How to use rate-limiter-flexible - 10 common examples
To help you get started, we’ve selected a few rate-limiter-flexible examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
OriginProtocol / origin / origin-faucet / src / app.js View on Github 
function runApp(config) {
const app = express()
const token = new Token(config)
// Configure rate limiting. Allow at most 1 request per IP every 60 sec.
const opts = {
points: 1, // Point budget.
duration: 60 // Reset points consumption every 60 sec.
}
const rateLimiter = new RateLimiterMemory(opts)
const rateLimiterMiddleware = (req, res, next) => {
// Rate limiting only applies to the /tokens route.
if (req.url.startsWith('/tokens')) {
rateLimiter
.consume(req.connection.remoteAddress)
.then(() => {
// Allow request and consume 1 point.
next()
})
.catch(() => {
// Not enough points. Block the request.
console.log(`Rejecting request due to rate limiting.`)
res.status(429).send('<h2>Too Many Requests</h2>')
})
} else {
next()const Koa = require('koa')
const koaBody = require('koa-body')
const mount = require('koa-mount')
const graphqlHTTP = require('koa-graphql')
const { RateLimiterMemory } = require('rate-limiter-flexible')
const app = new Koa()
const getVideo = require('./getvid')
const gql = require('./gql')
app.proxy = true
app.use(koaBody())
// Ratelimit, prevent someone from abusing the demo site
const limiter = new RateLimiterMemory({
points: 10,
duration: 3600
})
app.use(async (ctx, next) => {
let allowed = true
try {
await limiter.consume(ctx.ip)
await next()
} catch (e) {
ctx.status = 429
ctx.body = 'Too Many Requests'
allowed = false
}
console.log('Request IP: %s, Allowed: %s, Url: %s', ctx.ip, allowed, ctx.url)
})async function runApp(config) {
const app = express()
// Configure rate limiting. Allow at most 1 request per IP every 60 sec.
const opts = {
points: 1, // Point budget.
duration: 60 // Reset points consumption every 60 sec.
}
const rateLimiter = new RateLimiterMemory(opts)
const rateLimiterMiddleware = (req, res, next) => {
// Rate limiting only applies to the /tokens route.
if (req.url.startsWith('/tokens')) {
rateLimiter
.consume(req.connection.remoteAddress)
.then(() => {
// Allow request and consume 1 point.
next()
})
.catch(() => {
// Not enough points. Block the request.
logger.error(`Rejecting request due to rate limiting.`)
res.status(429).send('<h2>Too Many Requests</h2>')
})
} else {
next()const initRESTApp = db => {
const app = express()
app.use(bodyParser.json())
const port = 6647
// limit request to one per minute
const rateLimiterOptions = {
points: 1,
duration: 60
}
const rateLimiter = new RateLimiterMemory(rateLimiterOptions)
// should be tightened up for security
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*')
res.header(
'Access-Control-Allow-Headers',
'Origin, X-Requested-With, Content-Type, Accept'
)
next()
})
app.all((req, res, next) => {
rateLimiter
.consume(req.connection.remoteAddress)
.then(() => {const redis = _redis.createClient(process.env.REDIS_URL)
setNetwork(process.env.NETWORK ? process.env.NETWORK : 'localhost')
// supply an endpoint for querying global registry
const app = express()
expressWs(app)
app.use(bodyParser.json())
const port = 6647
// limit request to one per minute
const rateLimiterOptions = {
points: 1,
duration: 60
}
const rateLimiter = new RateLimiterMemory(rateLimiterOptions)
// should be tightened up for security
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*')
res.header(
'Access-Control-Allow-Headers',
'Origin, X-Requested-With, Content-Type, Accept'
)
next()
})
app.all((req, res, next) => {
rateLimiter
.consume(req.connection.remoteAddress)
.then(() => {app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*')
res.header(
'Access-Control-Allow-Headers',
'Origin, X-Requested-With, Content-Type, Accept'
)
next()
})
// limit request to one per minute
const rateLimiterOptions = {
points: 1,
duration: 60
}
const rateLimiter = new RateLimiterMemory(rateLimiterOptions)
// use rate limiter on all root path methods
app.all((req, res, next) => {
rateLimiter
.consume(req.connection.remoteAddress)
.then(() => {
next()
})
.catch(() => {
res.status(429).send('<h1>Too Many Requests</h1>')
})
})
// Note: bump up default payload max size since the event-listener posts
// payload that may contain user profile with b64 encoded profile picture.
app.use(bodyParser.json({ limit: '10mb' }))*/
const rateLimiterAuthed = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter-authed',
points: 3000, // requests per
duration: 60 // seconds by IP
})
const rateLimiterWhitelisted = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter-whitelist',
points: 60000, // requests per
duration: 60 // seconds by IP
})
const rateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter',
points: +process.env.ANON_RATE_LIMIT_PER_M || 60, // requests per
duration: 60 // seconds by IP
})
const noRateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'no-rate-limiter',
points: Number.MAX_SAFE_INTEGER, // requests per
duration: 1 // seconds by IP
})
const globalRateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'global-limiter',const rateLimiterWhitelisted = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter-whitelist',
points: 60000, // requests per
duration: 60 // seconds by IP
})
const rateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter',
points: +process.env.ANON_RATE_LIMIT_PER_M || 60, // requests per
duration: 60 // seconds by IP
})
const noRateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'no-rate-limiter',
points: Number.MAX_SAFE_INTEGER, // requests per
duration: 1 // seconds by IP
})
const globalRateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'global-limiter',
points: +process.env.GLOBAL_RATE_LIMIT_PER_10S || 10000, // requests per
duration: 10 // seconds
})
const internals = {
pluginName,
redisClient,module.exports = (runtime) => {
const redisClient = (runtime.cache && runtime.cache.cache) || runtime.queue.config.client
/* access type requests/minute per IP address
------------------- ------------------------------
anonymous (browser) 60
administrator (github) 3000
server (bearer token) 60000
*/
const rateLimiterAuthed = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter-authed',
points: 3000, // requests per
duration: 60 // seconds by IP
})
const rateLimiterWhitelisted = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter-whitelist',
points: 60000, // requests per
duration: 60 // seconds by IP
})
const rateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter',const redisClient = (runtime.cache && runtime.cache.cache) || runtime.queue.config.client
/* access type requests/minute per IP address
------------------- ------------------------------
anonymous (browser) 60
administrator (github) 3000
server (bearer token) 60000
*/
const rateLimiterAuthed = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter-authed',
points: 3000, // requests per
duration: 60 // seconds by IP
})
const rateLimiterWhitelisted = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter-whitelist',
points: 60000, // requests per
duration: 60 // seconds by IP
})
const rateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'rate-limiter',
points: +process.env.ANON_RATE_LIMIT_PER_M || 60, // requests per
duration: 60 // seconds by IP
})
const noRateLimiter = new RateLimiterRedis({
redis: redisClient,
keyPrefix: 'no-rate-limiter',rate-limiter-flexible
Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM
