@tinyhttp/rate-limit
Basic rate-limiting middleware for tinyhttp. Used to limit repeated requests to public APIs and/or endpoints such as password reset.
Install
pnpm i @tinyhttp/rate-limit
Usage
import { App } from '@tinyhttp/app'
import { rateLimit } from '@tinyhttp/rate-limit'
new App().get('limited-route', rateLimit({ max: 10, windowMs: 60 * 1000 /* 1 minute */ }), (_, res) =>
res.send('Limited route')
)
Options
| Name | Type | Default | Description |
|---|---|---|---|
| windowMs | number |
5000 | Timeframe for which requests are checked/remembered. |
| max | number | ((req: Request, res: Response) => Promise |
5 | Max number of connections during windowMs before sending a 429 response. |
| message | string |
Too many requests, please try again later. | Error message sent to user when max is exceeded. |
| statusCode | number |
429 | HTTP status code returned when max is exceeded. |
| skipFailedRequests | boolean |
false | When set to true, failed requests won't be counted. |
| skipSuccessfulRequests | boolean |
false | When set to true successful requests (response status < 400) won't be counted. |
| keyGenerator | (req: Request, res: Response) => string |
(req) => req.ip | Function used to generate keys. |
| shouldSkip | (req: Request, res: Response) => boolean |
() => false | Determine per request if it should be skipped by the middleware |
| onLimitReached | onLimitReached: (req: Request, res: Response) => void |
() => {} | Function that is called the first time a user hits the rate limit within a given window. |
| store | Store |
MemoryStore | By default a MemoryStore is used. Rate Limit Redis, Rate Limit Memcached and Rate Limit Mongo can be used too. |
pnpm i @tinyhttp/rate-limit