README
light-express-rate-limiter
light-express-rate-limiter is a super lightweight, customizable middleware designed for security in ExpressJS. By configuration, you can block requests if too many are made by the same IP. Because of the nature of middleware, this can be applied to only desired routes, or all routes.
Installation
npm install light-express-rate-limiter
Usage
const express = require('express');
const app = express();
const LightRateLimiter = require('light-express-rate-limiter');
const config = {
minuteInterval: 15, // default value is 15
requestAmountBeforeBan: 50, // default value is 50
rejectionCode: 401 // default value is 401
};
const limiter = new LightRateLimiter(config);
app.use(limiter.limit);
// The map for all requests can be modified directly
// A good use case for this is to clear requests
console.log(limiter.accessMap);
Additional configurations
onReject
This executes right before rejection. It expects a function, and if it returns a promise, it will wait for that promise to finish before rejecting.
const config = {
minuteInterval: 15,
requestAmountBeforeBan: 50,
rejectionCode: 401,
onReject: () => console.log('right before rejection')
};
onSuccess
This executes right before succeeding. It expects a function, and if it returns a promise, it will wait for that promise to finish before succeeding and calling next().
const config = {
minuteInterval: 15,
requestAmountBeforeBan: 50,
rejectionCode: 401,
onSuccess: () => console.log('right before succeeding')
};
rejectionResponse
Optional response to send when rejecting.
Defaults to "Access denied - too many requests."
additionalLoggedFields
You can add any other fields you want to be logged, that are directly in the req object
Defaults to ['method', 'headers', 'body']
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.