redis-backoff v1.0.0

redis-backoff

Exponential backoff using redis. Designed specifically for passwords.

Example

var backoff = require('redis-backoff')({
  client: require('then-redis').createClient('tcp://localhost')
});

app.use(function* (next) {
  var credentials = yield parse(this);

  var username = credentials.username;

  // keys to limit against
  var keys = [
    username, // limit by the username
    this.ip, // limit by the ip
  ];

  // tell the client it needs to wait
  var retryAfter = yield backoff.check(keys);
  if (retryAFter) {
    this.status = 403;
    this.response.set('Retry-After', Math.ceil(retryAfter / 1000));
    return;
  }

  var password = credentials.password;

  var user = yield User.getByUsername(username);
  var valid = yield User.checkPassword(user, password);

  if (!valid) {
    // give a bad response and push and remember this bad try
    yield backoff.push(keys);
    this.status = 400;
    return;
  }

  // if the password is valid, clear the retries
  yield backoff.clear(keys)
  this.status = 200; // log the user in or something
})

API

var backoff = new Backoff(options)

• client - a then-redis client
• backoff - a custom backoff function of the form #retries -> millisecond timeout.

backoff.check(keys).then( retryAfter => )

Checks all the keys whether to backoff. Returns the time to wait in milliseconds.

backoff.push(keys).then( => )

Add a bad try to all the keys. The lock period starts from the current time.

backoff.clear(keys).then( => )

Clear all retries from the keys.