Interface: RateLimitConfig
Defined in: packages/core/src/core/middleware/RateLimiter.ts:77
Configuration for the rateLimit middleware.
Properties
errorCode?
readonly optional errorCode: string;Defined in: packages/core/src/core/middleware/RateLimiter.ts:113
Custom error code for rate-limited responses.
Default
'RATE_LIMITED'keyFn()?
readonly optional keyFn: (ctx) => string;Defined in: packages/core/src/core/middleware/RateLimiter.ts:97
Extract the rate limit key from the request context. When not provided, a global key is used (all requests share the limit).
Parameters
| Parameter | Type | Description |
|---|---|---|
ctx | unknown | Request context |
Returns
string
A string key for rate limiting (e.g., user ID)
max
readonly max: number;Defined in: packages/core/src/core/middleware/RateLimiter.ts:88
Maximum number of requests allowed per window.
onRejected()?
readonly optional onRejected: (ctx, key) => void;Defined in: packages/core/src/core/middleware/RateLimiter.ts:122
Callback invoked when a request is rate-limited. Use for audit logging or alerting.
Parameters
| Parameter | Type | Description |
|---|---|---|
ctx | unknown | Request context |
key | string | The rate limit key that was exceeded |
Returns
void
store?
readonly optional store: RateLimitStore;Defined in: packages/core/src/core/middleware/RateLimiter.ts:106
Custom rate limit store. Defaults to InMemoryStore.
⚠️ The default InMemoryStore is single-process only. For multi-instance deploys (Kubernetes, PM2 cluster, serverless), provide a distributed store implementation (e.g., Redis).
telemetry?
readonly optional telemetry: TelemetrySink;Defined in: packages/core/src/core/middleware/RateLimiter.ts:128
Optional telemetry sink for security.rateLimit events. When provided, emits an event each time a request is rate-limited.
windowMs
readonly windowMs: number;Defined in: packages/core/src/core/middleware/RateLimiter.ts:83
Time window in milliseconds.
Example
60_000 // 1 minute