Support: [email protected]
Basic rate-limiting middleware for Horse. Use to limit repeated requests to public APIs and/or endpoints such as password reset.
For install in your project using boss:
$ boss install github.com/dliocode/horse-slowdown
- Dependence - Store - ClientIP - RedisClient
- Memory Store (default, built-in) - stores current in-memory in the Horse process. Does not share state with other servers or processes.
- RedisStore: Samples - Model 4
For an API-only server where the slowdown should be applied to all requests: Ex: Store Memory
uses Horse, Horse.SlowDown;
begin
THorse
.Use(THorseSlowDown.New())
.Get('/ping',
procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
begin
Res.Send('pong');
end);
THorse.Listen(9000);
end.
Create multiple instances to different routes: Identification should always be used when using multiple instances.
uses Horse, Horse.SlowDown;
begin
THorse.Get('/ping', THorseSlowDown.New('ping'),
procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
begin
Res.Send('pong');
end)
.Get('/book', THorseSlowDown.New('book'),
procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
begin
Res.Send('The book!');
end)
.Get('/login', THorseSlowDown.New('login',10,500,60),
procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
begin
Res.Send('My Login with Request Max of 10 every 60 seconds!');
end);
THorse.Listen(9000);
end.
Settings use:
uses Horse, Horse.SlowDown;
var
Config: TSlowDownConfig;
begin
Config.Id := 'ping'; // Identification
Config.DelayAfter := 10; // Delay after 60 Request
Config.DelayMs := 500; // Timeout of Delay
Config.MaxDelayMs := 20000; // MaxDelay of 20 seconds
Config.Timeout := 60; // Timeout in seconds to Reset
Config.Store := nil; // Default TMemoryStore
THorse
.Get('/ping', THorseSlowDown.New(Config),
procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
begin
Res.Send('pong');
end);
THorse.Listen(9000);
end.
Note: most stores will require additional configuration, such as custom prefixes, when using multiple instances. The default built-in memory store is an exception to this rule.
Identification should always be used when using multiple instances..
Max number of request during Timeout
before starting to delay response..
It must be a number. The default is 60
.
How long to delay the response, multiplied by (number of request - DelayAfter
).
It must be a number. The default is 1000
(1 second).
Maximum value for DelayMs
after many consecutive attempts.
Defaults to 0
(Infinity).
How long to keep records of request in memory.
Note: with non-default stores, you may need to configure this value twice, once here and once on the store. In some cases the units also differ (e.g. seconds vs miliseconds)
Defaults to 60
(1 minute).
The storage to use when persisting rate limit attempts.
By default, the MemoryStore is used.
Available data stores are:
- MemoryStore: (default) Simple in-memory option. Does not share state when app has multiple processes or servers.
- RedisStore: Samples - Model 4
You may also create your own store. It must implement the IStore to function
Usage:
To use it you must add to uses Store.Redis
with the function TRedisStore.New()
.
Ex: Store Redis
uses Horse, Horse.SlowDown, Store.Redis;
begin
THorse
.Use(THorseSlowDown.New('ping', 10, 500, 60, TRedisStore.New())) // Add TRedisStore.New()
.Get('/ping',
procedure(Req: THorseRequest; Res: THorseResponse; Next: TProc)
begin
Res.Send('pong');
end);
THorse.Listen(9000);
end.
How to configure host, port in Redis
TRedisStore.New('HOST','PORT','NAME CLIENTE')
1st Parameter - HOST - Default: 127.0.0.1
2st Parameter - PORT - Default: 6379
3st Parameter - ClientName - Default: Empty
MIT © Danilo Lucas