Express Production Setup - 2 | Rate Limiting | DDOS

-

 Simple Rate Limiter In Memory 


index.js

    const express = require("express")
    const initRateLimiter = require("./rate-limiter")
    const app = express()

    // add for all route
// app.use(initRateLimiter);
    app.get("/", (req, res) => {
        res.send("hello")
    })
// added only for rate route
    app.get("/rate", initRateLimiter, (req, res) => {
        res.send("ok")
    })


    app.listen(3000, () => console.log("app runnning on port 3000"))

rate-limiter.js

    const { RateLimiterMemory, RateLimiterRedis } = require('rate-limiter-flexible');

    // Configure the rate limiter
    const rateLimiter = new RateLimiterMemory({
        points: 10, // Number of requests
        duration: 10, // Per second
        blockDuration: 10,
    });


    const initRateLimiter = (req, res, next) => {
        rateLimiter.consume(req.ip)
            .then(() => {
                next();
            })
            .catch(() => {
                res.status(429).send('Too Many Requests'); // 429 to many request response code
            });
    }

    module.exports = initRateLimiter;

Using radis 

    const { RateLimiterRedis } = require('rate-limiter-flexible');
    const Redis = require('ioredis');

    // Create a Redis client
    const redisClient = new Redis({
        host: '127.0.0.1', // Redis server host
        port: 6379,        // Redis server port
        password: 'your-redis-password', // If you have a password set for Redis
    });

    // Configure the rate limiter with Redis
    const rateLimiter = new RateLimiterRedis({
        storeClient: redisClient,
        points: 10, // Number of requests
        duration: 10, // Per 10 seconds
        blockDuration: 10, // Block for 10 seconds if limit is exceeded
    });

    // Middleware to apply rate limiting
    const initRateLimiter = (req, res, next) => {
        rateLimiter.consume(req.ip)
            .then(() => {
                next(); // Proceed to the next middleware/route handler
            })
            .catch((rejRes) => {
                if (rejRes.remainingPoints === 0) {
                    // User is blocked, reset their points after blockDuration
                    rateLimiter.penalty(req.ip, 1) // Add a penalty point to block immediately
                        .then(() => {
                            setTimeout(() => {
                                rateLimiter.delete(req.ip); // Reset the rate limiter for this user
                            }, rejRes.msBeforeNext); // Wait for the blocking duration to end
                        });
                }
                res.status(429).send('Too Many Requests'); // 429 Too Many Requests response code
            });
    }

    module.exports = initRateLimiter;

you can add any database using this



Comments

Post a Comment

Popular posts from this blog

Express Production Setup - 4 | HELMET

-
 Helmet helps secure Express apps by setting HTTP response headers. it will remove all header from express app like X-Powered-By : express  we can remove using  express.remove("x-powered-by"); but it's make it easy * also help  XSS attacks index.js      import express from " express ";     import helmet from " helmet ";     const app = express ();     // Use Helmet!     app . use ( helmet ());     app . get (" / ", ( req , res ) => {     res . send (" Hello world! ");     });     app . listen ( 8000 );
Read more

Express Production Setup - 3 | CORS

-
 Express Production Setup - 3 | CORS  To enable Cross-Origin Resource Sharing (CORS) in an Express.js application, you can use the cors middleware package. This middleware allows you to control which domains can access your API, what methods are allowed, and what headers can be sent in requests. index.js     const express = require (' express ');     const cors = require (' cors ');     const app = express ();     // CORS options to allow only POST requests     const corsOptions = {         origin: ' http://example.com ', // Replace with your client's origin         methods: [' POST ', " GET ", " PUT ", " PATCH ", " DELETE "],         credentials: true // allow cookies     };     // Apply CORS middleware with the above options     app . use ( cors ( corsOptions ));     // Example route     app . post (' /a...
Read more

Ensuring File Creation in the Current Directory when Converting Python (.py) Script to Executable (.exe).

-
Image
Ensuring File Creation in the Current Directory when Converting Python (.py) Script to Executable (.exe). When you create a file in Python within the current directory, everything works seamlessly. However, if you decide to convert your Python script into a standalone executable (.exe) using tools like PyInstaller, you might encounter a situation where the file is created in a temporary folder, and upon code execution completion, it mysteriously disappears. To overcome this challenge and ensure that your file appears in the current directory, consider using the following code snippet: Explanation: In the above code, we use sys.frozen to check if the script is running in a frozen (compiled into an executable) environment. This is particularly relevant when the script is converted to a standalone executable using tools like PyInstaller. When the script is running as a .py file, myPath is set to the absolute path of the script using os.path.abspath(__file__). When the script is running as...
Read more