Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add rate limiter #733

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions src/middleware/rateLimiter.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
import rateLimit from 'express-rate-limit';
import { Express } from '../types';

export const rateLimiter: Express.MiddleWare = rateLimit({
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a possible way we can allow specific IP addresses to not get stopped by the rate limiter? For instance, Nkọwa okwu uses the Igbo API and shouldn't be rate limited the same where an individual user should be rate limited

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I think this is posssible. We can have the IP addresses in a whitelist file. In the middleware, we read the file to get these addresses then call the next function if the incoming request IP is same as any of the whitelisted IP address.

Does this make sense?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, that makes a lot of sense - do you know of any guides/tutorials/articles that walk through this process specifically for rate limiting node js / express apps?

i believe you can get a shortlist of valid GCP server IP addresses that we can whitelist since we are deploying this project on GCP

windowMs: 15 * 60 * 1000, // 15 minutes in milliseconds
max: 20,
message: 'Too many requests, please try again later',
standardHeaders: true,
legacyHeaders: false,
});
14 changes: 3 additions & 11 deletions src/routers/router.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import express from 'express';
import rateLimit from 'express-rate-limit';
import { Express } from '../types';
import { getWords, getWord } from '../controllers/words';
import { getExamples, getExample } from '../controllers/examples';
Expand All @@ -11,25 +10,18 @@ import validateApiKey from '../middleware/validateApiKey';
import validateAdminApiKey from '../middleware/validateAdminApiKey';
import attachRedisClient from '../middleware/attachRedisClient';
import analytics from '../middleware/analytics';
import { rateLimiter } from '../middleware/rateLimiter';

const router = express.Router();

const FIFTEEN_MINUTES = 15 * 60 * 1000;
const REQUESTS_PER_MS = 20;
const createDeveloperLimiter: Express.MiddleWare = rateLimit({
windowMs: FIFTEEN_MINUTES,
max: REQUESTS_PER_MS,
});

// Google Analytics
router.use(analytics);
router.use(analytics, rateLimiter);

router.get('/words', validateApiKey, attachRedisClient, getWords);
router.get('/words/:id', validateApiKey, validId, attachRedisClient, getWord);
router.get('/examples', validateApiKey, attachRedisClient, getExamples);
router.get('/examples/:id', validateApiKey, validId, attachRedisClient, getExample);

router.post('/developers', createDeveloperLimiter, validateDeveloperBody, postDeveloper);
router.post('/developers', validateDeveloperBody, postDeveloper);

router.get('/stats', validateAdminApiKey, attachRedisClient, getStats);

Expand Down
3 changes: 3 additions & 0 deletions src/routers/routerV2.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,12 @@ import validId from '../middleware/validId';
import validateApiKey from '../middleware/validateApiKey';
import analytics from '../middleware/analytics';
import attachRedisClient from '../middleware/attachRedisClient';
import { rateLimiter } from '../middleware/rateLimiter';

const routerV2 = express.Router();

routerV2.use(rateLimiter);

routerV2.get('/words', analytics, validateApiKey, attachRedisClient, getWords);
routerV2.get('/words/:id', analytics, validateApiKey, validId, attachRedisClient, getWord);
routerV2.get('/examples', analytics, validateApiKey, attachRedisClient, getExamples);
Expand Down