nikolaposa / rate-limit-middleware
PSR-15 middleware for rate limiting API or other application endpoints.
Installs: 5 257
Dependents: 0
Suggesters: 0
Security: 0
Stars: 13
Watchers: 2
Forks: 0
Open Issues: 0
Requires
- php: ^7.4 || ^8.0
- beberlei/assert: ^3.2
- nikolaposa/rate-limit: ^3.0
- psr/http-server-middleware: ^1.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^2.1
- laminas/laminas-diactoros: ^2.2
- phpstan/phpstan: ^0.12.10
- phpstan/phpstan-beberlei-assert: ^0.12.2
- phpstan/phpstan-phpunit: ^0.12.6
- phpunit/phpunit: ^8.0
Provides
This package is auto-updated.
Last update: 2024-10-29 05:59:29 UTC
README
PSR-15 middleware for rate limiting API or other application endpoints. Sits on top of general purpose Rate Limiter.
Installation
The preferred method of installation is via Composer. Run the following
command to install the latest version of a package and add it to your project's composer.json
:
composer require nikolaposa/rate-limit-middleware
Usage
Rate Limit middleware is designed to be used per route, so that you can set up a rate limiting strategies for each individual endpoint or group of endpoints. This is accomplished through a mechanism for composing middleware known as piping.
Full example
Following examples demonstrate how RateLimitMiddleware
can be used in a Mezzio-based
application, but the same principle applies to any middleware framework.
dependencies.php
use Laminas\Diactoros\Response\JsonResponse; use Psr\Container\ContainerInterface; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\RequestHandlerInterface; use RateLimit\Middleware\RateLimitMiddleware; use RateLimit\Middleware\ResolveIpAddressAsUserIdentity; use RateLimit\Middleware\ResolveUserIdentity; use RateLimit\Rate; use RateLimit\RateLimiter; use RateLimit\RedisRateLimiter; return [ 'dependencies' => [ 'invokables' => [ ResolveUserIdentity::class => ResolveIpAddressAsUserIdentity::class, ], 'factories' => [ 'RateLimit\\Strategy\\Api' => function (ContainerInterface $container) { return new RedisRateLimiter(Rate::perSecond(5), $container->get(Redis::class), 'rate_limit:api:'); }, 'RateLimit\\Strategy\\CreatePost' => function (ContainerInterface $container) { return new RedisRateLimiter(Rate::perDay(20), $container->get(Redis::class), 'rate_limit:web:post'); }, // default limit exceeded handler; anonymous class is used only for the sake // of simplicity of the example 'RateLimit\\LimitExceededRequestHandler' => function () { return new class implements RequestHandlerInterface { public function handle(ServerRequestInterface $request): ResponseInterface { return new JsonResponse(['error' => 'Too many requests']); } }; }, // rate limit middleware for different endpoints 'RateLimit\\ApiRateLimitMiddleware' => function (ContainerInterface $container) { return new RateLimitMiddleware( $container->get('RateLimiter\\Strategy\\Api'), 'api', $container->get(ResolveUserIdentity::class), $container->get('RateLimit\\LimitExceededRequestHandler') ); }, 'RateLimit\\CreatePostRateLimitMiddleware' => function (ContainerInterface $container) { return new RateLimitMiddleware( $container->get('RateLimiter\\Strategy\\CreatePost'), 'post.create', $container->get(ResolveUserIdentity::class), $container->get('RateLimit\\LimitExceededRequestHandler') ); }, ], ], ];
index.php
$app->get('/', App\Handler\HomePageHandler::class, 'home'); $app->get('/posts', [ App\Handler\ListPostsHandler::class, ], 'post.list'); $app->post('/posts', [ 'RateLimit\\CreatePostRateLimitMiddleware', App\Handler\CreatePostHandler::class, ], 'post.create'); $app->put('/posts/:id', App\Handler\UpdatePostHandler::class, 'post.edit'); $app->route('/api/resource[/{id:[a-f0-9]{32}}]', [ AuthenticationMiddleware::class, 'RateLimit\\ApiRateLimitMiddleware', ApiResource::class, ], ['GET', 'POST', 'PATCH', 'DELETE'], 'api-resource');
Credits
License
Released under MIT License - see the License File for details.