Rate Limit
- To prevent brute force attacks, the framework comes with a rate limit function, which is disabled by default. You can configure it globally in
ndsk.config.js,
module.exports = (isPro)=>{
return {
server:{
plugins:{
ratelimit:{
userLimit:10, //The total number of requests that a user can make in each time period
userCacheExp:1000 //Cache expiration time
}
}
}
}
}
-
The above configuration means that each user is limited to 10 requests per second (all routes)
-
You can also configure it separately in the route
export const options = {
plugins:{
ratelimit:{
userPathLimit:1,
userPathCacheExp:1000,
}
}
}
export default ()=>{
return 'ratelimit'
}
-
The above means: limit the current route to only one request per user per second
-
You can also configure it like this
export const options = {
plugins:{
ratelimit:{
pathLimit:1,
pathCacheExp:1000,
}
}
}
export default ()=>{
return 'ratelimit'
}
- The above means: limit the current route to only one request every 10 seconds (all users)
Provide the following configuration parameters
-
enabledSet it tofalsein the route configuration to bypass all rate limits for this route -
userLimitThe total number of requests that can be made by each user per period, set tofalseto disable limiting the number of requests per user -
userCacheExpThe cache period used to store user rate limit informationms -
pathLimitThe total number of requests that can be made on a given path per period. Set tofalseto disable limiting the number of requests per path. -
pathCacheExpThe name of the cache segment used to store path rate limit informationms -
userPathLimitThe total number of requests that can be made on a given path per period per user. Set tofalseto disable limiting the number of requests per user per path -
userPathCacheExpis used to store the cache periodmsof userPath rate limit information -
ignorePathParamsiffalse, the limit will be applied to the route (/route/{param}: a single cache entry) instead of 2 different caches for the path/route/1or/route/2