-
-
Notifications
You must be signed in to change notification settings - Fork 162
Black and White lists
It wraps any limiter by additional checks if key is BlackListed or WhiteListed.
const limiter = new RateLimiterRedis({
storeClient: redisClient,
points: 1,
duration: 1,
});
const limiterWrapped = new RLWrapperBlackAndWhite({
limiter,
whiteList: ['127.0.0.1', '8.8.8.8'],
blackList: ['13.35.67.49', '13.35.68.50'],
isWhiteListed: (ip) => {
return /^36.+$/.test(ip);
},
isBlackListed: (ip) => {
return /^47.+$/.test(ip);
},
runActionAnyway: false,
});
Wrapped limiter has the same methods as any other limiter from this package.
If Key is white listed, consume
resolved no matter how many points consumed.
If Key is black listed, consume
rejected anytime. Blacklisted keys are blocked on code level not in store/memory. Think of it as of requests filter.
delete
method isn't affected by this wrapper - any key can be deleted.
All other methods resolved anytime, if Key is black listed or white listed.
If key is White Listed and Black Listed at the same time, it is White Listed.
Note: execEvenly
option doesn't work for black listed or white listed keys
-
limiter
Required
Any limiter or Union -
whiteList
Array of white keys -
blackList
Array of black keys -
isWhiteListed
Function(key) => (true || false)
It works in conjunction withwhiteList
array.Not necessary, if you have set all required keys in
whiteList
array. -
isBlackListed
Function(key) => (true || false)
It works in conjunction withblackList
array.Not necessary, if you have set all required keys in
blackList
array. -
runActionAnyway
Default: false
Wrapper doesn't run any method on limiter if key is Black or White.If it is set to
true
, it runs methods on limiter asynchronously, so limiter stores actual number of consumed points, block duration, etc. But key is blacklisted or whitelisted as usual.
Get started
Middlewares and plugins
Migration from other packages
Limiters:
- Redis
- Memory
- DynamoDB
- Prisma
- MongoDB (with sharding support)
- PostgreSQL
- MySQL
- BurstyRateLimiter
- Cluster
- PM2 Cluster
- Memcached
- RateLimiterUnion
- RateLimiterQueue
Wrappers:
- RLWrapperBlackAndWhite Black and White lists
Knowledge base:
- Block Strategy in memory
- Insurance Strategy
- Comparative benchmarks
- Smooth out traffic peaks
-
Usage example
- Minimal protection against password brute-force
- Login endpoint protection
- Websocket connection prevent flooding
- Dynamic block duration
- Different limits for authorized users
- Different limits for different parts of application
- Block Strategy in memory
- Insurance Strategy
- Third-party API, crawler, bot rate limiting