Rate limiting middleware for Hono. Use to limit repeated requests to public APIs and/or endpoints such as password reset.
Warning
The keyGenerator function is currently under construction and needs to be defined for hono-rate-limiter to work properly in your environment. Please ensure that you define the keyGenerator function according to the documentation before using the library.
import { rateLimiter } from "hono-rate-limiter";
const limiter = rateLimiter({
windowMs: 15 * 60 * 1000, // 15 minutes
limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
standardHeaders: "draft-6", // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
keyGenerator: (c) => "<unique_key>", // Method to generate custom identifiers for clients.
// store: ... , // Redis, MemoryStore, etc. See below.
});
// Apply the rate limiting middleware to all requests.
app.use(limiter);hono-rate-limit supports external data stores to synchronize hit counts across multiple processes and servers.
By default, MemoryStore is used. This one does not synchronize its state across instances. It’s simple to deploy, and often sufficient for basic abuse prevention, but will be inconnsistent across reboots or in deployments with multiple process or servers.
Deployments requiring more consistently enforced rate limits should use an external store.
Here is a list of stores:
| Name | Description |
|---|---|
| MemoryStore | (default) Simple in-memory option. Does not share state when the app has multiple processes or servers. |
@hono-rate-limiter/redis |
A Redis-backed store, used with @vercel/kv and @upstash/redis |
rate-limit-redis |
A Redis-backed store, more suitable for large or demanding deployments. |
rate-limit-postresql |
A PostgreSQL-backed store. |
rate-limit-memecached |
A Memcached-backed store. |
cluster-memory-store |
A memory-store wrapper that shares state across all processes on a single server via the node:cluster module. Does not share state across multiple servers. |
precise-memory-rate-limit |
A memory store similar to the built-in one, except that it stores a distinct timestamp for each key. |
typeorm-rate-limit-store |
Supports a variety of databases via TypeORM: MySQL, MariaDB, CockroachDB, SQLite, Microsoft SQL Server, Oracle, SAP Hana, and more. |
@rlimit/storage |
A distributed rlimit store, ideal for multi-regional deployments. |
Take a look at this guide if you wish to create your own store.
We would love to have more contributors involved!
To get started, please read our Contributing Guide.
The hono-rate-limiter project is heavily inspired by express-rate-limit
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent