ThinkJS ratelimit middlewate
To protect your applications from Brute Force Request.
npm install think-ratelimiter
// in middleware.js
const redis = require('redis');
const { port, host, password } = think.config('redis');
const db = redis.createClient(port, host, { password });
const ratelimiter = require('think-ratelimiter');
module.exports = {
// after router middleware
{
handle: ratelimit,
options: {
db,
errorMessage: 'Sometimes You Just Have To Slow Down',
headers: {
remaining: 'X-RateLimit-Remaining',
reset: 'X-RateLimit-Reset',
total: 'X-RateLimit-Limit'
},
resources: {
'test/test': {
id: ctx => ctx.ip,
max: 5,
duration: 7000 // ms
}
}
}
},
}
X-Ratelimit-Reset
is Unix timestamp (Epoch seconds).- When users exceed the access limit HTTP response status will be
429 Too Many Request
.