Skip to content

Instantly share code, notes, and snippets.

@animir
animir / deno-rate-limiter-flexible-example.ts
Created December 12, 2020 06:39
Tiny rate-limiter-flexible example compatible with Deno
import { serve } from "https://deno.land/std/http/server.ts";
import * as RateLimiterFlexible from "https://dev.jspm.io/rate-limiter-flexible";
const rateLimiter = new RateLimiterFlexible.default.RateLimiterMemory({
points: 2,
duration: 5,
});
const s = serve({ port: 8000 });
console.log("http://localhost:8000/");
for await (const req of s) {
@animir
animir / rate-limiter-and-tocken-bucket-benchmark.js
Last active April 8, 2020 12:38
Benchmark BurstyRateLimiter from rate-limiter-flexible and hyacinth
const {RateLimiterRedis, BurstyRateLimiter} = require('rate-limiter-flexible');
const cluster = require('cluster');
const http = require('http');
const Ioredis = require('ioredis');
const redisClient = new Ioredis({});
const TokenBucket = require('hyacinth');
const numberOfUsers = 100;
if (cluster.isMaster) {
@animir
animir / user.controller.ts
Last active March 2, 2024 08:28
Nest.js prevent brute-force against authorisation example
import { Request, Response } from 'express';
import { Body, Controller, Post, Req, Res } from '@nestjs/common';
import { UserService } from './user.service';
import * as Redis from 'ioredis';
import { RateLimiterRedis } from 'rate-limiter-flexible';
const redisClient = new Redis({enableOfflineQueue: false});
const maxWrongAttemptsByIPperDay = 100;
const maxConsecutiveFailsByUsernameAndIP = 5;
@animir
animir / brute-force-protection-by-username-and-ip-plus-username.js
Last active November 10, 2023 16:57
Node.js rate-limiter-flexible. Brute-force protection - Block source of requests by IP, Username+IP and Username.
const http = require('http');
const express = require('express');
const Redis = require('ioredis');
const { RateLimiterRedis } = require('rate-limiter-flexible');
const redisClient = new Redis({ enableOfflineQueue: false });
const maxWrongAttemptsByIPperDay = 100;
const maxConsecutiveFailsByUsernameAndIP = 10;
const maxWrongAttemptsByUsernamePerDay = 50;
@animir
animir / brute-force-protection-by-username-and-ip.js
Last active November 10, 2023 16:57
Node.js rate-limiter-flexible. Brute-force protection - Block source of requests by IP plus Username and IP.
const http = require('http');
const express = require('express');
const Redis = require('ioredis');
const { RateLimiterRedis } = require('rate-limiter-flexible');
const redisClient = new Redis({ enableOfflineQueue: false });
const maxWrongAttemptsByIPperDay = 100;
const maxConsecutiveFailsByUsernameAndIP = 10;
const limiterSlowBruteByIP = new RateLimiterRedis({
@animir
animir / brute-force-protection-by-ip.js
Last active November 10, 2023 16:57
Node.js rate-limiter-flexible. Brute-force protection - Block source of requests by IP.
const http = require('http');
const express = require('express');
const Redis = require('ioredis');
const { RateLimiterRedis } = require('rate-limiter-flexible');
const redisClient = new Redis({ enableOfflineQueue: false });
const maxWrongAttemptsByIPperMinute = 5;
const maxWrongAttemptsByIPperDay = 100;
const limiterFastBruteByIP = new RateLimiterRedis({