This package counts the incoming client requests and determines whether a requesting client has reached a specified request threshold per defined timeframe
Installation:
npm i http-ratelimit
Example Usage:
consthttp=require("http");// also works with the https packageconstrateLimit=require("http-ratelimit");http.createServer((req,res)=>{rateLimit.inboundRequest(req);// this function has to run in the createServer callback, optimally at the very top of it like shown hereif(rateLimit.isRateLimited(req,20)===true){// this checks whether the request is from an IP that has already sent x amount of requests in the defined timeframe (two minutes in this example). x is specified with the second attribute.// if this part is reached, that means the requester has sent more than 20 requests in two minutes// it is best to end the request here with status code 429, like the following lines suggest:res.writeHead(429,{"Content-Type": "text/plain; utf-8"});res.end("Too many requests - max is 20 requests in two minutes");}else{// the requester has sent less than 20 requests in the defined timeframe (two minutes in this example)// do your normal stuff hereres.writeHead(200,{"Content-Type": "text/plain; utf-8"});res.end("https://data.whicdn.com/images/325197845/superthumb.jpg");}}).listen(80,null,err=>{if(!err){// server was successfully startedrateLimit.init(2,true);// HTTP-RateLimit has to be initialized before running any other function. It's best to put it right in here.// In this example, a timeframe of two minutes is chosen (first parameter) - (defaults to 1 if left undefined)// If you are using a reverse proxy, the second parameter has to be set to true - (defaults to false if left undefined)console.log("success");}else{// error while starting serverconsole.log(`Error: ${err}`);process.exit(1);}});
Function List:
rateLimit.init(timeframe: Number, usingReverseProxy: Boolean) - Initializes all variables etc. | If you are using a reverse proxy, make sure to set the second parameter to true as then the IP address has to be pulled from the "x-forwarded-for" request header
rateLimit.inboundRequest(req: http.IncomingMessage) - Adds the requestee's IP address to the list of requests per timeframe
rateLimit.isRateLimited(req: http.IncomingMessage, requestLimitPerMinute: Number) - Checks if the request's IP address occurs more than requestLimitPerMinute times in the above mentioned list and should therefore be rate limited | Returns true or false