javascript
Security
Rate Limiter with Sliding Window
In-memory rate limiter using a sliding window algorithm. Supports configurable limits per IP with automatic cleanup.
Apex Logic
0 copies
javascript
class SlidingWindowRateLimiter {
constructor({ windowMs = 60000, maxRequests = 100 } = {}) {
this.windowMs = windowMs;
this.maxRequests = maxRequests;
this.clients = new Map();
// Cleanup expired entries every minute
setInterval(() => this.cleanup(), 60000);
}
cleanup() {
const now = Date.now();
for (const [key, timestamps] of this.clients) {
const valid = timestamps.filter(t => now - t < this.windowMs);
if (valid.length === 0) this.clients.delete(key);
else this.clients.set(key, valid);
}
}
isAllowed(key) {
const now = Date.now();
const timestamps = this.clients.get(key) || [];
const valid = timestamps.filter(t => now - t < this.windowMs);
valid.push(now);
this.clients.set(key, valid);
return {
allowed: valid.length <= this.maxRequests,
remaining: Math.max(0, this.maxRequests - valid.length),
resetMs: valid.length > 0 ? this.windowMs - (now - valid[0]) : 0
};
}
middleware() {
return (req, res, next) => {
const key = req.ip || req.connection.remoteAddress;
const { allowed, remaining, resetMs } = this.isAllowed(key);
res.setHeader('X-RateLimit-Limit', this.maxRequests);
res.setHeader('X-RateLimit-Remaining', remaining);
if (!allowed) {
return res.status(429).json({
error: 'Too many requests',
retryAfter: Math.ceil(resetMs / 1000)
});
}
next();
};
}
}
module.exports = SlidingWindowRateLimiter;