Skip to content

🚔 PSR-15 middleware for rate limiting web requests.

License

Notifications You must be signed in to change notification settings

nikolaposa/rate-limit-middleware

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Rate Limit Middleware

Build Status Scrutinizer Code Quality Code Coverage Latest Stable Version PDS Skeleton

PSR-15 middleware for rate limiting API or other application endpoints. Sits on top of general purpose Rate Limiter.

Installation

The preferred method of installation is via Composer. Run the following command to install the latest version of a package and add it to your project's composer.json:

composer require nikolaposa/rate-limit-middleware

Usage

Rate Limit middleware is designed to be used per route, so that you can set up a rate limiting strategies for each individual endpoint or group of endpoints. This is accomplished through a mechanism for composing middleware known as piping.

Full example

Following examples demonstrate how RateLimitMiddleware can be used in a Mezzio-based application, but the same principle applies to any middleware framework.

dependencies.php

use Laminas\Diactoros\Response\JsonResponse;
use Psr\Container\ContainerInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use RateLimit\Middleware\RateLimitMiddleware;
use RateLimit\Middleware\ResolveIpAddressAsUserIdentity;
use RateLimit\Middleware\ResolveUserIdentity;
use RateLimit\Rate;
use RateLimit\RateLimiter;
use RateLimit\RedisRateLimiter;

return [
    'dependencies' => [
        'invokables' => [
            ResolveUserIdentity::class => ResolveIpAddressAsUserIdentity::class,
        ],
        'factories'  => [
            'RateLimit\\Strategy\\Api' => function (ContainerInterface $container) {
                return new RedisRateLimiter(Rate::perSecond(5), $container->get(Redis::class), 'rate_limit:api:');
            },
            'RateLimit\\Strategy\\CreatePost' => function (ContainerInterface $container) {
                return new RedisRateLimiter(Rate::perDay(20), $container->get(Redis::class), 'rate_limit:web:post');
            },
            // default limit exceeded handler; anonymous class is used only for the sake 
            // of simplicity of the example
            'RateLimit\\LimitExceededRequestHandler' => function () {
                return new class implements RequestHandlerInterface {
                    public function handle(ServerRequestInterface $request): ResponseInterface
                    {
                        return new JsonResponse(['error' => 'Too many requests']);
                    }
                };
            },
            // rate limit middleware for different endpoints
            'RateLimit\\ApiRateLimitMiddleware' => function (ContainerInterface $container) {
                return new RateLimitMiddleware(
                   $container->get('RateLimiter\\Strategy\\Api'),
                   'api',
                   $container->get(ResolveUserIdentity::class),
                   $container->get('RateLimit\\LimitExceededRequestHandler')
               );
            },
            'RateLimit\\CreatePostRateLimitMiddleware' => function (ContainerInterface $container) {
                return new RateLimitMiddleware(
                   $container->get('RateLimiter\\Strategy\\CreatePost'),
                   'post.create',
                   $container->get(ResolveUserIdentity::class),
                   $container->get('RateLimit\\LimitExceededRequestHandler')
               );
            },
        ],
    ],
];

index.php

$app->get('/', App\Handler\HomePageHandler::class, 'home');

$app->get('/posts', [
    App\Handler\ListPostsHandler::class,
], 'post.list');
$app->post('/posts', [
    'RateLimit\\CreatePostRateLimitMiddleware',
    App\Handler\CreatePostHandler::class,
], 'post.create');
$app->put('/posts/:id', App\Handler\UpdatePostHandler::class, 'post.edit');

$app->route('/api/resource[/{id:[a-f0-9]{32}}]', [
    AuthenticationMiddleware::class,
    'RateLimit\\ApiRateLimitMiddleware',
    ApiResource::class,
], ['GET', 'POST', 'PATCH', 'DELETE'], 'api-resource');

Credits

License

Released under MIT License - see the License File for details.