Package Exports
- @daveyplate/next-rate-limit
- @daveyplate/next-rate-limit/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@daveyplate/next-rate-limit) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
NextJS Rate Limiting Middleware
Uses in-memory rate limiting for both session & IP. Simple easy setup, and super basic protection from abuse. Now supports Upstash configuration for distributed rate limiting.
Installation
npm install @daveyplate/next-rate-limitUsage
Default limits are 30 requests per session within 10 seconds, and 120 requests per IP within 10 seconds.
export function rateLimit({
request,
response,
sessionLimit = 30,
ipLimit = 120,
sessionWindow = 10,
ipWindow = 10,
upstash = {
enabled: false,
url: process.env.UPSTASH_REDIS_REST_URL,
token: '',
analytics: false
}
})middleware.js
import { NextResponse, NextRequest } from 'next/server'
import { rateLimit } from '@daveyplate/next-rate-limit'
export async function middleware(request: NextRequest) {
const response = NextResponse.next()
return await rateLimit({ request, response })
}
// Apply middleware to all API routes
export const config = {
matcher: '/api/:path*'
}Upstash Configuration
To enable Upstash, you can configure it using environment variables or by passing the configuration directly.
Environment Variables
Set the following environment variables in your .env file:
UPSTASH_REDIS_REST_URL=<your_upstash_redis_rest_url>
UPSTASH_REDIS_REST_TOKEN=<your_upstash_redis_rest_token>Passing Configuration Directly
You can also pass the Upstash configuration directly when calling rateLimit:
const rateLimitResponse = await rateLimit({
request,
response,
upstash: {
enabled: true,
url: '<your_upstash_redis_rest_url>',
token: '<your_upstash_redis_rest_token>',
analytics: true
}
})