Closed HARISH-1222 closed 2 months ago
Hey @HARISH-1222, Where do you want to add Rate limit? Saved URL issue #17 is already exists
Nice, example one use can hit 900 requests/15-minutes (your suggestion).
Because in our application we need to restrict the no of request.
If any one makes a bot request. It makes a lot of cost.
1, limit network traffic to prevent users from exhausting system resources
2, Rate limiting makes will prevent from malicious actors
How do you planning to implement, could you explain? You are using any service for this or custom, which algorithm you are thinking of, etc.
Yes By using express-rate-limit we set the count in the cookie and for every request, we can get the count and able to limit it
In this way we don't need to store it in Redis are any other storage management system
This is my idea...😀
But issue with the cookie is anyone can modify the cookie from client browser, so i think it's not a good approach Either we can go through the redis but still uses another API call and use of resources.
Yes @abhijeetnishal I agree
We can go with Redis and map with an IP address and we don't need an extra API call for this
but now I read the documentation of express-rate-limit
we don't need to store it in cookies because it maps IP and number of hits per time behind the hood.
Yes @abhijeetnishal I agree
We can go with Redis and map with an IP address and we don't need an extra API call for this
but now I read the documentation of express-rate-limit
we don't need to store it in cookies because it maps IP and number of hits per time behind the hood.
I guess you get the approach now. So we are going to use redis and map the IP with the count right?
Yes,I got it :+1:
Ok then I am assigning this issue to you now.
Hi @abhijeetnishal 👋
I complete the work
By using Redis I store the IP and no of request additionally, I implement the toast in frontend to notify many requests
I worked on both frontend as well as backend, so can you change the label to level2 are 3
Thank you for your understanding
if not that's also ok😊.
Hey @HARISH-1222, we don't need frontend for this as we discussed, we will not show limit to users it's a bad experience. Rate limiting is only for backend basically needed for API or protect from Dos attack. So i think it's level1 issue.
Hey @HARISH-1222, I have changed the level as you have already done. The reason I am not trying to add is we need to run redis server also and it increases one more operation for shortening URL's which takes some time.
Ok @abhijeetnishal Thank you.
what's your plan for the Redis server?
Ok @abhijeetnishal Thank you.
what's your plan for the Redis server?
For now we can use some free Redis server which has some compute limit.
Closing this issue as completed
I like your code base and it was very nice and clean code.
I saw someone raise an issue with creating a login system and it was a good
with that, I think we need to add the Ratelimit for extra security
And what if we store the URL based on the userId with that we can get the history URL links and display it in frontend
If you like, I will be happy to contribute....😊