Closed robwilkerson closed 8 years ago
It sounds like you want to create one rate limiter per parameter. If you also want these to all roll up into a single rate limiter for the endpoint you can pass a parent in as well, but that might not be necessary for what you've described.
Yep, that sounds exactly right. A limiter for identifier X, another for identifier Y, etc. I wasn't sure how the persistence aspect worked to determine, from one hit to the next, which limiter to engage. Thanks.
@robwilkerson You closed this but don't see a solution. Did you end up finding a solution?
@bgold0 you're stretching the limit of my memory at 3+ years later, but iirc the direction pointed by jhurliman got me where i needed to be.
@robwilkerson HA, just realized that. Thanks for even responding lol
I'm going to keep digging into the code to see what's possible, but in the event that someone can provide a quick answer and save me some time, it seems worth asking the question. I have an API backed by ExpressJS. For a handful of endpoints, I need to ensure that those endpoints can't be accessed more than n times per hour per identifier.
In other words, it's not that the endpoint itself can't be hit more than 3 times an hour, but rather that it can't be hit more the 3 times an hour by any given [insert parameter]. In every case, the parameter is part of the request (e.g.
req.body.identifier
).Anything jump out to say that this can't be done?