2024-01-02
4560
#node
Philip Obosi
14373
Jan 2, 2024 β‹… 16 min read

Understanding and implementing rate limiting in Node.js

Philip Obosi Frontend engineer and data visualist πŸ‘¨πŸ»β€πŸ’» based in Lagos, Nigeria.

Recent posts:

The 10 Best React Native Component Libraries You Should Know

The 10 best React Native UI libraries of 2025

UI libraries like React Native Paper and React Native Elements offer pre-developed components that help us deliver our React Native projects faster.

Aman Mittal
Feb 21, 2025 β‹… 7 min read
top ten docker alternatives worth considering

The 10 best Docker alternatives to consider

Although Docker remains the dominant platform for containerization and container management, it’s good to know about different tools that may work better for certain use cases.

Ayooluwa Isaiah
Feb 21, 2025 β‹… 13 min read
how to use the ternary operator in javascript

How to use the ternary operator in JavaScript

Add to your JavaScript knowledge of shortcuts by mastering the ternary operator, so you can write cleaner code that your fellow developers will love.

Chizaram Ken
Feb 21, 2025 β‹… 7 min read
Using tsup To Bundle Your TypeScript Package

Using tsup to bundle your TypeScript package

Learn how to efficiently bundle your TypeScript package with tsup. This guide covers setup, custom output extensions, and best practices for optimized, production-ready builds.

Muhammed Ali
Feb 20, 2025 β‹… 7 min read
View all posts

10 Replies to "Understanding and implementing rate limiting in Node.js"

  1. 2 of 3 cons of fixed window counter are not fair:
    – “user’s window should start counting from the time of their first request” -> this is easy to implement.
    – “burst traffic towards the end of a window” -> it may be issue, if your service is for one customer. It is unlikely, that all your thousands users would make all requests at once.

  2. Hi,
    It looks like using app.use() would limit the rate to the whole API. How would you go about applying rate limit to only a particular POST request while letting users do unlimited GET requests?

  3. Michal,

    You can do this by applying the middleware to the POST route directly instead of `app.use`

    e.g.

    `app.post(‘/limitedRoute’, customRedisRateLimiter, (req, res, next) => {})`

  4. When the record is null in the Redis store, you create the record, store it and then go to the next middleware. Shouldn’t there be a return statement after the next() instruction to prevent the middleware from executing the rest of the code ?

  5. you should wrap “await redisClient.connect()” in if statement with condition “!redisClient.isReady” or “!redisClient.isOpen” so it doesn’t throw “Socket already opened” error.

  6. this line get time of 24 hours ago from now ‘const windowStartTimestamp = moment().subtract(WINDOW_SIZE_IN_HOURS, ‘hours’).unix();’ and the record in redis already deleted after 24 hours , so how it comes?

  7. I tested the first implementation. I noticed that requestCount is only incremented when you call a different endpoint. But I want the rate to be per request, no matter the endpoints.

Leave a Reply