A rate limiter for Adonis 4.1
For AdonisJS below version 4.1, you need install 2.0.x
To get the latest version of Adonis Throttle, simply run:
adonis install adonis-throttleOnce Adonis Throttle is installed, you need to register the service provider. Open up bootstrap/app.js and add the following to the providers key.
// start/app.js
const providers = [
...,
'adonis-throttle/providers/ThrottleProvider',
]You can register the Throttle facade in the aliases key of your bootstrap/app.js file if you like.
// start/app.js
const aliases = {
...,
Throttle: 'Adonis/Addons/Throttle'
}Enable the throttle middleware inside start/kernel.js file.
// start/kernel.js
const namedMiddleware = {
...,
throttle: 'Adonis/Middleware/Throttle'
}Use the throttle middleware to limit request for a given route.
// Default Throttle 60 request per minute
Route.post('login','Auth/LoginController.postLogin').middleware('throttle')The following example throttle request be limiting the number of login attempts for 10 requests every 120 seconds.
Route.post('login','Auth/LoginController.postLogin').middleware('throttle:10,120')Throttle 10 request per minute
Route.post('login','Auth/LoginController.postLogin').middleware('throttle:10')If the subject exceeds the maximum number of requests, it will return Too Many Attempts. with status code of 429. By default we are extending the decay of the throttle by 5 seconds, for each request the subject after he exceeds the maximum number of requests.
You can also use Throttle from inside your controllers or anywere else.
const Throttle = use('Throttle')
class TestController {
run(request,response){
const currentUser = request.auth.getCurrentUser()
// Limit for a specific user
Throttle.resource(currentUser.id,10,60)
if (!Throttle.attempt()){
return response.send('stop!')
}
response.send('secret')
}
}You can write your own cache driver by extending Adonis/Addons/Throttle/Cache
abstract base class.
For the purpose of this example, assume the contents of the file below are
located at: ./lib/drivers/memcached.
'use strict'
const Cache = use('Adonis/Addons/Throttle/Cache')
class Memcached extends Cache {
/**
* Get stored data by key.
* @param {String} key
*
* @return {Mixed}
*/
get(key) {
// implement get
}
/**
* Generate cache.
* @param {String} key
* @param {Mixed} value
* @param {Integer} milliseconds
*
* @return {TimeoutPointer}
*/
put(key, value, milliseconds) {
// implement put
}
/**
* Increment stored value by one.
* @param {String} key
*
* @return {Cache}
*/
increment(key) {
// implement increment
return this
}
/**
* Increment expiration of stored data by number of seconds.
* @param {String} key
* @param {Integer} seconds
*
* @return {Cache}
*/
incrementExpiration(key, seconds) {
// implement incrementExpiration
return this
}
/**
* Get number of seconds left until cache data is cleared.
* @param {String} key
*
* @return {Integer}
*/
secondsToExpiration(key) {
// implement secondsToExpiration
}
}Then in start/hooks.js, register your driver:
'use strict'
const { ioc } = require('@adonisjs/fold')
const { hooks } = require('@adonisjs/ignitor')
const Memcached = require('./lib/drivers/memcached')
hooks.after.providersRegistered(() => {
const ThrottleManager = use('Adonis/Addons/ThrottleManager')
ThrottleManager.extend('memcached', Memcached)
})