Rate limiter by Jenny - daoneandonly/backend-a2 GitHub Wiki

What is rate-limiter?

Rate limiting is used to limit repeated requests(duh). It puts a cap on how often someone can repeat a certain action within a timeframe. For instance when you try to log in to an account several times. Rate limiting runs within an application, rather than running on the web server itself. Rate limiting is based on tracking the IP addresses that requests are coming from and tracking how much time elapses between each request. The IP address is the main way an application identifies who or what is making the request.

A rate limiting solution measures the amount of time between each request from each IP address, and also measures the number of requests within a specified timeframe. If there are too many requests from a single IP within the given timeframe, the rate limiting solution will not fulfil the IP address's requests for a certain amount of time (it gives it a timeout).

Essentially, a rate-limited application will say, "Hey, slow down," to unique users that are making requests at a rapid rate. This is comparable to a police officer who pulls over a driver for exceeding the road's speed limit, or to a parent who tells their child not to eat so much candy in such a short span of time.

I want to use the rate limiter for the login feature so that if the user fails to log in 3 times the user gets a timeout and can't log in for a certain amount of time.

What did I choose?

The rate limiter I chose for this project is Express Rate Limit. I chose this one because it is a simple rate limiter that does the job (since I won't be doing very heavy stuff). The documentation on this rate limiter is very easy for users who have never used a rate limiter before, it explains the different possibilities without it getting to heavy or complicated.

Installation and usage

You can install express rate limiter by typing in the following line into your terminal

npm install --save express-rate-limit

And of course you have to require the rate limiter

const rateLimit = require("express-rate-limit");

I want to put my limiter on the post request of the login and register so people won't be able to make a lot of requests within a certain time frame. I want my rate limiter to limit the requests to 3, and when they do more requests than that they will get a timeout of a minute. The code that I use for that is:

const limiter = rateLimit({
  windowMs: 1 * 60 * 1000, //1 min
  max: 3,
  handler: function(req, res /*, next*/) {

    res.render('pages/errors/register-rate-limit', {
      title: 'Timeout',

    })
  },

});

Resources

Cloudflare. (z.d.). Attention Required! | Cloudflare. Geraadpleegd op 28 maart 2021, van https://www.cloudflare.com/learning/bots/what-is-rate-limiting/

Friedly, N. (z.d.). Nfriedly/express-rate-limit. Geraadpleegd op 28 maart 2021, van https://github.com/nfriedly/express-rate-limit