Menu
ive been exploring rate limiting for my mobile app express node.js API. What ive found so far is this solution with express-rate-limit and rate-limit-redis:
> app.use('/account/reset-password', rateLimit({ store: (new
> RedisStore({ //configs here })), windowMs: 5 * 60000, max: 12,
> delayMS: 0
>
> }));
its clean, its nice, it probably works straightfoward, BUT it is not want I want. I want to rate limit my API calls by auth token, not IP address. What would be the simplest way to do this? Im REALLY not trying to write my own solution from scratch this time (Unless thats the ONLY good option), before today I had not even heard of redis etc..
Thanks in advance guys, I hope theres a pretty straight foward answer for this.
Sorry for bad formatting, on iOS.
543
asked Oct 24 '25 19:10
You might want to look into one of the suggested alternatives - https://www.npmjs.com/package/express-limiter
The middleware options accepts a lookup value which is used to identify a user.
You can even pass a custom function to the lookup options and do your Auth Token verification there, if it's beyond simply accessing the value from the req object.
limiter({
lookup: function(req, res, opts, next) {
if (validApiKey(req.query.api_key)) {
opts.lookup = 'query.api_key'
opts.total = 100
} else {
opts.lookup = 'connection.remoteAddress'
opts.total = 10
}
return next()
}
})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
