version 1.0.0

Rate Limiting

• Introduction

• Basic usage

  • Set rate limit for specific routes

  • Usage in route groups

  • Usage in route resources

• Disabling rate limit

Introduction

Rate limiters ensure the fair usage of your http server by clients. It regulates the number of times a user can request your application in a given time-frame.

Basic usage

Athenna uses the @fastify/rate-limit plugin inside HttpKernel. All the configurations that @fastify/rate-limit supports can be set inside config/http.js file in the rateLimit object:

rateLimit: {
    global: true,
    max: 1000,
    ban: null,
    timeWindow: 1000 * 60,
    cache: 5000,
    allowList: [],
    continueExceeding: false,
    enableDraftSpec: false,
}

warning

We highly recommend opening the config/http.js file in rateLimit configurations to see a little documentation of all it's options.

Set rate limit for specific routes

In Athenna you can set specific options of rate limit for specific routes. You can also disable the global option of your rateLimit configuration in config/http.js and set different rules in your routes:

Route.get('/hello', 'WelcomeController.show').rateLimit({ max: 1, timeWindow: '1 minute' })

Usage in route groups

In route groups you can use the rateLimit method. This will set the same configuration for all routes inside the group:

Route.group(() => {
    Route.get('/hello', 'WelcomeController.show')
}).rateLimit({...})

warning

The rateLimit method of route groups will never subscribe the already set methods of routes. Use then to create "defaults" configurations for all routes.

Usage in route resources

In route resources you can use the rateLimit method:

// Set the same configurations for all routes of resource
Route.resource('/tests', 'WelcomeController').rateLimit({...})

// Set configuration only for that specific action of resource
Route.resource('/tests', 'WelcomeController').rateLimit('index', {...})
Route.resource('/tests', 'WelcomeController').rateLimit('store', {...})

Rate limit headers

The response will have the following headers if enableDraftSpec is true in rateLimit config or route:

Header	Description
ratelimit-limit	How many requests the client can make
ratelimit-remaining	How many requests remain to the client in the timewindow
ratelimit-reset	How many seconds must pass before the rate limit resets
retry-after	Contains the same value in time as ratelimit-reset

tip

For more information on Rate limit headers, please consult the Meta article about rate limiters.

Disabling rate limit

Rate limit plugin is registered in your http application by default, but you can remove it setting the noRateLimit as true in config/http.js file:

noRateLimit: true