Adonis Throttle
A rate limiter for Adonis 4.1
Installation
For AdonisJS below version 4.1, you need install 2.0.x
To get the latest version of Adonis Throttle, simply run
npm install adonis-throttle --save
Once Adonis Throttle is installed, you need to register the service provider. Open up bootstrap/app.js and add the following to the providers key.
// start/app.js
const providers = [
...,
'adonis-throttle/providers/ThrottleProvider',
]
You can register the Throttle facade in the aliases key of your bootstrap/app.js file if you like.
// start/app.js
const aliases = {
...,
Throttle: 'Adonis/Addons/Throttle'
}
Enable the throttle middleware inside start/kernel.js
file.
// start/kernel.js
const namedMiddleware = {
...,
throttle: 'Adonis/Middleware/Throttle'
}
Usage
Middleware
Use the throttle middleware to limit request for a given route.
// Default Throttle 60 request per minute
Route.post('login','Auth/LoginController.postLogin').middleware('throttle')
The following example throttle request be limiting the number of login attempts for 10 requests every 120 seconds.
Route.post('login','Auth/LoginController.postLogin').middleware('throttle:10,120')
Throttle 10 request per minute
Route.post('login','Auth/LoginController.postLogin').middleware('throttle:10')
If the subject exceeds the maximum number of requests, it will return Too Many Attempts. with status code of 429. By default we are extending the decay of the throttle by 5 seconds, for each request the subject after he exceeds the maximum number of requests.
Advance
You can also use Throttle from inside your controllers or anywere else.
const Throttle = use('Throttle')
class TestController {
run(request,response){
const currentUser = request.auth.getCurrentUser()
// Limit for a specific user
Throttle.resource(currentUser.id,10,60)
if (!Throttle.attempt()){
return response.send('stop!')
}
response.send('secret')
}
}