Koa.js 限流中间件 koa-ratelimit

最初是 TJ 2013年写的模块。可以使用redis或者内存模式。当一定的时间内请求次数超过阀值，返回429错误。

可以参考 API Rate Limiting 限速 https://javascript.net.cn/article?id=623，这个是基于IP的。在nginx做代理的情况下，还可以基于IP或者请求再次限流 https://javascript.net.cn/article?id=753

Installation 安装

# npm
$ npm install koa-ratelimit
# yarn
$ yarn add koa-ratelimit

Example 例子

With a Redis driver 使用 redis 缓存驱动

const Koa = require('koa');
const ratelimit = require('koa-ratelimit');
const Redis = require('ioredis');
const app = new Koa();

// apply rate limit
app.use(ratelimit({
  driver: 'redis',
  db: new Redis(),
  duration: 60000,
  errorMessage: 'Sometimes You Just Have to Slow Down.',
  id: (ctx) => ctx.ip,
  headers: {
    remaining: 'Rate-Limit-Remaining',
    reset: 'Rate-Limit-Reset',
    total: 'Rate-Limit-Total'
  },
  max: 100,
  disableHeader: false,
  whitelist: (ctx) => {
    // some logic that returns a boolean
  },
  blacklist: (ctx) => {
    // some logic that returns a boolean
  }
}));

// response middleware
app.use(async (ctx) => {
  ctx.body = 'Stuff!';
});

// run server
app.listen(
  3000,
  () => console.log('listening on port 3000')
);

With a memory driver 使用内存驱动

const Koa = require('koa');
const ratelimit = require('koa-ratelimit');
const app = new Koa();

// apply rate limit
const db = new Map();

app.use(ratelimit({
  driver: 'memory',
  db: db,
  duration: 60000,
  errorMessage: 'Sometimes You Just Have to Slow Down.',
  id: (ctx) => ctx.ip,
  headers: {
    remaining: 'Rate-Limit-Remaining',
    reset: 'Rate-Limit-Reset',
    total: 'Rate-Limit-Total'
  },
  max: 100,
  disableHeader: false,
  whitelist: (ctx) => {
    // some logic that returns a boolean
  },
  blacklist: (ctx) => {
    // some logic that returns a boolean
  }
}));

// response middleware
app.use(async (ctx) => {
  ctx.body = 'Stuff!';
});

// run server
app.listen(
  3000,
  () => console.log('listening on port 3000')
);

Options 设置

driver memory or redis [redis]
db redis connection instance or Map instance (memory)
duration of limit in milliseconds [3600000] 持续时间，单位毫秒
errorMessage custom error message
id id to compare requests [ip]
headers custom header names
max max requests within duration [2500] 持续时间内的最大请求数
disableHeader set whether send the remaining, reset, total headers [false]
remaining remaining number of requests ['X-RateLimit-Remaining']
reset reset timestamp ['X-RateLimit-Reset']
total total number of requests ['X-RateLimit-Limit']
whitelist if function returns true, middleware exits before limiting
blacklist if function returns true, 403 error is thrown
throw call ctx.throw if true

Responses

Example 200 with header fields:

HTTP/1.1 200 OK
X-Powered-By: koa
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 99
X-RateLimit-Reset: 1384377793
Content-Type: text/plain; charset=utf-8
Content-Length: 6
Date: Wed, 13 Nov 2013 21:22:13 GMT
Connection: keep-alive

Stuff!

Example 429 response:

HTTP/1.1 429 Too Many Requests
X-Powered-By: koa
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1384377716
Content-Type: text/plain; charset=utf-8
Content-Length: 39
Retry-After: 7
Date: Wed, 13 Nov 2013 21:21:48 GMT
Connection: keep-alive

Rate limit exceeded, retry in 8 seconds

来源：

https://github.com/koajs/ratelimit

Koa.js

修改时间 2021-12-15

声明：本站所有文章和图片，如无特殊说明，均为原创发布，转载请注明出处。