Skip to content

jan876/express-rate-limit

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Express Rate Limit

Build Status NPM version Dependency Status Development Dependency Status

Basic rate-limiting middleware for Express. Use to limit access to public endpoints such as account creation and password reset.

Note: this module does not share state with other processes/servers, so if you need a more robust solution, I recommend checking out the excellent strict-rate-limiter

Install

$ npm install --save express-rate-limit

Usage

var RateLimit = require('express-rate-limit');

app.enable('trust proxy'); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS if you use an ELB, custom Nginx setup, etc)

// default options shown below
var limiter = RateLimit({
        // window, delay, and max apply per-ip unless global is set to true
        windowMs: 60 * 1000, // miliseconds - how long to keep records of requests in memory
        delayMs: 1000, // milliseconds - base delay applied to the response - multiplied by number of recent hits from user's IP
        max: 5, // max number of recent connections during `window` miliseconds before (temporarily) bocking the user.
        global: false, // if true, IP address is ignored and setting is applied equally to all requests
        message: 'You have been very naughty.. No API response for you!!' // if message is set, the provide message will be shown instead of `Too many requests, please try again later.`
});

// for an API-only web app, you can apply this globally
app.use(limiter);

// for a "regular" website, apply this only to specific endpoints
app.post('/create-account', limiter, function(req, res) {
   // ...
}

You could apply this globally on a regular website, but be aware that it would then trigger on images, css, etc. So I wouldn't recommend it.

License

MIT © Nathan Friedly

About

Basic rate-limiting middleware for express

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 100.0%