Rate Limiter


This middleware stores ip address of a request in memory and will throw an 429 Too Many Requests error when there will be too many requests than the number set in the configuration. Based on https://github.com/jhurliman/node-rate-limiter and https://github.com/ptarjan/node-cache

Keep in mind that this built-in rate limiter is not suitable for complex production applications. It is meant to help simpler applications handle the issue of brute forcing. To correctly protect your production application against brute forcing you should use solutions that work on the infrastructure layer, not the application layer. Check out tools such as https://www.cloudflare.com/en-gb/ddos/ & https://www.fail2ban.org/wiki/index.php/Main_Page.

It will help you solve this security problem.

export type RateLimiter = {  tokensPerInterval: number;  interval: string | number;  fireImmediately?: boolean;};

To write a custom logic for this middleware follow this pattern:

nuxt.config.ts
export default defineNuxtConfig({  security: {    rateLimiter: {      tokensPerInterval: 200,      interval: "day",      fireImmediately: false,      throwError: false, // optional    }  }})

Or use routeRules for per route configuration:

nuxt.config.ts
export default defineNuxtConfig({  routeRules: {    '/my-secret-route': {      security: {        rateLimiter: {          tokensPerInterval: 200,          interval: "day",          fireImmediately: false,          throwError: false, // optional        }      }    }  }