ralphi - logo

ralphi

Pure Node.js simple rate limiting server to prevent bruteforce attacks

This project is maintained by yonjah

Express-ralphi

Express middleware for ralphi pure Node.js rate limiting server

npm version Build Status codecov Known Vulnerabilities License

Ralphi is a simple rate limiting server intended to prevent bruteforce attacks on logins and other sensitive assets.

For more info about Ralphi other components see ralphi

Plugin Installation

$ npm install -s ralphi-client
$ npm install -s express-ralphi

Usage

Integrate rate limiting in express

const express   = require('express');
const app       = express();
const RateLimit = require('express-ralphi');
const client    = new require('ralphi-client')();

app.use('/login', RateLimit({bucket: 'login', client}));
app.get('/login', (rec, res) => res.send('Success'));

login root will be rate limited according to the bucket settings, and rate limiting headers will be sent with the response.

Configuration Options

For convince each configuration option has a method that will create a new instance extending the exiting configuration. so it is easy to have specific route configuration -

const express   = require('express');
const app       = express();
const RateLimit = require('express-ralphi');
const client    = new require('ralphi-client')();

const baseRateLimit = RateLimit({bucket: 'login', client, errorLog: e => console.log(e)});

app.use('/login', baseRateLimit);
app.get('/login', (rec, res) => res.send('Success'));

app.use('/recover', baseRateLimit.bucket('recover'));
app.get('/recover', (rec, res) => res.send('Success'));

app.use('/api', baseRateLimit.onError((e, req, res, next) => next()).bucket('api'));
app.get('/api', (rec, res) => res.send('Success'));