In this rate limiter i have used the "Sliding Window" algorithm to implement this complete middleware.
Best resources to learn API Rate Limiting
While learning first time I am confused that why this limitters and how, where its use case.
I learned when a client send to many request to a specific server, Server takes action for their safety and to prevent millicious activity on their server such as DOS attack.
For this action server implements API Rate Limitter.
Let me know how it works-
While build a software there were a lot of methods, algorithms, logic tricks, shortcuts, third party modules and much more to solve a particular problem.
In case of building API Rate Limitter we have some common and most used algorithms. Such as- Sliding Window, Bucket Token, Leaking bucket, Fixed window counter etc.
While building this project I have used the Sliding Window algorithm.
Logic of Sliding Window Algorithm
- when client send req to the server, server save his ip and its timestamp when the request intercept. (using
new Date.now()); Example Object where User IP saves-
{
'192.168.1.2': {
timeStamps: [1777234234, 1771231231, 1772323555,...],
// no of request == length of the timestamp, So using the length we can find the request count by user.
},
...
}-
filter the if the timestamps older than 1000ms
-
if length of timestamps is smaller then 5 then next() function called
OR
-
its directly end the response with 429 Response Code with message To Many Requests
-
final step check if the ip has no timestamps that means no intrect with server, So it deletes the ip to prevent Memory Leak.
Have to implment for more user friendly.