Rate Limiter
Protect your APIs from abuse with a flexible, production-ready rate limiting middleware.
The Rate Limiter block protects your application from abuse by limiting how many requests a client can make within a configurable time window.
It supports multiple storage engines through a pluggable architecture, allowing you to start with an in-memory store during development and seamlessly migrate to Redis for production.
Features
- IP-based request limiting
- Configurable request window
- Configurable request limit
- Memory and Redis storage variants
- Custom key generation
- Standard RateLimit headers
- Framework-native Express middleware
- TypeScript support
- Production-ready architecture
Installation
Choose your preferred package manager.
pnpm dlx blockend-cli add rate-limitnpx blockend-cli add rate-limityarn dlx blockend-cli add rate-limitbunx blockend-cli add rate-limitDuring installation Blockend will automatically detect your project configuration and ask which storage variant you'd like to install.
Installation Flow
Select Storage
Choose which implementation best fits your application.
? Which storage variant would you like?
❯ Memory
RedisInstall Dependencies
If the selected variant requires additional packages, Blockend will install them automatically.
Example:
✔ Installing ioredis...Generate Files
The block is generated inside your configured blocks directory.
Generated Files
Memory Variant
Redis Variant
Basic Usage
import { rateLimit, MemoryStore } from "@/blocks/rate-limit";
app.use(
"/api",
rateLimit({
max: 100,
windowMs: 60_000,
store: new MemoryStore()
})
);Redis Example
import Redis from "ioredis";
import { rateLimit, RedisStore } from "@/blocks/rate-limit";
const redis = new Redis(process.env.REDIS_URL);
app.use(
"/api",
rateLimit({
max: 100,
windowMs: 60_000,
store: new RedisStore(redis)
})
);Configuration
| Option | Type | Default | Description |
|---|---|---|---|
windowMs | number | 60000 | Request window in milliseconds |
max | number | 100 | Maximum requests allowed |
message | string | object | { error: "Too many requests..." } | Response sent when the limit is exceeded |
statusCode | number | 429 | HTTP response status |
standardHeaders | boolean | true | Send RateLimit response headers |
keyGenerator | (req) => string | Client IP | Generates a unique client key |
store | RateLimitStore | Required | Storage implementation |
Response Headers
When standardHeaders is enabled, the middleware automatically includes:
RateLimit-Limit: 100
RateLimit-Remaining: 94
RateLimit-Reset: 1717344000These headers allow clients to monitor their remaining request quota.
Manual Installation
Prefer copying the source code instead of using the CLI?
Simply copy the following files into your project.
Memory
Redis
Storage Variants
Memory
Recommended for:
- Development
- Small applications
- Single-server deployments
Pros:
- Zero dependencies
- Extremely fast
- Simple setup
Redis
Recommended for:
- Production
- Multiple application instances
- Load-balanced deployments
Pros:
- Shared request counters
- Distributed rate limiting
- Horizontal scalability
Requires:
pnpm add ioredisProduction Recommendations
- Use the Redis variant in production.
- Apply stricter limits to authentication endpoints.
- Use a custom
keyGeneratorfor authenticated APIs. - Monitor rejected requests.
- Combine with authentication and logging middleware.