-
-
Notifications
You must be signed in to change notification settings - Fork 163
RateLimiterUnion
Roman edited this page Oct 17, 2022
·
3 revisions
Combine two or more rate limiters to act as single. The minimum number of limiters combined is one.
Note: consume method is implemented only.
Any rate limiters from this rate-limiter-flexible can be united
Useful for authorization, which must be protected from password brute force
For example, not more than once per second and only 5 points per minute
keyPrefix is necessary as resolved and rejected results depend on it
const limiter1 = new RateLimiterMemory({
keyPrefix: 'limit1',
points: 1,
duration: 1,
});
const limiter2 = new RateLimiterMemory({
keyPrefix: 'limit2',
points: 5,
duration: 60,
});
const rateLimiterUnion = new RateLimiterUnion(limiter1, limiter2);
rateLimiterUnion.consume(remoteAddress)
.then((res) => {
// Returns object with 2 RateLimiterRes objects
res['limit1'].remainingPoints;
res['limit2'].remainingPoints;
})
.catch((rej) => {
/* Returns object with RateLimiterRes objects only for rejected limiters
* For example:
* { limit1: RateLimiterRes { ... } }
*
* It may be Error if you use any limiter without insurance except Memory
* { limit2: Error }
*/
});Get started
Middlewares and plugins
Migration from other packages
Limiters:
- Redis
- Memory
- DynamoDB
- Prisma
- MongoDB (with sharding support)
- PostgreSQL
- MySQL
- BurstyRateLimiter
- Cluster
- PM2 Cluster
- Memcached
- RateLimiterUnion
- RateLimiterQueue
Wrappers:
- RLWrapperBlackAndWhite Black and White lists
Knowledge base:
- Block Strategy in memory
- Insurance Strategy
- Comparative benchmarks
- Smooth out traffic peaks
-
Usage example
- Minimal protection against password brute-force
- Login endpoint protection
- Websocket connection prevent flooding
- Dynamic block duration
- Different limits for authorized users
- Different limits for different parts of application
- Block Strategy in memory
- Insurance Strategy
- Third-party API, crawler, bot rate limiting