Limiter
This is a middleware for Fiber that is used to limit repetitive requests to public APIs and/or endpoints (e.g., password reset). It is also useful for limiting the rate of API clients, web crawlers, or other tasks that require rate limiting.
Note: This middleware uses our Storage package to support various databases through a unified interface. The default configuration stores data in memory, and you can refer to the example below to see other databases.
Note: By default, this module does not share state with other processes/servers.
Signature
func New(config ...Config) fiber.Handler
Example
Import the middleware package as part of the Fiber web framework:
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/limiter"
)
After creating the Fiber app, you can use the following options:
// Initialize with default configuration
app.Use(limiter.New())
// Or extend with custom configuration
app.Use(limiter.New(limiter.Config{
Next: func(c *fiber.Ctx) bool {
return c.IP() == "127.0.0.1"
},
Max: 20,
Expiration: 30 * time.Second,
KeyGenerator: func(c *fiber.Ctx) string {
return c.Get("x-forwarded-for")
},
LimitReached: func(c *fiber.Ctx) error {
return c.SendFile("./toofast.html")
},
Storage: myCustomStorage{},
}))
Sliding Window
You can enable the sliding window algorithm instead of using the standard fixed window algorithm.
The example configuration is as follows:
app.Use(limiter.New(limiter.Config{
Max: 20,
Expiration: 30 * time.Second,
LimiterMiddleware: limiter.SlidingWindow{},
}))
This means that each window will take into account the previous window (if any). The formula for the given rate is:
weightOfPreviousWindow = previous window's amount of requests * (whenNewWindow / Expiration)
rate = weightOfPreviousWindow + current window's amount of requests.
Configuration
| Property | Type | Description | Default |
|---|---|---|---|
| Next | func(*fiber.Ctx) bool |
Next defines a function to skip this middleware when returning true. | nil |
| Max | int |
The maximum number of connections within Expiration seconds, returning a 429 response if exceeded. |
5 |
| KeyGenerator | func(*fiber.Ctx) string |
KeyGenerator allows you to generate custom keys, defaulting to using c.IP(). | Function using c.IP() as the default value |
| Expiration | time.Duration |
Expiration is the time to keep request records in memory. | 1 * time.Minute |
| LimitReached | fiber.Handler |
Called when the limit is reached. | Function sending a 429 response |
| SkipFailedRequests | bool |
If true, do not count requests with StatusCode >= 400. | false |
| SkipSuccessfulRequests | bool |
If true, do not count requests with StatusCode < 400. | false |
| Storage | fiber.Storage |
Store used for storing the state of the middleware. | Memory storage for the current process only |
| LimiterMiddleware | LimiterHandler |
LimiterMiddleware is the struct implementing the limiter middleware. | A new fixed window rate limiter |
| Duration (Deprecated) | time.Duration |
Deprecated: Use Expiration instead. | - |
| Store (Deprecated) | fiber.Storage |
Deprecated: Use Storage instead. | - |
| Key (Deprecated) | func(*fiber.Ctx) string |
Deprecated: Use KeyGenerator instead. | - |
Note: If custom storage implements the
Storageinterface, you can use custom storage - for more information and examples, please refer tostore.go.
Default Configuration
var ConfigDefault = Config{
Max: 5,
Expiration: 1 * time.Minute,
KeyGenerator: func(c *fiber.Ctx) string {
return c.IP()
},
LimitReached: func(c *fiber.Ctx) error {
return c.SendStatus(fiber.StatusTooManyRequests)
},
SkipFailedRequests: false,
SkipSuccessfulRequests: false,
LimiterMiddleware: FixedWindow{},
}
Custom Storage/Database
You can use any storage method in our storage package.
storage := sqlite3.New() // From github.com/gofiber/storage/sqlite3
app.Use(limiter.New(limiter.Config{
Storage: storage,
}))