Basic IP rate-limiting middleware for tinyhttp. Use to limit repeated requests to public APIs and/or endpoints such as password reset.
npm install @otterhttp/rate-limit[![npm (scoped)][npm-badge]](https://npmjs.com/package/@otterhttp/rate-limit)
[![npm][dl-badge]](https://npmjs.com/package/@otterhttp/rate-limit)
Basic rate-limiting middleware for tinyhttp. Used to limit repeated requests to public APIs and/or endpoints such as password reset.
``sh`
pnpm i @otterhttp/rate-limit
`js
import { App } from '@otterhttp/app'
import { rateLimit } from '@otterhttp/rate-limit'
new App().get('limited-route', rateLimit({ max: 10, windowMs: 60 1000 / 1 minute */ }), (_, res) =>
res.send('Limited route')
)
``
| Name | Type | Default | Description |
| :------------------------- | :---------------------------------------------------------------------------: | :----------------------------------------: | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| windowMs | number | 5000 | Timeframe for which requests are checked/remembered. |
| max | number | ((req: Request, res: Response) => Promise | 5 | Max number of connections during windowMs before sending a 429 response. |
| message | string | Too many requests, please try again later. | Error message sent to user when max is exceeded. |
| statusCode | number | 429 | HTTP status code returned when max is exceeded. |
| skipFailedRequests | boolean | false | When set to true, failed requests won't be counted. |
| skipSuccessfulRequests | boolean | false | When set to true successful requests (response status < 400) won't be counted. |
| keyGenerator | (req: Request, res: Response) => string | (req) => req.ip | Function used to generate keys. |
| shouldSkip | (req: Request, res: Response) => boolean | () => false | Determine per request if it should be skipped by the middleware |
| onLimitReached | onLimitReached: (req: Request, res: Response) => void | () => {} | Function that is called the first time a user hits the rate limit within a given window. |
| store | Store | MemoryStore | By default a MemoryStore is used. Rate Limit Redis, Rate Limit Memcached and Rate Limit Mongo can be used too. |
- express-rate-limit
- node-rate-limiter
- node-rate-limiter-flexible
[npm-badge]: https://img.shields.io/npm/v/@otterhttp/rate-limit?style=flat-square
[dl-badge]: https://img.shields.io/npm/dt/@otterhttp/rate-limit?style=flat-square