Current section: Rate Limiting 4 exercises

Intro to Rate Limit


00:00 Getting attacked by a nefarious actor is never a fun time and it's especially not fun if they're like Brute-forcing to get it access to a specific account or they're making your server send a bajillion emails

00:13 And so it's destroying your deliverability or they're just a number of things that an attacker can do to make your life pretty miserable They like increase your your server hosting costs and all that stuff, especially if you have auto scaling enabled and stuff like that So it's a good idea to add a little bit of rate limiting so that even if they do hit you a bunch of times

00:33 You're not expending a bunch of resources and you can just say hey, whoa. Whoa, you got to slow down. You're calling me too many times and So that is a pretty standard practice And in fact, there are mechanisms built into some hosts that will like automatically handle distributed denial service attacks and things like that

00:52 But yeah, they're like even in those cases With those sorts of things you can have Like it's it's a good idea to add your own Level of rate limiting so you can have some specifics of like yeah, it's it's fine to hit this endpoint It's just a get endpoint. It's like serving an asset or something That's not a big deal to hit that a bunch of times

01:14 But here we have this other endpoint that allows users to transfer money between each other And if somebody's hitting that a bunch of times They're probably trying to guess something and it's probably not a good idea and to allow them to do that So there are different tiers of rate limiting so in this exercise, we're going to be using express rate limit because we're using an express server and we're going to be

01:35 creating these three different tiers of rate limiters so that we can differentiate between the different types of requests that are being made so that a request to sign up or to log in or to The verification endpoint or whatever Can have a much more strict rate limit measurement than the request for

01:55 Just getting the home page or something like that So that is your task in this exercise is to add some rate limiting to our site so that we don't have to Have problems with people trying to brute-force passwords and stuff like that So have a good time with this one and we'll see you when you're all done