Rate Limiter
RateLimiter provides a rate limiter middleware that limits the number of requests sent to
the server from a particular IP or identifier within a time period.
By default, an in-memory store keeps track of requests. The default in-memory implementation is focused on correctness and may not be the best option for a high number of concurrent requests or a large number of distinct identifiers (>16k).
All core middleware lives in the middleware package:
import "github.com/labstack/echo/v5/middleware"To add a rate limit to your application, add the RateLimiter middleware. The example below
limits the application to 20 requests/sec using the default in-memory store:
e.Use(middleware.RateLimiter(middleware.NewRateLimiterMemoryStore(20.0)))Custom configuration
Section titled “Custom configuration”config := middleware.RateLimiterConfig{ Skipper: middleware.DefaultSkipper, Store: middleware.NewRateLimiterMemoryStoreWithConfig( middleware.RateLimiterMemoryStoreConfig{Rate: 10, Burst: 30, ExpiresIn: 3 * time.Minute}, ), IdentifierExtractor: func(c *echo.Context) (string, error) { id := c.RealIP() return id, nil }, ErrorHandler: func(c *echo.Context, err error) error { return c.JSON(http.StatusForbidden, nil) }, DenyHandler: func(c *echo.Context, identifier string, err error) error { return c.JSON(http.StatusTooManyRequests, nil) },}
e.Use(middleware.RateLimiterWithConfig(config))Errors
Section titled “Errors”var ( // ErrRateLimitExceeded denotes an error raised when the rate limit is exceeded. ErrRateLimitExceeded = echo.NewHTTPError(http.StatusTooManyRequests, "rate limit exceeded") // ErrExtractorError denotes an error raised when the extractor function is unsuccessful. ErrExtractorError = echo.NewHTTPError(http.StatusForbidden, "error while extracting identifier"))Configuration
Section titled “Configuration”type RateLimiterConfig struct { Skipper Skipper BeforeFunc BeforeFunc // IdentifierExtractor uses echo.Context to extract the identifier for a visitor. IdentifierExtractor Extractor // Store defines a store for the rate limiter. Store RateLimiterStore // ErrorHandler provides a handler to be called when IdentifierExtractor returns a non-nil error. ErrorHandler func(c *echo.Context, err error) error // DenyHandler provides a handler to be called when RateLimiter denies access. DenyHandler func(c *echo.Context, identifier string, err error) error}Default configuration
Section titled “Default configuration”// DefaultRateLimiterConfig defines default values for RateLimiterConfig.var DefaultRateLimiterConfig = RateLimiterConfig{ Skipper: DefaultSkipper, IdentifierExtractor: func(c *echo.Context) (string, error) { id := c.RealIP() return id, nil }, ErrorHandler: func(c *echo.Context, err error) error { return &echo.HTTPError{ Code: ErrExtractorError.Code, Message: ErrExtractorError.Message, Internal: err, } }, DenyHandler: func(c *echo.Context, identifier string, err error) error { return &echo.HTTPError{ Code: ErrRateLimitExceeded.Code, Message: ErrRateLimitExceeded.Message, Internal: err, } },}