guys-rate-limiter v1.0.1
guy-rate-limiter
A distrebuted Rate Limiter Allowing each user to perform up to 500 requests in a 60 seconds time frame.
Install
$ npm install --save guy-rate-limiterConfiguration
The Default Rate Limiter Redis Configuration uses: host = 127.0.0.1 port = 6379
To Change it set the environment variables:
RATE_LIMIT_REDIS_PORT
RATE_LIMIT_REDIS_HOST
By running:
$ export RATE_LIMIT_REDIS_PORT=[REDIS_PORT]
$ export RATE_LIMIT_REDIS_HOST=[REDIS_HOST]Or in any other way
you could alse set environment variable:
RATE_LIMIT_REDIS_URL
USAGE EXAMPLE
export RATE_LIMIT_REDIS_PORT=6378 There are two options to use:
- use as an express middleware
const express = require('express')
const rateLimiter = require('guy-rate-limiter');
const app = express();
const port = 3000;
app.use((req, res, next) => {
req.userID = req.query.uid || 'UNKNOWN';
next();
});
const rateLimitMiddleware = rateLimiter.getExpressMiddleware('ip');
app.use(rateLimitMiddleware);
app.get('/', function (req, res) {
res.send(`Hello ${req.userID}`);
});
app.listen(port)- use only the rate limitter
const rateLimiter = require('guy-rate-limiter');
rateLimiter.handleUserRequest(userId,(err,allow) => {
if(err) {
//handle error
}
else if (!allow){
//handle block
}
else {
//handle allow
}
});Testing
In order to test run:
$ npm testMethod and Considerations
Using sliding window to be accurate on a time frame.
Using redis sorted sets for fast deleting
Using redis Transactions - All commands reading and updating the user rate run atomically by Redis sending back only the number of connections in the last minute.
Any request is counted. Even blocked ones - that way we don't encourage users to send less requests (and not just keep on sending knowing they that if they exceed the rate limit they will still get the maximum they can).
for each user we save all the last minute timestamps and for every request we: 1. remove the outdated timestamps. 2. return the number of timestamps in the current minute window. 3. add the new time stamp