包详细信息

rate-limit-redis

express-rate-limit1.1mMIT4.2.1

A Redis store for the express-rate-limit middleware

自述文件

rate-limit-redis

Github Workflow Status npm version GitHub Stars npm downloads


A redis store for the express-rate-limit middleware. Also supports redict & valkey.

Installation

From the npm registry:

# Using npm
> npm install rate-limit-redis
# Using yarn or pnpm
> yarn/pnpm add rate-limit-redis

From Github Releases:

# Using npm
> npm install https://github.com/express-rate-limit/rate-limit-redis/releases/download/v{version}/rate-limit-redis.tgz
# Using yarn or pnpm
> yarn/pnpm add https://github.com/express-rate-limit/rate-limit-redis/releases/download/v{version}/rate-limit-redis.tgz

Replace {version} with the version of the package that you want to use, e.g.: 3.0.0.

Usage

Importing

This library is provided in ESM as well as CJS forms, and works with both Javascript and Typescript projects.

This package requires you to use Node 16 or above.

Import it in a CommonJS project (type: commonjs or no type field in package.json) as follows:

const { RedisStore } = require('rate-limit-redis')

Import it in a ESM project (type: module in package.json) as follows:

import { RedisStore } from 'rate-limit-redis'

Examples

To use it with a node-redis client:

import { rateLimit } from 'express-rate-limit'
import { RedisStore } from 'rate-limit-redis'
import { createClient } from 'redis'

// Create a `node-redis` client
const client = createClient({
    // ... (see https://github.com/redis/node-redis/blob/master/docs/client-configuration.md)
})
// Then connect to the Redis server
await client.connect()

// Create and use the rate limiter
const limiter = rateLimit({
    // Rate limiter configuration
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
    standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
    legacyHeaders: false, // Disable the `X-RateLimit-*` headers

    // Redis store configuration
    store: new RedisStore({
        sendCommand: (...args: string[]) => client.sendCommand(args),
    }),
})
app.use(limiter)

To use it with a ioredis client:

import { rateLimit } from 'express-rate-limit'
import { RedisStore } from 'rate-limit-redis'
import RedisClient from 'ioredis'

// Create a `ioredis` client
const client = new RedisClient()
// ... (see https://github.com/luin/ioredis#connect-to-redis)

// Create and use the rate limiter
const limiter = rateLimit({
    // Rate limiter configuration
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
    standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
    legacyHeaders: false, // Disable the `X-RateLimit-*` headers

    // Redis store configuration
    store: new RedisStore({
        sendCommand: (command: string, ...args: string[]) =>
            client.send_command(command, ...args),
    }),
})
app.use(limiter)

Configuration

sendCommand

The function used to send commands to Redis. The function signature is as follows:

;(...args: string[]) => Promise<number> | number

The raw command sending function varies from library to library; some are given below:

Library Function
node-redis async (...args: string[]) => client.sendCommand(args)
ioredis async (command: string, ...args: string[]) => client.send_command(command, ...args)
handy-redis async (...args: string[]) => client.nodeRedis.sendCommand(args)
tedis async (...args: string[]) => client.command(...args)
redis-fast-driver async (...args: string[]) => client.rawCallAsync(args)
yoredis async (...args: string[]) => (await client.callMany([args]))[0]
noderis async (...args: string[]) => client.callRedis(...args)

prefix

The text to prepend to the key in Redict/Redis.

Defaults to rl:.

resetExpiryOnChange

Whether to reset the expiry for a particular key whenever its hit count changes.

Defaults to false.

License

MIT © Wyatt Johnson, Nathan Friedly, Vedant K

更新日志

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

v4.2.1

Fixed

  • Fixed a race condition where the time window could be reset one request before the hit count is reset. (#209 & #216)

v4.2.0

Added

  • Export RedisStore as a named export.

v4.1.2

Added

v4.1.1

Fixed

  • store.get() returns 0 instead of NaN if there are no hits stored for the client.

v4.1.0

Added

  • Added the store.get() function, to retrieve the hit count and reset time for a particular client.

v4.0.0

Breaking

  • Dropped node v14 support.
  • Added support for express-rate-limit v7.

Changed

  • Use pkgroll to bundle library.
  • Bumped dependencies.

v3.1.0

Changed

  • Retry the EVALSHA command if it fails the first time.

v3.0.2

Changed

  • Added the types field to the export map in package.json.

v3.0.1

Changed

  • Updated documentation related to ioredis integration.

v3.0.0

Added

  • Added issue and PR templates.
  • The release action now publishes a GitHub release when a new tag is pushed with a built .tgz file so you can install the package from npm and GitHub.
  • [BREAKING] Added the sendCommand option to replace the client option
    • sendCommand is a function that takes the raw command as a string array and returns the numeric response from redis.
    • this makes the store compatible with all clients that have a public method to send raw commands to redis.
  • Added a changelog and a contributing guide.

Changed

  • Rewrote library and tests in Typescript.
  • Use esbuild to build both ES and CommonJS modules and use dts-bundle-generator to generate a single type declaration file.
  • Added express >= 4 and express-rate-limit >= 6 as peer dependencies.

Removed

  • [BREAKING] Removed the expiry option, as we now get that from the rate limiting middleware in the init method.
  • [BREAKING] Removed the client option, as it is now replaced by the sendCommand option
  • [BREAKING] Removed the passIfNotConnected option, as developers now need to handle connection using a client of their choice

v2.1.0

Added

  • Added the passIfNotConnected option.
    • If set to true, if the client is not connected to Redis, the store will allow the request to pass through as a failover.

Removed

  • Dropped support for Node 6.

v2.0.0

Changed

  • [BREAKING] Bumped node-redis version from 2.8.0 to 3.0.2.

v1.7.0

Added

  • Added support for passing a redis connection string instead of a client instance to the constructor.

v1.6.0

Added

  • Added example of connecting to a UDP socket to the readme.
  • Added support for returning the reset date to the rate limit middleware.

v1.5.0

Added

  • Added the resetExpiryOnChange option.
    • If set to true, the store sets the expiry time back to windowMs when incrementing/decrementing. This aligns better with how the default handler in the rate limiting middleware displays the time in the Retry-After header.

v1.4.0

Added

v1.3.0

Added

  • Added support for millisecond precision in the expiry option.

v1.1.0

Added

  • Added better support for IORedis.