module:middleware/limiter
- Description:
Rate Limiter Middleware
Global mode
Enable via
middleware-limiter-enable = trueto dynamically check every request path, this allows to add more routes to the config without restartingmiddleware-limiter-ip,middleware-limiter-path,middleware-limiter-userconfig parameters can be configured, only matched paths are checked, so limiter protection is explicit by the config, no defaults.# Rate every IP address for /api, allow 100 req/s from each IP middleware-limiter-ip-*-/api/* = rate:100 # Rate every request for /api endpoints, allow 1000 req/s globally middleware-limiter-path-post-/api/* = rate:1000 # Rate every user for /api endpoints, allow 1 req/s for each user middleware-limiter-user-post,put-/api/* = rate:1Fixed config mode
To enable just what is in the config on start and ignore subsequent config changes
middleware-limiter-enable = fixed
- Source:
Methods
(static) configureMiddleware()
- Description:
Start global middleware if enabled
- Source:
(static) handle(context, next)
- Source:
Parameters:
| Name | Type | Description |
|---|---|---|
context |
RequestContext | |
next |
function() |
Example
const { api, middleware } = require("backendjs");
const { limiter } = middleware;
api.app.post("*", limiter)
api.app.post("/account/*", limiter)
api.app.post("/account", { ip: { rate: 100 }, path: { rate: 200 }, user: { rate: 1 }, handle: limiter.handle })