Basic Rate Limiting
π¨βπΌ Let's get started with some basic rate limiting using
express-rate-limit
. Here's a quick primer
on its API:import { rateLimit } from 'express-rate-limit'
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
standardHeaders: true, // Use standard draft-6 headers of `RateLimit-Policy` `RateLimit-Limit`, and `RateLimit-Remaining`
legacyHeaders: false, // Disable the `X-RateLimit-*` headers
// store: ... , // Use an external store for more precise rate limiting
})
// Apply the rate limiting middleware to all requests
app.use(limiter)
For our app, we're ok not using an external store to manage the rate limiting,
but that's something you may consider looking into depending on your scale.
Oh, and you're going to want to think about our testing environment... We want
to keep the middleware in play, but we just want to increase the limits to
account for the fact that a robot is actually submitting things faster than
humans will be expected to π