HTTP request rate limiting for NestJS.
yarn add @voiceflow/nestjs-rate-limit
This package also requires you to have @voiceflow/nestjs-redis
installed since RateLimitModule
uses RedisModule
as a dependency.
The redis module can be setup in a couple different ways using forRootAsync
:
- A
RateLimitOptions
object can be provided viauseValue
. - A
useFactory
function can be provided to return aRateLimitOptions
object (or a promise for one!). - A class implementing
RateLimitOptions
can be provided usinguseClass
.
import { RateLimitModule, RateLimitService, RateLimitOptions } from '@voiceflow/nestjs-rate-limit';
@Module({
imports: [
RateLimitModule.forRootAsync({
imports: [],
// Union field, one of `useValue`, `useFactory`, or `useClass`:
useValue: {
serviceName: 'my-service',
points: 5,
duration: 60,
},
useFactory: () => getRateLimitConfig(),
useClass: RateLimitConfigService,
}),
],
})
export class AppModule {}
If you have an existing rate limit options object that you'd like to reuse, you can provide that in forRoot
.
const rateLimitOptions = { ... };
@Module({
imports: [
RateLimitModule.forRoot(rateLimitOptions),
],
})
export class AppModule {}
Once the RateLimitModule
is globally registered, RateLimitService
can be injected in other providers without having to import RateLimitModule
again.
By default no routes will be rate limited.
To apply rate limiting to a route or controller use RateLimitGuard
:
import { Controller, UseGuards } from '@nestjs/common';
import { RateLimitGuard } from '@voiceflow/nestjs-rate-limit';
@Controller()
@UseGuards(RateLimitGuard)
export class MyController {
/* ... */
}
The default token extractor will extract the user's token from the request headers or cookies.
For using cookies you must install cookie-parser
and configure it per the NestJS documentation.