Add rate limiter on all APIs #10 #28
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
You've made your first pull request - awesome! Let's collaborate to make this project even better
If you're fixing a bug, please refer to the issue number in the description.
If you are implementing a feature request, please check with the maintainers that the feature will be accepted first.
Mustafiz04
requested changes
Oct 22, 2024
Comment on lines
+17
to
+39
| const limiter = rateLimit({ | ||
| windowMs: 1000, // 1 second window | ||
| max: 5, // limit each IP to 5 requests per windowMs (adjust this as needed) | ||
| message: "Too many requests from this IP, please try again after a second", | ||
| headers: true, // Sends rate limit info in response headers | ||
| handler: (req, res) => { | ||
| // Custom error response | ||
| return res.status(429).json({ | ||
| error: "Rate limit exceeded", | ||
| message: | ||
| "You have exceeded the number of allowed requests. Please try again later.", | ||
| }); | ||
| }, | ||
| }); | ||
| // apply limit to all request | ||
| app.use(limiter); | ||
|
|
||
| // log the changes | ||
| // app.use((req, res, next) => { | ||
| // console.log(`[${new Date().toISOString()}] ${req.method} ${req.originalUrl}`); | ||
| // next(); | ||
| // }); | ||
|
|
There was a problem hiding this comment.
Don't do this directly.
Instead create a new RateLimiter class with multiple configurations like algorithms, rate limit and so on.
So we can apply different rate limit and algorithm on different APIs.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #10 : Add Rate Limiter on All APIs
### Objective:
Implement a rate limiter on all API endpoints to control the number of requests a client can make in a given time frame.
### Details:
Rate Limiting Library:
Utilize the express-rate-limit middleware for implementing rate limiting in the Express application.
Rate Limit Configuration:
Set a limit of 5 requests per second for each client to prevent abuse and ensure fair usage of the API.
Response for Exceeding Limit:
Configure the response behavior when the limit is exceeded:
Send a response with a message indicating the client should "Try again later" to inform users of the rate limit.
### Implementation Steps:
Screenshots
In this image, only 5 requests are sent successfully; subsequent requests receive a 429 error indicating 'Too Many Requests
This image shows the received requests in our backend, highlighting that only 5 requests are processed successfully, while subsequent requests result in a 429 error indicating 'Too Many Requests.
Testing:
Benefits:
Helps maintain API performance by preventing excessive requests from any single user.
Enhances the overall user experience by providing clear feedback when limits are exceeded.