Use Redis Store for rate limiting when available (#16484)

heiskr · web-flow · commit 4d2e25b42919 · 2020-11-16T15:55:07.000-08:00
diff --git a/middleware/rate-limit.js b/middleware/rate-limit.js
@@ -1,13 +1,17 @@
 const rateLimit = require('express-rate-limit')
+const RedisStore = require('rate-limit-redis')
 
 const isProduction = process.env.NODE_ENV === 'production'
+const REDIS_URL = process.env.REDIS_URL
 
 module.exports = rateLimit({
   // 1 minute (or practically unlimited outside of production)
   windowMs: isProduction ? (60 * 1000) : 1,
-  // limit each IP to 20 requests per windowMs
+  // limit each IP to X requests per windowMs
   max: 250,
   // Don't rate limit requests for 200s and redirects
   // Or anything with a status code less than 400
-  skipSuccessfulRequests: true
+  skipSuccessfulRequests: true,
+  // When available, use Redis
+  store: REDIS_URL && new RedisStore({ redisURL: REDIS_URL })
 })
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -61,6 +61,7 @@
     "platform-utils": "^1.2.0",
     "port-used": "^2.0.8",
     "querystring": "^0.2.0",
+    "rate-limit-redis": "^2.0.0",
     "readline-sync": "^1.4.10",
     "resolve-url-loader": "^3.1.2",
     "rimraf": "^3.0.0",
