| 1 | <h1 align="center"> <code>express-rate-limit</code> </h1>
|
| 2 |
|
| 3 | <div align="center">
|
| 4 |
|
| 5 | [](https://github.com/express-rate-limit/express-rate-limit/actions/workflows/ci.yaml)
|
| 6 | [](https://npmjs.org/package/express-rate-limit 'View this project on NPM')
|
| 7 | [](https://www.npmjs.com/package/express-rate-limit)
|
| 8 | [](license.md)
|
| 9 |
|
| 10 | </div>
|
| 11 |
|
| 12 | Basic rate-limiting middleware for [Express](http://expressjs.com/). Use to
|
| 13 | limit repeated requests to public APIs and/or endpoints such as password reset.
|
| 14 | Plays nice with
|
| 15 | [express-slow-down](https://www.npmjs.com/package/express-slow-down) and
|
| 16 | [ratelimit-header-parser](https://www.npmjs.com/package/ratelimit-header-parser).
|
| 17 |
|
| 18 | ## Usage
|
| 19 |
|
| 20 | The [full documentation](https://express-rate-limit.mintlify.app/overview) is
|
| 21 | available on-line.
|
| 22 |
|
| 23 | ```ts
|
| 24 | import { rateLimit } from 'express-rate-limit'
|
| 25 |
|
| 26 | const limiter = rateLimit({
|
| 27 | windowMs: 15 * 60 * 1000, // 15 minutes
|
| 28 | limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
|
| 29 | standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
|
| 30 | legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
|
| 31 | // store: ... , // Redis, Memcached, etc. See below.
|
| 32 | })
|
| 33 |
|
| 34 | // Apply the rate limiting middleware to all requests.
|
| 35 | app.use(limiter)
|
| 36 | ```
|
| 37 |
|
| 38 | ### Data Stores
|
| 39 |
|
| 40 | The rate limiter comes with a built-in memory store, and supports a variety of
|
| 41 | [external data stores](https://express-rate-limit.mintlify.app/reference/stores).
|
| 42 |
|
| 43 | ### Configuration
|
| 44 |
|
| 45 | All function options may be async. Click the name for additional info and
|
| 46 | default values.
|
| 47 |
|
| 48 | | Option | Type | Remarks |
|
| 49 | | -------------------------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------- |
|
| 50 | | [`windowMs`] | `number` | How long to remember requests for, in milliseconds. |
|
| 51 | | [`limit`] | `number` \| `function` | How many requests to allow. |
|
| 52 | | [`message`] | `string` \| `json` \| `function` | Response to return after limit is reached. |
|
| 53 | | [`statusCode`] | `number` | HTTP status code after limit is reached (default is 429). |
|
| 54 | | [`handler`] | `function` | Function to run after limit is reached (overrides `message` and `statusCode` settings, if set). |
|
| 55 | | [`legacyHeaders`] | `boolean` | Enable the `X-Rate-Limit` header. |
|
| 56 | | [`standardHeaders`] | `'draft-6'` \| `'draft-7'` \| `'draft-8'` | Enable the `Ratelimit` header. |
|
| 57 | | [`identifier`] | `string` \| `function` | Name associated with the quota policy enforced by this rate limiter. |
|
| 58 | | [`store`] | `Store` | Use a custom store to share hit counts across multiple nodes. |
|
| 59 | | [`passOnStoreError`] | `boolean` | Allow (`true`) or block (`false`, default) traffic if the store becomes unavailable. |
|
| 60 | | [`keyGenerator`] | `function` | Identify users (defaults to IP address). |
|
| 61 | | [`requestPropertyName`] | `string` | Add rate limit info to the `req` object. |
|
| 62 | | [`skip`] | `function` | Return `true` to bypass the limiter for the given request. |
|
| 63 | | [`skipSuccessfulRequests`] | `boolean` | Uncount 1xx/2xx/3xx responses. |
|
| 64 | | [`skipFailedRequests`] | `boolean` | Uncount 4xx/5xx responses. |
|
| 65 | | [`requestWasSuccessful`] | `function` | Used by `skipSuccessfulRequests` and `skipFailedRequests`. |
|
| 66 | | [`validate`] | `boolean` \| `object` | Enable or disable built-in validation checks. |
|
| 67 |
|
| 68 | ## Thank You
|
| 69 |
|
| 70 | Sponsored by [Zuplo](https://zuplo.link/express-rate-limit) a fully-managed API
|
| 71 | Gateway for developers. Add
|
| 72 | [dynamic rate-limiting](https://zuplo.link/dynamic-rate-limiting),
|
| 73 | authentication and more to any API in minutes. Learn more at
|
| 74 | [zuplo.com](https://zuplo.link/express-rate-limit)
|
| 75 |
|
| 76 | <p align="center">
|
| 77 | <a href="https://zuplo.link/express-rate-limit">
|
| 78 | <picture width="322">
|
| 79 | <source media="(prefers-color-scheme: dark)" srcset="https://github.com/express-rate-limit/express-rate-limit/assets/114976/cd2f6fa7-eae1-4fbb-be7d-b17df4c6f383">
|
| 80 | <img alt="zuplo-logo" src="https://github.com/express-rate-limit/express-rate-limit/assets/114976/66fd75fa-b39e-4a8c-8d7a-52369bf244dc" width="322">
|
| 81 | </picture>
|
| 82 | </a>
|
| 83 | </p>
|
| 84 |
|
| 85 | ---
|
| 86 |
|
| 87 | Thanks to Mintlify for hosting the documentation at
|
| 88 | [express-rate-limit.mintlify.app](https://express-rate-limit.mintlify.app)
|
| 89 |
|
| 90 | <p align="center">
|
| 91 | <a href="https://mintlify.com/?utm_campaign=devmark&utm_medium=readme&utm_source=express-rate-limit">
|
| 92 | <img height="75" src="https://devmark-public-assets.s3.us-west-2.amazonaws.com/sponsorships/mintlify.svg" alt="Create your docs today">
|
| 93 | </a>
|
| 94 | </p>
|
| 95 |
|
| 96 | ---
|
| 97 |
|
| 98 | Finally, thank you to everyone who's contributed to this project in any way! 🫶
|
| 99 |
|
| 100 | ## Issues and Contributing
|
| 101 |
|
| 102 | If you encounter a bug or want to see something added/changed, please go ahead
|
| 103 | and
|
| 104 | [open an issue](https://github.com/express-rate-limit/express-rate-limit/issues/new)!
|
| 105 | If you need help with something, feel free to
|
| 106 | [start a discussion](https://github.com/express-rate-limit/express-rate-limit/discussions/new)!
|
| 107 |
|
| 108 | If you wish to contribute to the library, thanks! First, please read
|
| 109 | [the contributing guide](https://express-rate-limit.mintlify.app/docs/guides/contributing.mdx).
|
| 110 | Then you can pick up any issue and fix/implement it!
|
| 111 |
|
| 112 | ## License
|
| 113 |
|
| 114 | MIT © [Nathan Friedly](http://nfriedly.com/),
|
| 115 | [Vedant K](https://github.com/gamemaker1)
|
| 116 |
|
| 117 | [`windowMs`]:
|
| 118 | https://express-rate-limit.mintlify.app/reference/configuration#windowms
|
| 119 | [`limit`]: https://express-rate-limit.mintlify.app/reference/configuration#limit
|
| 120 | [`message`]:
|
| 121 | https://express-rate-limit.mintlify.app/reference/configuration#message
|
| 122 | [`statusCode`]:
|
| 123 | https://express-rate-limit.mintlify.app/reference/configuration#statuscode
|
| 124 | [`handler`]:
|
| 125 | https://express-rate-limit.mintlify.app/reference/configuration#handler
|
| 126 | [`legacyHeaders`]:
|
| 127 | https://express-rate-limit.mintlify.app/reference/configuration#legacyheaders
|
| 128 | [`standardHeaders`]:
|
| 129 | https://express-rate-limit.mintlify.app/reference/configuration#standardheaders
|
| 130 | [`identifier`]:
|
| 131 | https://express-rate-limit.mintlify.app/reference/configuration#identifier
|
| 132 | [`store`]: https://express-rate-limit.mintlify.app/reference/configuration#store
|
| 133 | [`passOnStoreError`]:
|
| 134 | https://express-rate-limit.mintlify.app/reference/configuration#passOnStoreError
|
| 135 | [`keyGenerator`]:
|
| 136 | https://express-rate-limit.mintlify.app/reference/configuration#keygenerator
|
| 137 | [`requestPropertyName`]:
|
| 138 | https://express-rate-limit.mintlify.app/reference/configuration#requestpropertyname
|
| 139 | [`skip`]: https://express-rate-limit.mintlify.app/reference/configuration#skip
|
| 140 | [`skipSuccessfulRequests`]:
|
| 141 | https://express-rate-limit.mintlify.app/reference/configuration#skipsuccessfulrequests
|
| 142 | [`skipFailedRequests`]:
|
| 143 | https://express-rate-limit.mintlify.app/reference/configuration#skipfailedrequests
|
| 144 | [`requestWasSuccessful`]:
|
| 145 | https://express-rate-limit.mintlify.app/reference/configuration#requestwassuccessful
|
| 146 | [`validate`]:
|
| 147 | https://express-rate-limit.mintlify.app/reference/configuration#validate
|