Reflo

Redis-backed rate limiter middleware for Express applications using token bucket algorithm.

Installation

npm install reflo

Quick Start

import express from 'express';
import { rateLimiter } from 'reflo';

const app = express();

app.use(rateLimiter({
  timeWindowSeconds: 60,
  requestCount: 100,
}));

app.listen(3000);

Configuration

interface LimiterConfig {
  timeWindowSeconds: number;
  requestCount: number;
  exceptions?: Array<{ route: string; count: number }>;
  allowlist?: string[];
  blocklist?: string[];
  getIdentifier?: (req: Request) => string;
  backoffStrategy?: (overuse: number) => number;
}

Option	Type	Description
`timeWindowSeconds`	`number`	Rate limit window in seconds
`requestCount`	`number`	Maximum requests per window
`exceptions`	`Array<{route, count}>`	Per-route limit overrides
`allowlist`	`string[]`	Bypass rate limiting
`blocklist`	`string[]`	Always blocked
`getIdentifier`	`(req) => string`	User identification function
`backoffStrategy`	`(overuse) => number`	Delay calculation function

Strategies

Identifier Strategies

import { identifierStrategies } from 'reflo';

// By IP address
identifierStrategies.byIP()

// By header value
identifierStrategies.byHeader('x-api-key')

Backoff Strategies

import { backoffStrategies } from 'reflo';

backoffStrategies.none()                    // No delay
backoffStrategies.fixed(500)                // Fixed 500ms delay
backoffStrategies.linear(100, 5000)         // Linear: 100ms * overuse, max 5s
backoffStrategies.exponential(200, 10000)   // Exponential: 200ms * 2^overuse, max 10s

Advanced Usage

Per-Route Limits

app.use(rateLimiter({
  timeWindowSeconds: 60,
  requestCount: 100,
  exceptions: [
    { route: '/api/upload', count: 5 },
    { route: '/api/search', count: 500 },
  ],
}));

Allow/Block Lists

app.use(rateLimiter({
  timeWindowSeconds: 60,
  requestCount: 100,
  allowlist: ['ip:127.0.0.1', 'hdr:x-api-key:admin-key'],
  blocklist: ['ip:192.168.1.100'],
}));

Custom Strategies

const customIdentifier = (req) => `user:${req.user?.id || req.ip}`;
const customBackoff = (overuse) => Math.min(1000, 50 * Math.pow(overuse, 1.5));

app.use(rateLimiter({
  timeWindowSeconds: 60,
  requestCount: 100,
  getIdentifier: customIdentifier,
  backoffStrategy: customBackoff,
}));

Environment Variables

REDIS_URL=redis://localhost:6379
REDIS_TLS=true  # Enable TLS connection

Response Headers

X-RateLimit-Limit: Maximum requests allowed
X-RateLimit-Remaining: Requests remaining in current window

Requirements

Node.js 14+
Redis server
Express application

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
.github/workflows		.github/workflows
src		src
test		test
.gitignore		.gitignore
.releaserc.json		.releaserc.json
CHANGELOG.md		CHANGELOG.md
README.md		README.md
jest.config.cjs		jest.config.cjs
package-lock.json		package-lock.json
package.json		package.json
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Reflo

Installation

Quick Start

Configuration

Strategies

Identifier Strategies

Backoff Strategies

Advanced Usage

Per-Route Limits

Allow/Block Lists

Custom Strategies

Environment Variables

Response Headers

Requirements

License

About

Uh oh!

Releases 5

Contributors 2

Uh oh!

Languages

theanuragshukla/reflo

Folders and files

Latest commit

History

Repository files navigation

Reflo

Installation

Quick Start

Configuration

Strategies

Identifier Strategies

Backoff Strategies

Advanced Usage

Per-Route Limits

Allow/Block Lists

Custom Strategies

Environment Variables

Response Headers

Requirements

License

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases 5

Contributors 2

Uh oh!

Languages