Limiter
Limiter middleware for Fiber used to limit repeated requests to public APIs and/or endpoints such as password reset etc. Also useful for API clients, web crawling, or other tasks that need to be throttled.
Note: this module does not share state with other processes/servers by default.

Table of Contents

Signatures

1
func New(config ...Config) fiber.Handler
Copied!

Examples

Import the middleware package that is part of the Fiber web framework
1
import (
2
"github.com/gofiber/fiber/v2"
3
"github.com/gofiber/fiber/v2/middleware/limiter"
4
)
Copied!
After you initiate your Fiber app, you can use the following possibilities:
1
// Default middleware config
2
app.Use(limiter.New())
3
​
4
// Or extend your config for customization
5
app.Use(limiter.New(limiter.Config{
6
Next: func(c *fiber.Ctx) bool {
7
return c.IP() == "127.0.0.1"
8
},
9
Max: 20,
10
Expiration: 30 * time.Second,
11
KeyGenerator: func(c *fiber.Ctx) string {
12
return c.Get("x-forwarded-for")
13
},
14
LimitReached: func(c *fiber.Ctx) error {
15
return c.SendFile("./toofast.html")
16
},
17
Storage: myCustomStorage{}
18
}))
Copied!

Sliding window

Instead of using the standard fixed window algorithm, you can enable the sliding window algorithm.
A example of such configuration is:
1
app.Use(limiter.New(limiter.Config{
2
Max: 20,
3
Expiration: 30 * time.Second,
4
LimiterMiddleware: limiter.SlidingWindow{}
5
}))
Copied!
This means that every window will take into account the previous window(if there was any). The given formula for the rate is:
1
weightOfPreviousWindpw = previous window's amount request * (whenNewWindow / Expiration)
2
rate = weightOfPreviousWindpw + current window's amount request.
Copied!

Config

1
// Config defines the config for middleware.
2
type Config struct {
3
// Next defines a function to skip this middleware when returned true.
4
//
5
// Optional. Default: nil
6
Next func(c *fiber.Ctx) bool
7
​
8
// Max number of recent connections during `Duration` seconds before sending a 429 response
9
//
10
// Default: 5
11
Max int
12
​
13
// KeyGenerator allows you to generate custom keys, by default c.IP() is used
14
//
15
// Default: func(c *fiber.Ctx) string {
16
// return c.IP()
17
// }
18
KeyGenerator func(*fiber.Ctx) string
19
​
20
// Expiration is the time on how long to keep records of requests in memory
21
//
22
// Default: 1 * time.Minute
23
Expiration time.Duration
24
​
25
// LimitReached is called when a request hits the limit
26
//
27
// Default: func(c *fiber.Ctx) error {
28
// return c.SendStatus(fiber.StatusTooManyRequests)
29
// }
30
LimitReached fiber.Handler
31
​
32
// When set to true, requests with StatusCode >= 400 won't be counted.
33
//
34
// Default: false
35
SkipFailedRequests bool
36
​
37
// When set to true, requests with StatusCode < 400 won't be counted.
38
//
39
// Default: false
40
SkipSuccessfulRequests bool
41
​
42
// Store is used to store the state of the middleware
43
//
44
// Default: an in memory store for this process only
45
Storage fiber.Storage
46
​
47
// LimiterMiddleware is the struct that implements limiter middleware.
48
//
49
// Default: a new Fixed Window Rate Limiter
50
LimiterMiddleware LimiterHandler
51
}
Copied!
A custom store can be used if it implements the Storage interface - more details and an example can be found in store.go.

Default Config

1
var ConfigDefault = Config{
2
Max: 5,
3
Expiration: 1 * time.Minute,
4
KeyGenerator: func(c *fiber.Ctx) string {
5
return c.IP()
6
},
7
LimitReached: func(c *fiber.Ctx) error {
8
return c.SendStatus(fiber.StatusTooManyRequests)
9
},
10
SkipFailedRequests: false,
11
SkipSuccessfulRequests: false,
12
LimiterMiddleware: FixedWindow{},
13
}
Copied!
Last modified 30d ago