digital-telepresence
/
dtp-express-limiter
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Our fork of express-limiter
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
20 Commits
1 Branch
0 Tags
70 KiB
 
 
Tree: 3bbe5895c0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3bbe5895c0'
${ noResults }
Dustin Diaz 3bbe5895c0
`limiter` 		11 years ago
tests now with tests :) 11 years ago
.gitignore eureka 11 years ago
LICENSE Initial commit 11 years ago
Makefile testing setup 11 years ago
README.md `limiter` 11 years ago
index.js whitelist method added 11 years ago
package.json package fixes 11 years ago

README.md

Express rate-limiter

Rate limiting middleware for Express applications built on redis

npm install express-limiter --save

var express = require('express')
var app = express()
var client = require('redis').createClient()

var limiter = require('express-limiter')(app, client)

limiter({
  path: '/api/action',
  method: 'get',
  lookup: ['connection.remoteAddress'],
  // 150 requests per hour
  total: 150,
  expire: 1000 * 60 * 60
})

app.get('/api/action', function (req, res) {
  res.send(200, 'ok')
})

API options

limiter(options)
  • path: String route path to the request
  • method: String http method. accepts get, post, put, delete, and of course Express' all
  • lookup: String|Array.<String> value lookup on the request object. Can be a single value or array. See examples for common usages
  • total: Number allowed number of requests before getting rate limited
  • expire: Number amount of time in ms before the rate-limited is reset
  • whitelist: function(req) optional param allowing the ability to whitelist. return boolean, true to whitelist, false to passthru to limiter.

Examples

// limit by IP address
limiter({
  lookup: 'connection.remoteAddress'
})

// or if you are behind a trusted proxy (like nginx)
limiter({
  lookup: 'headers.x-forwarded-for'
})

// by user (assuming a user is logged in with a valid id)
limiter({
  lookup: 'user.id'
})

// limit your entire app
limiter({
  path: '*',
  method: 'all',
  lookup: 'connection.remoteAddress'
})

// limit users on same IP
limiter({
  path: '*',
  method: 'all',
  lookup: ['user.id', 'connection.remoteAddress']
})

// whitelist user admins
limiter({
  path: '/delete/thing',
  method: 'post',
  lookup: 'user.id',
  whitelist: function (req) {
    return !!req.user.is_admin
  }
})

License MIT

Happy Rate Limitting!