retra-ratelimit

A powerful continuous rate limiting extension for retra

Usage no npm install needed!

<script type="module">
  import retraRatelimit from 'https://cdn.skypack.dev/retra-ratelimit';
</script>

README

retra-ratelimit

A powerful continuous rate limiting extension for retra

GitHub | NPM

Install

npm i retra-ratelimit

Usage

First, require the package.

const RateLimiter = require('retra-ratelimit')

// ... create your retra app ^

const rl = new RateLimiter({
    // options
}, [
    // rules
])

app.use(rl.extension)

// ... start server v

Rules

Rules are Objects. Properties of a rule:

  • time required - How much time to look through logs for to find matching requests. This is an array, which looks like this: [5, 'seconds'] or [6, 'minutes']
  • limit required - How many requests to allow within this period of time
  • method - Request method
  • pathname - Request pathname. Can be a Regular Expression or a String.
  • blockMessage - Message to respond with when blocking (as error property of JSON response)

Options

Options:

  • cloudflare - If enabled, uses the CF-Connecting-IP header to detect client IPs
  • blockMessage - Message to respond with when blocking (used when no blockMessage is defined)
  • varyLimit- If enabled, varies limit for rules per request by up to 2 requests, making it harder for attackers to detect ratelimiting rules

Cluster usage

In the master process, don't start a server but create a RateLimiter.

When forking a worker, add it to the RateLimiter.

const worker = cluster.fork()

rl.addWorker(worker)

Inside of the worker, instruct the RateLimiter to defer ratelimiting logic to the parent process.

rl.deferToParent()

Disqualifying a Request from Rate Limiting

By disqualifying requests from rate limiting, legitimate requests may be allowed in unlimited quantity. (ex. successful login attempts)

req.disqualifyRL()