Authenticating users with JSON web tokens is a convenient strategy. The tokens are self-contained and may include all required information. The server side verifies a token, either trusts its digital signature and proceeds the request handling or declines processing. Two previous tutorials walk you through the process of generating JSON …
Continue ReadingMocha is a powerful testing framework for Node.js. It gives you dozens of helpful utilities to create a convenient testing setup. Mocha also provides an interceptable testing lifecycle. If you need to run setup and teardown tasks for your test suite, make sure to read on! {{outline}} Testing Setup …
Continue ReadingThis is the final tutorial in the “Build a Rate Limiter” series. The rate limiter has all important features to increase your application security. As with any software project, you should put aside time to review and refactor the code. By finishing this tutorial, you’ll push your rate limiter …
Continue Reading
Rate limiting is a security feature that comes with costs you need to manage. For example, once enabled, rate limiting applies to all requests going through your server. This can cause problems when using the rate limiter for both, APIs and web apps. Sending requests to web applications will render …
Continue Reading
Introducing the rate limiter into your web application brings security benefits, but requires extra work to integrate it smoothly. In the previous tutorial, you added support to render a “rate limit exceeded” web view instead of sending a JSON response. The web view to show an exceeded limit was dragging …
Continue Reading
Your rate limiter has a solid feature set: rate limit requests by IP address or a user identifier, allow dynamic rate limits and use a route-specific rate limit configuration. A missing feature is the support for web views. Up to this point, the rate limiter responds an error in JSON …
Continue Reading
Your rate limiter grows in functionality. You already built an IP-based rate limiting that is configurable for each route. The route limits let you configure an individual rate limit for a route that differs from the server’s default rate limit. Another aspect of rate limiting is dynamic rate limiting. …
Continue Reading
In the first tutorial, you built an IP based rate limiter. The rate limiter stores the client-related details in Redis. Your setup includes the configuration for global rate limits that apply to each incoming request. In this tutorial, you’ll implement the logic to support individual rate limits for each …
Continue ReadingFind interesting tutorials and solutions for your problems.