Skip to content

thepicture/header-order-rate-limit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits

.github/workflows

.github/workflows

 
 

test

test

 
 

README.md

README.md

 
 

index.js

index.js

 
 

package.json

package.json

 
 

Repository files navigation

header-order-rate-limit

Rate limits http requests based on header order

Installation

npm install header-order-rate-limit

Usage

const express = require("express");

const HeaderOrderRateLimiter = require("header-order-rate-limit");

const limiter = new HeaderOrderRateLimiter({
  perLastMilliseconds: 10000,
});

const port = 3000;
const app = express();

app.use(({ headers }, res, next) => {
  delete headers["if-none-match"];
  delete headers["cache-control"];
  delete headers["pragma"];

  if (limiter.check(headers)) return res.end("blocked!");

  limiter.track(headers);

  return next();
});

app.get("/", (_, res) => {
  res.send("passed!");
});

app.listen(port);

API

constructor(options)

Creates a new HeaderOrderRateLimiter instance with the specified options.

options: (optional) An object containing the rate limiting options: blockWhenAttemptsReach: Number of attempts allowed within the specified time window. Default: 3.

perLastMilliseconds: Time window in milliseconds to track attempts. Default: 3000.

useBackOffFactor: Expands the track window as new requests come so it becomes harder to make periodic fetches to avoid detection. Default: true.

calculateBackOffDeltaMilliseconds: (blockWhenAttemptsReach: number, rate: number[]) => void: Overrides back-off function. Default:

one millisecond * (count of order requests - 3)

First argument is max amount of requests before block.

Second argument is consecutive history of request unix times in milliseconds from old to new.

track(headers, { dateNow })

Tracks the timestamp of a request based on the provided headers.

headers: An object representing the headers of the request.

dateNow: (optional) A timestamp (EpochTimeStamp) representing the current time. If not provided, the current system time will be used. Returns the timestamp when the request was tracked.

check(headers, { dateNow })

Checks if a request has hit the rate limit based on the provided headers.

headers: An object representing the headers of the request.

dateNow: (optional) A timestamp (EpochTimeStamp) representing the current time. If not provided, the current system time will be used. Returns true if the request has hit the rate limit, otherwise false.

Test

npm test

About

Rate limits requests based on http headers order

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages