middleware/limiter

module:middleware/limiter

Description:
  • Rate Limiter Middleware

    Global mode

    Enable via middleware-limiter-enable = true to dynamically check every request path, this allows to add more routes to the config without restarting

    middleware-limiter-ip, middleware-limiter-path, middleware-limiter-user config parameters can be configured, only matched paths are checked, so limiter protection is explicit by the config, no defaults.

    # Rate every IP address for /api, allow 100 req/s from each IP
    middleware-limiter-ip-*-/api/* = rate:100
    
    # Rate every request for /api endpoints, allow 1000 req/s globally
    middleware-limiter-path-post-/api/* = rate:1000
    
    # Rate every user for /api endpoints, allow 1 req/s for each user
    middleware-limiter-user-post,put-/api/* = rate:1
    

    Fixed config mode

    To enable just what is in the config on start and ignore subsequent config changes

    middleware-limiter-enable = fixed
    
Source:

Methods

(static) configureMiddleware()

Description:
  • Start global middleware if enabled

Source:

(static) handle(context, next)

Source:
Parameters:
Name Type Description
context RequestContext
next function()
Example
const { api, middleware } = require("backendjs");
const { limiter } = middleware;

api.app.post("*", limiter)

api.app.post("/account/*", limiter)

api.app.post("/account", { ip: { rate: 100 }, path: { rate: 200 }, user: { rate: 1 }, handle: limiter.handle })