FAQ
1. How do I apply rate limiting to specific routes?
You can apply the middleware to individual routes:
app.post(
"/auth/reset-password",
expressRateLimiter({
limitOptions: () => {
return { max: 2, window: 3600 };
},
})
);
2. Can I set different rate limits for different users?
Yes, you can use dynamic rate limits based on user roles or API keys.
app.post(
"/upload",
expressRateLimiter({
limitOptions: (req) => {
if (req.user.isPremium === true) return { max: 100, window: 3600 };
else return { max: 50, window: 3600 };
},
})
);
3. Does this library support distributed rate limiting?
Yes, when using Redis as the storage backend, rate limits are shared across multiple servers.
4. How can I allow certain IPs to bypass rate limits?
You can whitelist IPs:
app.use(expressRateLimiter({
key: (req) => req.ip as string,
skip: ["ip-1", "ip-2"],
limitOptions: () => {
return { max: 5, window: 10 };
}
}));
5. What happens when a request exceeds the limit?
The middleware returns a 429 Too Many Requests
response.
6: Why does it not work with NestJS with Fastify?
Ensure that you have configured NestJS to use Fastify as the underlying HTTP Adapter and try again.