1

I am trying to use the feature of rate limiting from express-gateway. But I am stuck on how to use different rate-limit value for different user.Also how to throttle only one end point. Here is my gateway.config.yml

http:
port: 9000
admin:
port: 9876
hostname: localhost
apiEndpoints:
cust:
host: localhost
paths:    
  - '/delete'
  - '/update'   
serviceEndpoints:
custsurv:
url: 'http://localhost:3000'
policies:

    basic-auth
    cors
    expression
    key-auth
    log
    oauth2
    proxy
    rate-limit
    pipelines:
    default:
    apiEndpoints:
        cust
        policies:
        rate-limit:
            action:
            max: 1
            windowMs: 100000
        proxy:
            action:
            serviceEndpoint: custsurv
            changeOrigin: true

Right now it is working for all user.

I have written one middleware from where I can authenticate user and it returns the userid from the token that client has sent.Here is my function from where I am getting different throttle value for different user

@Get('/delete')
  public async getsomelist(
    @CurrentUser({ required: true }) context: ContextValidator
  ): Promise<ActionResponseBody> {

    const throttlevalue=await  this.mysqlConn.executeQuery('databasequery',context.currentUser.userId);
  }

Please let me know if I need to provide some more information.

Soham
  • 4,397
  • 11
  • 43
  • 71
  • how about posting some code that may help figuring out what the issue is, instead of a config yaml file – rags2riches-prog Dec 07 '20 at 18:19
  • How do you distinguish users with different limits? By consumer ID? By scope? By whether the user is authenticated? – James McLeod Dec 07 '20 at 18:38
  • @JamesMcLeod I have one mysql database. where it is specified the value according to the userid. I am not sure how to pass the value to the config file. – Soham Dec 07 '20 at 18:42
  • Can you add it to the Express Gateway database (put it in the config/models/users.yaml config file and populate it using the admin API)? If it isn’t there, then the gateway can’t use it. – James McLeod Dec 07 '20 at 18:43
  • @JamesMcLeod please check my updated question . – Soham Dec 07 '20 at 18:52
  • @rags2riches I have posted my typescript function also. – Soham Dec 07 '20 at 18:53
  • You are really fighting with the application if you aren’t using its authentication mechanism; I have no thoughts on how to proceed with the approach you are taking. – James McLeod Dec 09 '20 at 13:16
  • @JamesMcLeod I have my own custom made authentication module . And using Kubernetes for load balancer. Only I am looking for some opensource api gateway for throttling mechanism. Anyway thanks for your help. – Soham Dec 09 '20 at 15:11
  • I am not saying your approach is wrong, just that I cannot help you :-) – James McLeod Dec 09 '20 at 15:11
  • 1
    You should be able to achieve that with [rate-limiter-flexible](https://www.npmjs.com/package/rate-limiter-flexible) package, here is [suitable example](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#authorized-and-not-authorized-users). I have never used express-gateway, so no tips on the right way to built in custom middleware with express-gateway. – Animir Dec 12 '20 at 05:54
  • @Animir thanks for the answer. I will definitely have a look on this.Also will see the performance benchmark. – Soham Dec 14 '20 at 12:09

0 Answers0