class FixedWindowRateLimiter {
  constructor(
    private redis: Redis,
    private windowSeconds: number,
    private maxRequests: number
  ) {}

  async isAllowed(identifier: string): Promise<{ allowed: boolean; remaining: number }> {
    // Key format: rate_limit:{identifier}:{window_start}
    const windowStart = Math.floor(Date.now() / 1000 / this.windowSeconds);
    const key = `rate_limit:${identifier}:${windowStart}`;

    const count = await this.redis.incr(key);

    if (count === 1) {
      // First request in this window — set expiry
      await this.redis.expire(key, this.windowSeconds * 2);
    }

    const allowed = count <= this.maxRequests;
    const remaining = Math.max(0, this.maxRequests - count);

    return { allowed, remaining };
  }
}

// Usage
const limiter = new FixedWindowRateLimiter(redis, 60, 100); // 100 req/min

app.use(async (req, res, next) => {
  const identifier = req.ip; // Or user ID for authenticated requests
  const { allowed, remaining } = await limiter.isAllowed(identifier);

  res.set('X-RateLimit-Limit', '100');
  res.set('X-RateLimit-Remaining', remaining.toString());
  res.set('X-RateLimit-Reset', String(Math.ceil(Date.now() / 60000) * 60));

  if (!allowed) {
    return res.status(429).json({
      error: 'Too Many Requests',
      retryAfter: this.windowSeconds,
    });
  }

  next();
});
Rate Limiting & Throttling

Rate Limiting & Throttling

Rate Limiting & Throttling
