-
-
Notifications
You must be signed in to change notification settings - Fork 163
API methods
Note, limiter doesn't store any data for key, until you call consume
, set
, penalty
, reward
or any other method supposed to change amount of points.
Points can be consumed by IP address, user ID, authorisation token, API route or any other string.
Returns Promise, which:
-
resolved with
RateLimiterRes
when point(s) is consumed, so action can be done -
rejected only for store and database limiters if
insuranceLimiter
isn't setup: when some error happened, where reject reasonrejRes
is Error object -
rejected only for RateLimiterCluster if
insuranceLimiter
isn't setup: whentimeoutMs
exceeded, where reject reasonrejRes
is Error object -
rejected when there is no points to be consumed, where reject reason
rejRes
isRateLimiterRes
object -
rejected when key is blocked (if block strategy is set up), where reject reason
rejRes
isRateLimiterRes
object
Alternatively, penalty method can be used to withdraw points. It doesn't throw exceptions when there are not enough points, but resolves with RateLimiterRes
instead.
Arguments:
-
key
is usually IP address or some unique string -
points
integer number of points consumed.default: 1
-
options
is object with additional settings:-
customDuration
set customduration
for specifickey
.customDuration
works only for new consume calls in the time window. It can not overwrite already existing keys. If limiter's duration is 5 seconds and keyuser1
had a call in the beginning of time window withoutcustomDuration
the second consume call won't overwrite it until keyuser1
expires in 5 seconds.
-
Get RateLimiterRes
in current duration. It always returns RateLimiterRes.isFirstInDuration=false
.
Returns Promise, which:
-
resolved with
RateLimiterRes
if key is set -
resolved with
null
if key is NOT set or expired -
rejected only for database limiters if
insuranceLimiter
isn't setup: when some error happened, where reject reasonrejRes
is Error object -
rejected only for RateLimiterCluster if
insuranceLimiter
isn't setup: whentimeoutMs
exceeded, where reject reasonrejRes
is Error object
Arguments:
-
key
is usually IP address or some unique string
Set the integer number of consumed points by key
for secDuration
seconds.
Store it forever, if secDuration
is 0.
Returns Promise, which:
-
resolved with
RateLimiterRes
-
rejected only for database limiters if
insuranceLimiter
isn't setup: when some error happened, where reject reasonrejRes
is Error object -
rejected only for RateLimiterCluster if
insuranceLimiter
isn't setup: whentimeoutMs
exceeded, where reject reasonrejRes
is Error object
Fine key
by points
integer number of points for one duration.
Note: Depending on time penalty may go to next durations
Returns Promise, which:
-
resolved with
RateLimiterRes
-
rejected only for database limiters if
insuranceLimiter
isn't setup: when some error happened, where reject reasonrejRes
is Error object -
rejected only for RateLimiterCluster if
insuranceLimiter
isn't setup: whentimeoutMs
exceeded, where reject reasonrejRes
is Error object
Reward key
by points
integer number of points for one duration.
Note: Depending on time reward may go to next durations
Returns Promise, which:
-
resolved with
RateLimiterRes
-
rejected only for database limiters if
insuranceLimiter
isn't setup: when some error happened, where reject reasonrejRes
is Error object -
rejected only for RateLimiterCluster if
insuranceLimiter
isn't setup: whentimeoutMs
exceeded, where reject reasonrejRes
is Error object
Block key
by setting consumed points to points + 1
for secDuration
seconds.
It force updates expire, if there is already key
.
Blocked key never expires, if secDuration
is 0. Note, that calling consume
function for the blocked key
overwrites duration, so it will expire.
Returns Promise, which:
-
resolved with
RateLimiterRes
-
rejected only for database limiters if
insuranceLimiter
isn't setup: when some error happened, where reject reasonrejRes
is Error object -
rejected only for RateLimiterCluster if
insuranceLimiter
isn't setup: whentimeoutMs
exceeded, where reject reasonrejRes
is Error object
Delete all data related to key
.
For example, previously blocked key is not blocked after delete as there is no data anymore.
Returns Promise, which:
-
resolved with
boolean
,true
if data is removed by key,false
if there is no such key. -
rejected only for database limiters if
insuranceLimiter
isn't setup: when some error happened, where reject reasonrejRes
is Error object -
rejected only for RateLimiterCluster if
insuranceLimiter
isn't setup: whentimeoutMs
exceeded, where reject reasonrejRes
is Error object
Delete all in memory blocked keys. A key may be blocked in memory to avoid extra requests to a store. See in memory block options here
Returns internal key prefixed with keyPrefix
option as it is saved in store.
Get started
Middlewares and plugins
Migration from other packages
Limiters:
- Redis
- Memory
- DynamoDB
- Prisma
- MongoDB (with sharding support)
- PostgreSQL
- MySQL
- BurstyRateLimiter
- Cluster
- PM2 Cluster
- Memcached
- RateLimiterUnion
- RateLimiterQueue
Wrappers:
- RLWrapperBlackAndWhite Black and White lists
Knowledge base:
- Block Strategy in memory
- Insurance Strategy
- Comparative benchmarks
- Smooth out traffic peaks
-
Usage example
- Minimal protection against password brute-force
- Login endpoint protection
- Websocket connection prevent flooding
- Dynamic block duration
- Different limits for authorized users
- Different limits for different parts of application
- Block Strategy in memory
- Insurance Strategy
- Third-party API, crawler, bot rate limiting