Blockend
02 blocks

Rate Limiter

Protect your APIs from abuse with a flexible, production-ready rate limiting middleware.

The Rate Limiter block protects your application from abuse by limiting how many requests a client can make within a configurable time window.

It supports multiple storage engines through a pluggable architecture, allowing you to start with an in-memory store during development and seamlessly migrate to Redis for production.


Features

  • IP-based request limiting
  • Configurable request window
  • Configurable request limit
  • Memory and Redis storage variants
  • Custom key generation
  • Standard RateLimit headers
  • Framework-native Express middleware
  • TypeScript support
  • Production-ready architecture

Installation

Choose your preferred package manager.

pnpm dlx blockend-cli add rate-limit
npx blockend-cli add rate-limit
yarn dlx blockend-cli add rate-limit
bunx blockend-cli add rate-limit

During installation Blockend will automatically detect your project configuration and ask which storage variant you'd like to install.


Installation Flow

Select Storage

Choose which implementation best fits your application.

? Which storage variant would you like?

❯ Memory
  Redis

Install Dependencies

If the selected variant requires additional packages, Blockend will install them automatically.

Example:

✔ Installing ioredis...

Generate Files

The block is generated inside your configured blocks directory.


Generated Files

Memory Variant

index.ts
store-memory.ts

Redis Variant

index.ts
store-redis.ts

Basic Usage

import { rateLimit, MemoryStore } from "@/blocks/rate-limit";

app.use(
  "/api",
  rateLimit({
    max: 100,
    windowMs: 60_000,
    store: new MemoryStore()
  })
);

Redis Example

import Redis from "ioredis";

import { rateLimit, RedisStore } from "@/blocks/rate-limit";

const redis = new Redis(process.env.REDIS_URL);

app.use(
  "/api",
  rateLimit({
    max: 100,
    windowMs: 60_000,
    store: new RedisStore(redis)
  })
);

Configuration

OptionTypeDefaultDescription
windowMsnumber60000Request window in milliseconds
maxnumber100Maximum requests allowed
messagestring | object{ error: "Too many requests..." }Response sent when the limit is exceeded
statusCodenumber429HTTP response status
standardHeadersbooleantrueSend RateLimit response headers
keyGenerator(req) => stringClient IPGenerates a unique client key
storeRateLimitStoreRequiredStorage implementation

Response Headers

When standardHeaders is enabled, the middleware automatically includes:

RateLimit-Limit: 100
RateLimit-Remaining: 94
RateLimit-Reset: 1717344000

These headers allow clients to monitor their remaining request quota.


Manual Installation

Prefer copying the source code instead of using the CLI?

Simply copy the following files into your project.

Memory

index.ts
store-memory.ts

Redis

index.ts
store-redis.ts

Storage Variants

Memory

Recommended for:

  • Development
  • Small applications
  • Single-server deployments

Pros:

  • Zero dependencies
  • Extremely fast
  • Simple setup

Redis

Recommended for:

  • Production
  • Multiple application instances
  • Load-balanced deployments

Pros:

  • Shared request counters
  • Distributed rate limiting
  • Horizontal scalability

Requires:

pnpm add ioredis

Production Recommendations

  • Use the Redis variant in production.
  • Apply stricter limits to authentication endpoints.
  • Use a custom keyGenerator for authenticated APIs.
  • Monitor rejected requests.
  • Combine with authentication and logging middleware.

On this page