateLimit } from '@dev-suite/decorators/rate-limit';
class LoginService {
@rateLimit({ maxCalls: 5, windowMs: 60_000 })
requestOtp(phone: string) {
return this.otp.send(phone);
}
}- Window policy is declared once and reused.
- Method no longer manages timestamp state manually.
class ApiService {
private byUser = new Map<string, number[]>();
call(userId: string) {
const now = Date.now();
const arr = this.byUser.get(userId) ?? [];
const next = arr.filter((t) => now - t < 1000);
if (next.length >= 10) throw new Error('Rate limited');
next.push(now);
this.byUser.set(userId, next);
return this.remote.call();
}
}import { rateLimit } from '@dev-suite/decorators/rate-limit';
class ApiService {
@rateLimit({ maxCalls: 10, windowMs: 1000, keyResolver: ([userId]) => String(userId) })
call(userId: string) {
return this.remote.call();
}
}- Per-user/per-tenant limits are easy with keyResolver.
- Less bug-prone than custom throttling code.