@justpsst/iprequestlimiter

Middleware for limiting requests by route. It's designed for ExpressJS and uses Redis as storage.

Usage no npm install needed!

<script type="module">
  import justpsstIprequestlimiter from 'https://cdn.skypack.dev/@justpsst/iprequestlimiter';
</script>

README

Documentation

Description

Middleware for limiting requests by route. It's designed for ExpressJS and uses Redis as storage.

Installation

npm install --save @justpsst/iprequestlimiter

Usage

import { ipLimiter } from '@justpsst/iprequestlimiter';

router.get('/', ipLimiter(config), (request, response) => {...});

Config interface

Property Type Default Description
delays number[], optional [10, 20, 30, 40, 50, 60] Delay between requests in seconds. In case when request comes before delay timer expires, delay timer would be increased (10 > 20 > 30 ...)
storeKey string, optional "ipLimiter" Key for redis to identify request. In redis it would be stored like ${storeKey}_${path}_${clientIp}
increaseByLimitReached number, optional 0 Number of seconds, which would be added to delay timer in case when 'delays' array reaches it's limit
redisOptions redis.ClientOpts, optional {} Redis options described here: https://www.npmjs.com/package/redis
freeAttempts number, optional 0 Number of free attempts, when delay timer won't be used
freeAttemptsUnlockDelay number, optional 0 Number of seconds, which is needed to refresh attemptsLeft

Behavior

When a request comes to a server, middleware checks free attempts left. Middleware modifies request object when free attempts are greater than 0 or delay timer is expired/not set up.

Object.assign(request, { delay: requestLimitInfo });

requestLimitInfo interface

Property Type Description
delay number Delay until next request in seconds
attemptsLeft number Free attempts left. Delay timer will be 0 in case when attemptsLeft is greater than 0
nextRequestTime string, optional Time in ISO string format. It describes the time when the delay timer will be refreshed. In case when request comes before delay timer expires, delay timer would be increased (10 > 20 > 30 ...)
freeAttemptsUnlockTime string, optional Time in ISO string format. It describes the time when the freeAttempts will be refreshed. In case when request comes before unlock timer releases, free attempts would be decreased by 1
{
  delay: number,
  attemptsLeft: number,
  nextRequestTime?: string,
  freeAttemptsUnlockTime?: string
}

In case when delay timer is not expired, the server will return the error code '429' with the response object.

return responce.status(429).send(requestLimitInfo);