jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 03:16:52 -05:00
Code Issues Projects Releases Wiki Activity
Files
c1623f665146812b51dedab77a9b4c7b02e2e91f
docs/middleware/rate-limit.js
dependabot[bot] acc178e571 Bump express-rate-limit from 5.5.1 to 6.0.4 (#24046) 
* Bump express-rate-limit from 5.5.1 to 6.0.4

Bumps [express-rate-limit](https://github.com/nfriedly/express-rate-limit) from 5.5.1 to 6.0.4.
- [Release notes](https://github.com/nfriedly/express-rate-limit/releases)
- [Changelog](https://github.com/nfriedly/express-rate-limit/blob/master/changelog.md)
- [Commits](https://github.com/nfriedly/express-rate-limit/compare/v5.5.1...v6.0.4)

---
updated-dependencies:
- dependency-name: express-rate-limit
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* MemoryStore()

* better

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>
Co-authored-by: Rachael Sewell <rachmari@github.com>
Co-authored-by: Peter Bengtsson <mail@peterbe.com>
2022-01-18 20:02:59 +00:00

40 lines
1.5 KiB
JavaScript
Raw Blame History

import rateLimit from 'express-rate-limit'
import RedisStore from 'rate-limit-redis'
import createRedisClient from '../lib/redis/create-client.js'
const isProduction = process.env.NODE_ENV === 'production'
const { REDIS_URL } = process.env
const rateLimitDatabaseNumber = 0
const EXPIRES_IN_AS_SECONDS = 60
// The reason the options object is created outside like this is for the
// necessity of avoiding setting a key called `store` even if it's set
// to `undefined`.
// More context here: https://github.com/nfriedly/express-rate-limit/issues/289
const options = {
// 1 minute (or practically unlimited outside of production)
windowMs: isProduction ? EXPIRES_IN_AS_SECONDS * 1000 : 1, // Non-Redis configuration in `ms`. Used as a fallback when Redis is not working or active.
// limit each IP to X requests per windowMs
max: 250,
// Don't rate limit requests for 200s and redirects
// Or anything with a status code less than 400
skipSuccessfulRequests: true,
}
// When available, use Redis; if not, defaults to an in-memory store
if (REDIS_URL) {
options.store = new RedisStore({
client: createRedisClient({
url: REDIS_URL,
db: rateLimitDatabaseNumber,
name: 'rate-limit',
}),
// 1 minute (or practically unlimited outside of production)
expiry: isProduction ? EXPIRES_IN_AS_SECONDS : 1, // Redis configuration in `s`
// If Redis is not connected, let the request succeed as failover
passIfNotConnected: true,
})
}
export default rateLimit(options)
Reference in New Issue View Git Blame Copy Permalink