How to use rate-limiter-flexible - 10 common examples

To help you get started, we’ve selected a few rate-limiter-flexible examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github OriginProtocol / origin / origin-faucet / src / app.js View on Github external
function runApp(config) {
  const app = express()
  const token = new Token(config)

  // Configure rate limiting. Allow at most 1 request per IP every 60 sec.
  const opts = {
    points: 1, // Point budget.
    duration: 60 // Reset points consumption every 60 sec.
  }
  const rateLimiter = new RateLimiterMemory(opts)
  const rateLimiterMiddleware = (req, res, next) => {
    // Rate limiting only applies to the /tokens route.
    if (req.url.startsWith('/tokens')) {
      rateLimiter
        .consume(req.connection.remoteAddress)
        .then(() => {
          // Allow request and consume 1 point.
          next()
        })
        .catch(() => {
          // Not enough points. Block the request.
          console.log(`Rejecting request due to rate limiting.`)
          res.status(429).send('<h2>Too Many Requests</h2>')
        })
    } else {
      next()
github maple3142 / ytdl / index.js View on Github external
const Koa = require('koa')
const koaBody = require('koa-body')
const mount = require('koa-mount')
const graphqlHTTP = require('koa-graphql')
const { RateLimiterMemory } = require('rate-limiter-flexible')
const app = new Koa()
const getVideo = require('./getvid')
const gql = require('./gql')

app.proxy = true
app.use(koaBody())

// Ratelimit, prevent someone from abusing the demo site
const limiter = new RateLimiterMemory({
	points: 10,
	duration: 3600
})
app.use(async (ctx, next) => {
	let allowed = true
	try {
		await limiter.consume(ctx.ip)
		await next()
	} catch (e) {
		ctx.status = 429
		ctx.body = 'Too Many Requests'
		allowed = false
	}
	console.log('Request IP: %s, Allowed: %s, Url: %s', ctx.ip, allowed, ctx.url)
})
github OriginProtocol / origin / infra / faucet / src / app.js View on Github external
async function runApp(config) {
  const app = express()

  // Configure rate limiting. Allow at most 1 request per IP every 60 sec.
  const opts = {
    points: 1, // Point budget.
    duration: 60 // Reset points consumption every 60 sec.
  }
  const rateLimiter = new RateLimiterMemory(opts)
  const rateLimiterMiddleware = (req, res, next) => {
    // Rate limiting only applies to the /tokens route.
    if (req.url.startsWith('/tokens')) {
      rateLimiter
        .consume(req.connection.remoteAddress)
        .then(() => {
          // Allow request and consume 1 point.
          next()
        })
        .catch(() => {
          // Not enough points. Block the request.
          logger.error(`Rejecting request due to rate limiting.`)
          res.status(429).send('<h2>Too Many Requests</h2>')
        })
    } else {
      next()
github OriginProtocol / origin / origin-messaging / src / index.js View on Github external
const initRESTApp = db => {
  const app = express()
  app.use(bodyParser.json())
  const port = 6647
  // limit request to one per minute
  const rateLimiterOptions = {
    points: 1,
    duration: 60
  }
  const rateLimiter = new RateLimiterMemory(rateLimiterOptions)

  // should be tightened up for security
  app.use((req, res, next) => {
    res.header('Access-Control-Allow-Origin', '*')
    res.header(
      'Access-Control-Allow-Headers',
      'Origin, X-Requested-With, Content-Type, Accept'
    )

    next()
  })

  app.all((req, res, next) => {
    rateLimiter
      .consume(req.connection.remoteAddress)
      .then(() => {
github OriginProtocol / origin / infra / messaging / src / index.js View on Github external
const redis = _redis.createClient(process.env.REDIS_URL)

setNetwork(process.env.NETWORK ? process.env.NETWORK : 'localhost')

// supply an endpoint for querying global registry
const app = express()
expressWs(app)
app.use(bodyParser.json())
const port = 6647
// limit request to one per minute
const rateLimiterOptions = {
  points: 1,
  duration: 60
}
const rateLimiter = new RateLimiterMemory(rateLimiterOptions)

// should be tightened up for security
app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*')
  res.header(
    'Access-Control-Allow-Headers',
    'Origin, X-Requested-With, Content-Type, Accept'
  )

  next()
})

app.all((req, res, next) => {
  rateLimiter
    .consume(req.connection.remoteAddress)
    .then(() => {
github OriginProtocol / origin / origin-notifications / src / app.js View on Github external
app.use((req, res, next) => {
  res.header('Access-Control-Allow-Origin', '*')
  res.header(
    'Access-Control-Allow-Headers',
    'Origin, X-Requested-With, Content-Type, Accept'
  )

  next()
})

// limit request to one per minute
const rateLimiterOptions = {
  points: 1,
  duration: 60
}
const rateLimiter = new RateLimiterMemory(rateLimiterOptions)
// use rate limiter on all root path methods
app.all((req, res, next) => {
  rateLimiter
    .consume(req.connection.remoteAddress)
    .then(() => {
      next()
    })
    .catch(() => {
      res.status(429).send('<h1>Too Many Requests</h1>')
    })
})

// Note: bump up default payload max size since the event-listener posts
// payload that may contain user profile with b64 encoded profile picture.
app.use(bodyParser.json({ limit: '10mb' }))
github brave-intl / bat-ledger / bat-utils / lib / hapi-rate-limiter.js View on Github external
*/
  const rateLimiterAuthed = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter-authed',
    points: 3000, // requests per
    duration: 60 // seconds by IP
  })

  const rateLimiterWhitelisted = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter-whitelist',
    points: 60000, // requests per
    duration: 60 // seconds by IP
  })

  const rateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter',
    points: +process.env.ANON_RATE_LIMIT_PER_M || 60, // requests per
    duration: 60 // seconds by IP
  })

  const noRateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'no-rate-limiter',
    points: Number.MAX_SAFE_INTEGER, // requests per
    duration: 1 // seconds by IP
  })

  const globalRateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'global-limiter',
github brave-intl / bat-ledger / bat-utils / lib / hapi-rate-limiter.js View on Github external
const rateLimiterWhitelisted = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter-whitelist',
    points: 60000, // requests per
    duration: 60 // seconds by IP
  })

  const rateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter',
    points: +process.env.ANON_RATE_LIMIT_PER_M || 60, // requests per
    duration: 60 // seconds by IP
  })

  const noRateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'no-rate-limiter',
    points: Number.MAX_SAFE_INTEGER, // requests per
    duration: 1 // seconds by IP
  })

  const globalRateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'global-limiter',
    points: +process.env.GLOBAL_RATE_LIMIT_PER_10S || 10000, // requests per
    duration: 10 // seconds
  })

  const internals = {
    pluginName,
    redisClient,
github brave-intl / bat-ledger / bat-utils / lib / hapi-rate-limiter.js View on Github external
module.exports = (runtime) => {
  const redisClient = (runtime.cache && runtime.cache.cache) || runtime.queue.config.client

  /*  access type            requests/minute per IP address
    -------------------    ------------------------------
    anonymous (browser)       60
    administrator (github)  3000
    server (bearer token)  60000
  */
  const rateLimiterAuthed = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter-authed',
    points: 3000, // requests per
    duration: 60 // seconds by IP
  })

  const rateLimiterWhitelisted = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter-whitelist',
    points: 60000, // requests per
    duration: 60 // seconds by IP
  })

  const rateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter',
github brave-intl / bat-ledger / bat-utils / lib / hapi-rate-limiter.js View on Github external
const redisClient = (runtime.cache && runtime.cache.cache) || runtime.queue.config.client

  /*  access type            requests/minute per IP address
    -------------------    ------------------------------
    anonymous (browser)       60
    administrator (github)  3000
    server (bearer token)  60000
  */
  const rateLimiterAuthed = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter-authed',
    points: 3000, // requests per
    duration: 60 // seconds by IP
  })

  const rateLimiterWhitelisted = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter-whitelist',
    points: 60000, // requests per
    duration: 60 // seconds by IP
  })

  const rateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'rate-limiter',
    points: +process.env.ANON_RATE_LIMIT_PER_M || 60, // requests per
    duration: 60 // seconds by IP
  })

  const noRateLimiter = new RateLimiterRedis({
    redis: redisClient,
    keyPrefix: 'no-rate-limiter',

rate-limiter-flexible

Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM

ISC
Latest version published 1 month ago

Package Health Score

85 / 100
Full package analysis