2024-01-02
4560
#node
Philip Obosi
14373
Jan 2, 2024 β‹… 16 min read

Understanding and implementing rate limiting in Node.js

Philip Obosi Frontend engineer and data visualist πŸ‘¨πŸ»β€πŸ’» based in Lagos, Nigeria.

Recent posts:

Implementing Infinite Scroll In React Snap Carousel

Implementing infinite scroll in React with React Snap Carousel

Making carousels can be time-consuming, but it doesn’t have to be. Learn how to use React Snap Carousel to simplify the process.

David Omotayo
Dec 13, 2024 β‹… 10 min read
React Libraries For Building Forms And Surveys

React libraries for building forms and surveys

Consider using a React form library to mitigate the challenges of building and managing forms and surveys.

Hussain Arif
Dec 11, 2024 β‹… 7 min read
Hoppscotch Vs Postman: A Guide To API Testing

Hoppscotch vs. Postman: a guide to open source API testing

In this article, you’ll learn how to set up Hoppscotch and which APIs to test it with. Then we’ll discuss alternatives: OpenAPI DevTools and Postman.

Chigozie Oduah
Dec 10, 2024 β‹… 5 min read
React Native logo over red background.

Implementing camera functionality in React Native

Learn to migrate from react-native-camera to VisionCamera, manage permissions, optimize performance, and implement advanced features.

Chimezie Innocent
Dec 9, 2024 β‹… 13 min read
View all posts

10 Replies to "Understanding and implementing rate limiting in Node.js"

  1. 2 of 3 cons of fixed window counter are not fair:
    – “user’s window should start counting from the time of their first request” -> this is easy to implement.
    – “burst traffic towards the end of a window” -> it may be issue, if your service is for one customer. It is unlikely, that all your thousands users would make all requests at once.

  2. Hi,
    It looks like using app.use() would limit the rate to the whole API. How would you go about applying rate limit to only a particular POST request while letting users do unlimited GET requests?

  3. Michal,

    You can do this by applying the middleware to the POST route directly instead of `app.use`

    e.g.

    `app.post(‘/limitedRoute’, customRedisRateLimiter, (req, res, next) => {})`

  4. When the record is null in the Redis store, you create the record, store it and then go to the next middleware. Shouldn’t there be a return statement after the next() instruction to prevent the middleware from executing the rest of the code ?

  5. you should wrap “await redisClient.connect()” in if statement with condition “!redisClient.isReady” or “!redisClient.isOpen” so it doesn’t throw “Socket already opened” error.

  6. this line get time of 24 hours ago from now ‘const windowStartTimestamp = moment().subtract(WINDOW_SIZE_IN_HOURS, ‘hours’).unix();’ and the record in redis already deleted after 24 hours , so how it comes?

  7. I tested the first implementation. I noticed that requestCount is only incremented when you call a different endpoint. But I want the rate to be per request, no matter the endpoints.

Leave a Reply