Rate Limiting

Axe API does not provide an internal rate limiter. Nevertheless, we are going to show you an example of how you can add a rate limiter to your application. It is super easy.

Basically, we are going to use the express-rate-limit (opens new window) library as an Express Middleware (opens new window).

Dependencies

You can use the following commands in the application root folder;

$ npm install --save express-rate-limit

Integration

In the app/init.js file, you can add the following middleware;

import RateLimitter from "./Middlewares/RateLimitter.js";

const onBeforeInit = async ({ app }) => {
  app.use(RateLimitter);
};

const onAfterInit = async ({ app }) => {};

export { onBeforeInit, onAfterInit };

After that, you can create the following file;

app/Middlewares/RateLimitter.js

import rateLimit from "express-rate-limit";

export default rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 1, // limit each IP to 100 requests per windowMs
});

Stores

express-rate-limit (opens new window) library supports many store providers such as Redis (opens new window), Memcached (opens new window), or Mongo (opens new window). You can use any of them easily.

In the following example, we are going to show how you can add Redis support for the rate limiter.

$ npm install --save rate-limit-redis

app/Middlewares/RateLimitter.js

import RateLimit from "express-rate-limit";
import RedisStore from "rate-limit-redis";

export default new RateLimit({
  store: new RedisStore({
    // see Configuration
  }),
  max: 100, // limit each IP to 100 requests per windowMs
  delayMs: 0, // disable delaying - full speed until the max limit is reached
});

You can review the following store libraries;

• rate-limit-redis (opens new window)
• rate-limit-memcached (opens new window)
• rate-limit-mongo (opens new window)