Node.jsframework~30 mins

Rate limiting in Node.js - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Rate Limiting Middleware in Node.js

📖 Scenario: You are building a simple Node.js server that needs to protect an API endpoint from too many requests in a short time. This is like a shopkeeper who limits how many customers can enter the shop at once to keep things orderly.

🎯 Goal: Create a basic rate limiting middleware that allows only a certain number of requests per user IP within a time window. This will help prevent abuse and keep the server responsive.

📋 What You'll Learn

Create an object to track request counts per IP

Set a maximum request limit and time window

Write middleware to count requests and block excess

Apply the middleware to a simple Express route

💡 Why This Matters

🌍 Real World

Rate limiting is used in real web servers to prevent abuse, protect resources, and ensure fair use by limiting how often users can make requests.

💼 Career

Understanding rate limiting is important for backend developers and DevOps engineers to build secure and reliable APIs.

Progress0 / 4 steps

Create the request tracking object

Create an empty object called requestCounts to store the number of requests per IP address.

Node.js

// Your code here

Need a hint?

Think of requestCounts as a notebook where you write down how many times each visitor has knocked on your door.

Set the rate limit configuration

Create two constants: MAX_REQUESTS set to 5 and WINDOW_MS set to 60000 (which is 60 seconds).

Node.js

const requestCounts = {}
// Your code here

Need a hint?

These constants are like the rules: only 5 knocks allowed per minute.

Write the rate limiting middleware

Write a middleware function called rateLimiter that takes req, res, and next. Inside, get the IP from req.ip. If the IP is not in requestCounts, add it with a count of 1 and set a timeout to reset it after WINDOW_MS. If it is, increment the count. If the count exceeds MAX_REQUESTS, respond with status 429 and message 'Too many requests'. Otherwise, call next().

Node.js

const requestCounts = {}
const MAX_REQUESTS = 5
const WINDOW_MS = 60000

// Your code here

Need a hint?

This function is like a gatekeeper counting knocks and deciding who can enter.

Apply the middleware to an Express route

Create an Express app using express(). Use the rateLimiter middleware on a GET route at /api/data that responds with JSON { message: 'Success' }. Export the app.

Node.js

const requestCounts = {}
const MAX_REQUESTS = 5
const WINDOW_MS = 60000

function rateLimiter(req, res, next) {
    const ip = req.ip
    if (!requestCounts[ip]) {
        requestCounts[ip] = 1
        setTimeout(() => { delete requestCounts[ip] }, WINDOW_MS)
    } else {
        requestCounts[ip]++
    }
    if (requestCounts[ip] > MAX_REQUESTS) {
        res.status(429).send('Too many requests')
    } else {
        next()
    }
}

// Your code here

Need a hint?

This step connects your gatekeeper to the door of your API.