Name: hapi-rate-limiter
Owner: Brave Software
Description: null
Forked from: lob/hapi-rate-limiter
Created: 2017-03-30 22:46:25.0
Updated: 2017-03-30 22:46:27.0
Pushed: 2017-03-31 00:11:25.0
Homepage: null
Size: 36
Language: JavaScript
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
A Hapi plugin that enables rate-limiting for GET, POST, and DELETE requests. This plugin can be configured with custom rates on a route-by-route basis.
t Bluebird = require('bluebird');
t Hapi = require('hapi');
t Redis = require('redis');
bird.promisifyAll(Redis.RedisClient.prototype);
bird.promisifyAll(Redis.Multi.prototype);
t Server = new Hapi.Server();
t RedisClient = Redis.createClient({
rt: '6379',
st: 'localhost'
t defaultRate = {
mit: 10,
ndow: 60
er.register([
gister: require('hapi-rate-limiter'),
tions: {
defaultRate: (request) => defaultRate,
redisClient: RedisClient,
overLimitError: (rate) => new Error(`Rate Limit Exceeded - try again in ${rate.window} seconds`)
err) => {
The first four options (defaultRate, rateLimitKey, redisClient, overLimitError)
are required for the plugin to work properly.
Rate-limiting is by default disabled on all routes, unless enabled=true
in the route plugin settings.
defaultRate
Function that accepts a Request
object and returns:
mit: # of max requests allows within window (integer)
ndow: # of seconds before count resets (integer)
This is used if there is no rate
function defined in the route plugin settings.
rateLimitKey
A function that returns a key for an given request. This can be any differentiating value in each request, such as an API Key, IP Address, etc.
redisClient
A promisified redis client.
overLimitError
A function that is called when the rate limit is exceeded. It must return an error. It is called with an object rate
that contains information about the current state of the request rate.
methods
The default list of HTTP methods that are examined. The default is:
et', 'post', 'delete' ]
You might prefer:
et', 'post', 'delete', 'put', 'patch' ]
enabled
If set to true
in the options, then all routes are subject to rate-limiting.
Settings for individual routes can be set while registering a route.
A custom limit
and window
can be registered for each route. The rate
key
accepts a Request
object and returns a rate.
t customRate = {
mit: 20,
ndow: 30
er.route([{
thod: 'POST',
th: '/custom_rate_route',
nfig: {
plugins: {
rateLimit: {
enabled: true
rate: (request) => customRate
}
},
handler: (request, reply) => {
reply({ rate: request.plugins['hapi-rate-limiter'].rate });
}
To enable rate-limiting for a route, enabled
must be true
in the route plugin settings.
rate
can also be defined in these settings to set a custom rate. If this is not defined, defaultRate
will be used.
If plugins.rateLimit
is not defined, rate-limiting is disabled for that route
(unless options.enabled
is true
when the plugin is registered).
er.route([{
thod: 'POST',
th: '/disabled_route',
nfig: {
handler: (request, reply) => {
reply({ rate: request.plugins['hapi-rate-limiter'].rate });
}
Rate-limiting information for each request is attached to the response header with the following keys:
x-rate-limit-limit:
total number of requests allowed within the window
x-rate-limit-remaining:
remaining number of requests allows within current window
x-rate-limit-reset:
time when rate-limiter will reset (UTC seconds-since-epoch)