ExpressRedisRateLimit
Rate limit middleware for express using redis in-memory store.
Installation
npm i --save express-redis-rate-limit
Usage
ExpressRedisRateLimit takes two arguments: a redis client instance and an options object.
var express = redis = rateLimit = ; var app = ;app;
Options
requestLimit
type=Integer
default=60
The number of requests allowed within time window.
timeWindow
type=Number
default=60
The time frame for request limit in seconds.
enforceRequestSpreading
type=Boolean
default=false
When true ensures requests are spread evenly throughout time window. This will modify request limit and time window options to per request values (ie. requestLimit=60
and timeWindow=120
will become requestLimit=1
and timeWindow=2
).
idMatcher
type=Regexp|Boolean
default=/[a-z0-9]{24}$/
A regular expression to match IDs within request. Set to false to stop behavior. Defaults to a MongoDB document ID matcher.
idValue
type=String
default=':id'
A string to replace ID regexp matches.
createKey
type=function
default=
{ return 'RL/' + reqip + '/' + reqmethod + requrl;}
A function for creating cache keys. Accepts express request object.
rateLimitMessage
type=function|Object
default=
{ return error: message: "Rate limit reached. Try again in " + + "." timeout: ttl type: 'RATE_LIMIT' ;}
A function or object for creating rate limit response message objects. Functions accept TTL integer representing milliseconds until next request is allowed.
internalErrorMessage
type=Object
default=
error: message: "Internal server error." type: 'INTERNAL_SERVER_ERROR'
An object returned in the event of an error.
Headers
X-RateLimit-Limit - The maximum number of requests allowed within time window.
X-RateLimit-Remaining - The remaining number of requests allowed within time window.
X-RateLimit-Window - The total length of the time window in milliseconds.
X-RateLimit-Reset - The length of time remaining within time window in milliseconds.
Testing
npm test