Add rate limiting #81
Comments
|
Since infrastructure is pretty custom and there are various ways you can do rate limiting (a proxy like nginx, app level, feathers service level, etc.) i don't think this should be baked into the core plugin. It should be left up to the user to do outside of the plugin in order to maintain flexibility. For example, you can add rate limiting to the auth service out side of the plugin. const limiter = require('express-rate-limit');
// Set up rate limiting the individual services with independent options.
app.use('/auth/local', limiter());
app.use('/auth/token', limiter()); |
|
Does express-rate-limit cover sockets as well? I'd assume this is exposed only to REST calls. |
|
@elfey I'm interested in collaborating on a plugin based on https://www.npmjs.com/package/fast-ratelimit unless you have something better in mind. |
|
Someone had a stab, simple hook around fast-ratelimit https://github.com/AZaviruha/feathers-hooks-ratelimit Realistically any real world rate limiting solution needs to work across servers/instances, at the edge, with the load balancers. This is where API gateways solutions are handy, with deep packet inspection and rules. AWS and co will devour everything eventually. |
It would be a good idea to have rate limiting on auth routes by default. Currently I'm using https://www.npmjs.com/package/express-rate-limit in https://github.com/feathersjs/feathers-demos.
The text was updated successfully, but these errors were encountered: