Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Abstract rate limiter for nodejs
branch: master

Update Readme.md

add links
latest commit 7505e1be39
Noam Shemesh noamshemesh authored

Readme.md

ratelimiter

Rate limiter for Node.js backed by Redis.

Release Notes

v2.0.1 - #9 by @ruimarinho - Update redis commands to use array notation.

v2.0.0 - API CHANGE - Change remaining to include current call instead of decreasing it. Decreasing caused an off-by-one problem and caller could not distinguish between last legit call and a rejected call.

Requirements

  • Redis 2.6.12+.

Installation

$ npm install ratelimiter

Example

Example Connect middleware implementation limiting against a user._id:

var id = req.user._id;
var limit = new Limiter({ id: id, db: db });
limit.get(function(err, limit){
  if (err) return next(err);

  res.set('X-RateLimit-Limit', limit.total);
  res.set('X-RateLimit-Remaining', limit.remaining - 1);
  res.set('X-RateLimit-Reset', limit.reset);

  // all good
  debug('remaining %s/%s %s', limit.remaining - 1, limit.total, id);
  if (limit.remaining) return next();

  // not good
  var delta = (limit.reset * 1000) - Date.now() | 0;
  var after = limit.reset - (Date.now() / 1000) | 0;
  res.set('Retry-After', after);
  res.send(429, 'Rate limit exceeded, retry in ' + ms(delta, { long: true }));
});

Result Object

  • total - max value
  • remaining - number of calls left in current duration without decreasing current get
  • reset - time in milliseconds until the end of current duration

Options

  • id - the identifier to limit against (typically a user id)
  • db - redis connection instance
  • max - max requests within duration [2500]
  • duration - of limit in milliseconds [3600000]

License

MIT

Something went wrong with that request. Please try again.