Created
December 29, 2017 12:43
-
-
Save adnan-i/9e4cca906f5aab7cc694069e7739b8dc to your computer and use it in GitHub Desktop.
Demonstrating rate-limiting setup for the exposed public route (HapiJS)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* This is one of the few public routes in the project. | |
* This particular route is accepting unauthenticated POST requests | |
* from a remote server. | |
* As such, this route is specifically rate-limited to 120 requests per hour | |
* in order to mitigate flooding. | |
*/ | |
server.route({ | |
method: 'POST', | |
path: `${path}/remote`, | |
config: { | |
auth: false, | |
handler: (req, reply) => ctrl.create(req, reply), | |
validate: { | |
payload: validations.payload.create, | |
options: { stripUnknown: true } | |
}, | |
plugins: { | |
// Rate-limits this route to 120 requests per hour | |
'hapi-rate-limit': { | |
userPathLimit: 120, | |
userPathCache: { | |
// Name of the cache segment to use for storing userPath rate limit info | |
segment: 'hapi-rate-limit-userPath-newCustomer', | |
// Time (in milliseconds) of period for userPathLimit | |
expiresIn: 60 * 60 * 1000 // 1 hour | |
}, | |
} | |
} | |
}, | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment