koajs / ratelimit Goto Github PK
View Code? Open in Web Editor NEWRate limiter middleware
License: MIT License
Rate limiter middleware
License: MIT License
I see this error multiple times in the logs of my server. Can you tell me what could be the problem? I'm not calling the Limiter class or constructor in my code (at least not directly).
I'm using 4.2.0 version.
The rate limiter is working but sometimes I get this error on the logs.
AssertionError [ERR_ASSERTION]: .id required
at new Limiter (/home/fer/polyamory-dates-server/node_modules/koa-ratelimit/limiter/memory.js:34:3)
at ratelimit (/home/fer/polyamory-dates-server/node_modules/koa-ratelimit/index.js:74:17)
at dispatch (/home/fer/polyamory-dates-server/node_modules/koa-compose/index.js:42:32)
at cors (/home/fer/polyamory-dates-server/node_modules/@koa/cors/index.js:56:38)
at dispatch (/home/fer/polyamory-dates-server/node_modules/koa-compose/index.js:42:32)
at /home/fer/polyamory-dates-server/node_modules/koa-compose/index.js:34:12
at Application.handleRequest (/home/fer/polyamory-dates-server/node_modules/koa/lib/application.js:168:12)
at Server.handleRequest (/home/fer/polyamory-dates-server/node_modules/koa/lib/application.js:150:19)
at Server.emit (events.js:315:20)
at Server.<anonymous> (/home/fer/.nvm/versions/node/v14.16.1/lib/node_modules/pm2/node_modules/@pm2/io/src/metrics/httpMetrics.ts:181:25)
I suspect the problem is in the index.js line 40. Maybe you should replace the line with this one: id: ctx => ctx.request.ip
this project need a license file to declare copyright
In order to deal with unresponsive Redis servers we need to be able to specify a timeout value for Redis operations.
One way to do this is using the timeout
method of promises as shown here:
redis/ioredis#61 (comment)
Now, status can not be modified。Can it be used as a configuration item? like this:
ctx.status = opts.status ? opts.status : 429;
Maybe session is a better choice, because not every app uses redis. And it is more server-friendly to use session, which will reduce the server load.
The old ratelimiter
library has an ioredis
check:
var isIoRedis = Array.isArray(res[0]);
var count = parseInt(isIoRedis ? res[1][1] : res[1]);
var oldest = parseInt(isIoRedis ? res[3][1] : res[3]);
var oldestInRange = parseInt(isIoRedis ? res[4][1] : res[4]);
but async-ratelimiter
does not.
This will cause erroneous 429s to occur with the latest version of koa-ratelimit
for people using the regular redis library. Please list this as a breaking change.
microlinkhq/async-ratelimiter#22
I'm not interested into support node-redis since ioredis have all the features necessaries and the project is well maintained 🙂
instead of always using ctx.ip
ratelimiter package use only Redis, it is used as base package now.
if koa ratelimit middleware uses rate-limiter-flexible, it would get access to Memory, Cluster, MongoDB, PostgreSQL, MySQL limiters as well + plus a lot of bonuses.
app.use(ratelimit({
db: redis.createClient(),
duration: 60000,
max: 100
}));
Does this mean that each ip can send 100 requests per minute and if it tries to send more, it is blocked for 1 minute?
can we cut another release pls? the one on npm is quite outdated.
It can be handed into the middleware as an option but it is never used?
by setting up Max and duration as async function, are there any big pits?
I'm looking to add some whitelist options, I see the whitelist/blacklist properties in the source code from the PR but because there's not a definitive indication that it can be/should be used, that suggests to me that it could change in any patch version without notice.
More specifically I'm trying to use the whitelist to NOT rate limit requests that return true from the whitelist method.
Is it just a matter of adding it to the ReadMe? If so, I'm happy to open a PR.
Example trying to use:
app.use(ratelimit({
db: new Redis(),
duration: 60000,
errorMessage: 'Sometimes You Just Have to Slow Down.',
id: (ctx) => ctx.ip,
max: 100,
disableHeader: false,
whitelist: (ctx) => {
// some logic that returns a boolean
}
}));
Hello contributors,
Thank you for your work on this package.
I'm raising this to discuss the current implementation,
support
The value of the "const delta = (limit.reset * 1000) - Date.now() | 0" may be less than 0 ?
Hi. As far as I can tell, there is currently no support for setting custom header names (for X-RateLimit-Limit
, X-RateLimit-Remaining
and X-RateLimit-Reset
). Would you consider accepting a PR for it?
Thanks.
support
does it support redis (not ioredis) ?
Error
TypeError: Cannot read properties of undefined (reading '1')
Code which does not work
import { createClient } from 'redis';
app.use(
rateLimit({
driver: 'redis',
db: createClient,
duration: 1000,
errorMessage: 'You Just Have to Slow Down',
id: (c) => c.ip,
headers: {
remaining: 'Rate-Limit-Remaining',
reset: 'Rate-Limit-Reset',
total: 'Rate-Limit-Total',
},
max: 99,
disableHeader: false,
}),
);
Hi folks.
What think for this memory-only-for-now store implementation - koa-better-ratelimit with only 4 dependencies?
I know it's near between koa-limit
and koa-ratelimit
, but I think it's smaller and rationally better than koa-limit
that is totally broken for me.
There's no db
option, cuz I don't need other than in-memory.
duration
option in seconds, not in millisecondsdb
optionRetry-After
headerredis
and test dependenciesIf you want you can add to wiki page :)
it is just does not work for this simple koa app:
`const Koa = require('koa');
const ratelimit = require('koa-ratelimit');
const Promise = require('bluebird');
const redis = require('redis');
const redisOption = {};
const redisClient = redis.createClient(redisOption);
Promise.promisifyAll(redis.RedisClient.prototype);
Promise.promisifyAll(redis.Multi.prototype);
redisClient.once('ready', () => {
console.log('redis connnection ready');
});
redisClient.on('error', (err) => {
console.log('can't connect to redis', err);
process.exit(1);
});
const app = new Koa();
// apply rate limit
app.use(ratelimit({
db: redisClient,
duration: 10000,
max: 10
}));
// response middleware
app.use(async (ctx) => {
ctx.body = 'Stuff!';
});
app.listen(4000);
console.log('listening on port 4000');
`
then keep trying send request use postman, right after the duration pass the remaining time will jump to a random num, even with a negative value, e.g.
Rate limit exceeded, retry in -412 ms.
I am using NodeJs v8.11.1, Redis 3.0.0, "koa": "^2.5.1", "koa-ratelimit": "^4.1.2", "redis": "^2.8.0",
Node version: 13.0.1
koa-ratelimit version: 4.3.0
koa version: 2.11.0
Tested from localhost with alias => example.com => 127.0.0.1
For me the expected behavior would be that every 60 seconds I can only send two requests.
However, only the third request is blocking me every 60 seconds, (max + 1 request).
The same thing happens with 10, 100 ...
If i console.log db for my ip it has negative remaining values for > max
const db = new Map(); app.use( rateLimit({ driver: 'memory', db: db, duration: 60000, errorMessage: 'rate limit exceded', id: (ctx) => ctx.ip, headers: { remaining: 'Rate-Limit-Remaining', reset: 'Rate-Limit-Reset', total: 'Rate-Limit-Total' }, max: 2, disableHeader: true, whitelist: (ctx) => { }, blacklist: (ctx) => { } }) );
Is in-memory only rate limiting supported? If so, it would be great to update the readme. if not, we'd love to see it added. (Running a toy webiste on a single server and don't want the overhead of setting up redis right now).
Express-rate-limit has this[1], and it would be great if some koa middleware has this as well.
https://github.com/nfriedly/express-rate-limit/blob/master/lib/memory-store.js
$ deno run -A index.js
http://localhost:3000
TypeError: Cannot read properties of undefined (reading 'remoteAddress')
at Object.get ip (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa/2.14.1/lib/request.js:456:45)
at Object.ip (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/delegates/1.0.0/index.js:72:24)
at Object.id (file:///E:/test/deno/deno01/index.js:168:20)
at ratelimit (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa-ratelimit/5.0.1/index.js:57:21)
at dispatch (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa-compose/4.2.0/index.js:47:32)
at file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa-compose/4.2.0/index.js:39:12
at Application.handleRequest (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa/2.14.1/lib/application.js:182:12)
at ServerImpl.handleRequest (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa/2.14.1/lib/application.js:157:19)
at ServerImpl.emit (https://deno.land/[email protected]/node/_events.mjs:379:28)
at https://deno.land/[email protected]/node/http.ts:634:16
TypeError: Cannot read properties of undefined (reading 'remoteAddress')
at Object.get ip (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa/2.14.1/lib/request.js:456:45)
at Object.ip (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/delegates/1.0.0/index.js:72:24)
at Object.id (file:///E:/test/deno/deno01/index.js:168:20)
at ratelimit (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa-ratelimit/5.0.1/index.js:57:21)
at dispatch (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa-compose/4.2.0/index.js:47:32)
at file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa-compose/4.2.0/index.js:39:12
at Application.handleRequest (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa/2.14.1/lib/application.js:182:12)
at ServerImpl.handleRequest (file:///C:/Users/13697/AppData/Local/deno/npm/registry.npmjs.org/koa/2.14.1/lib/application.js:157:19)
at ServerImpl.emit (https://deno.land/[email protected]/node/_events.mjs:379:28)
at https://deno.land/[email protected]/node/http.ts:634:16
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.