Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add rate limiting #81

Closed
ekryski opened this Issue Feb 25, 2016 · 4 comments

Comments

Projects
None yet
4 participants
@ekryski
Copy link
Member

ekryski commented Feb 25, 2016

It would be a good idea to have rate limiting on auth routes by default. Currently I'm using https://www.npmjs.com/package/express-rate-limit in https://github.com/feathersjs/feathers-demos.

@ekryski

This comment has been minimized.

Copy link
Member Author

ekryski commented Mar 12, 2016

Since infrastructure is pretty custom and there are various ways you can do rate limiting (a proxy like nginx, app level, feathers service level, etc.) i don't think this should be baked into the core plugin. It should be left up to the user to do outside of the plugin in order to maintain flexibility.

For example, you can add rate limiting to the auth service out side of the plugin.

const limiter = require('express-rate-limit');
// Set up rate limiting the individual services with independent options.
app.use('/auth/local', limiter());
app.use('/auth/token', limiter());

@ekryski ekryski closed this Mar 12, 2016

@elfey

This comment has been minimized.

Copy link

elfey commented Mar 3, 2017

Does express-rate-limit cover sockets as well? I'd assume this is exposed only to REST calls.

@marshallswain

This comment has been minimized.

Copy link
Member

marshallswain commented Mar 3, 2017

@elfey I'm interested in collaborating on a plugin based on https://www.npmjs.com/package/fast-ratelimit unless you have something better in mind.

@TimNZ

This comment has been minimized.

Copy link

TimNZ commented Feb 8, 2018

Someone had a stab, simple hook around fast-ratelimit

https://github.com/AZaviruha/feathers-hooks-ratelimit

Realistically any real world rate limiting solution needs to work across servers/instances, at the edge, with the load balancers.

This is where API gateways solutions are handy, with deep packet inspection and rules.

AWS and co will devour everything eventually.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.