Importing the Library
This library requires node version 16 or above.
Using the Library in Express
TherateLimit
function accepts an options object and returns the rate limiting
middleware.
An example with the recommended configuration is as follows:
/auth/*
endpoints), specify the url as the first parameter in app.use
:
POST /reset_password
), add the limiter as a middle argument to
app.get
/app.post
/etc.:
If your server runs behind a proxy/load balancer, the IP address of the request
might be
undefined
, or the IP of the load balancer/reverse proxy (leading to
the rate limiter blocking all requests once the limit is reached).To fix this, take a look at the guide to
troubleshooting proxy issues.Using the library in Next.js
Although not officially supported, several individuals have been able to successfully use express-rate-limit in Next.js by defining a customkeyGenerator
to
return the user’s IP (or some other identifier). However, additional changes
changes are sometimes needed, such as
handling schema migrations with rate-limit-postgresql.
Using External Stores
A store is essentially a javascript/typescript class that allows the library to store hit counts and reset times for clients wherever you want, e.g., in an external database. To use an external store, pass an instance of the store to therateLimit
function, like so: