This package counts the incoming client requests and determines whether a requesting client has reached a specified request threshold per defined timeframe
Installation:
npm i http-ratelimit
Example Usage:
consthttp=require("http"); // also works with the https packageconstrateLimit=require("http-ratelimit");
http.createServer((req, res) => {
rateLimit.inboundRequest(req); // this function has to run in the createServer callback, optimally at the very top of it like shown hereif(rateLimit.isRateLimited(req, 20) ===true) { // this checks whether the request is from an IP that has already sent x amount of requests in the defined timeframe (two minutes in this example). x is specified with the second attribute.// if this part is reached, that means the requester has sent more than 20 requests in two minutes// it is best to end the request here with status code 429, like the following lines suggest:res.writeHead(429, {"Content-Type":"text/plain; utf-8"});
res.end("Too many requests - max is 20 requests in two minutes");
}
else {
// the requester has sent less than 20 requests in the defined timeframe (two minutes in this example)// do your normal stuff hereres.writeHead(200, {"Content-Type":"text/plain; utf-8"});
res.end("https://data.whicdn.com/images/325197845/superthumb.jpg");
}
}).listen(80, null, err=> {
if(!err) {
// server was successfully startedrateLimit.init(2, true); // HTTP-RateLimit has to be initialized before running any other function. It's best to put it right in here.// In this example, a timeframe of two minutes is chosen (first parameter) - (defaults to 1 if left undefined)// If you are using a reverse proxy, the second parameter has to be set to true - (defaults to false if left undefined)console.log("success");
}
else {
// error while starting serverconsole.log(`Error: ${err}`);
process.exit(1);
}
});
Function List:
rateLimit.init(timeframe: Number, usingReverseProxy: Boolean) - Initializes all variables etc. | If you are using a reverse proxy, make sure to set the second parameter to true as then the IP address has to be pulled from the "x-forwarded-for" request header
rateLimit.inboundRequest(req: http.IncomingMessage) - Adds the requestee's IP address to the list of requests per timeframe
rateLimit.isRateLimited(req: http.IncomingMessage, requestLimitPerMinute: Number) - Checks if the request's IP address occurs more than requestLimitPerMinute times in the above mentioned list and should therefore be rate limited | Returns true or false
The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.