Ratelimit by user or in general

Hi … at strapi 3 I used a request.json to increase the ratelimit for logins to a value of “max: 60”.

But I don´t find any solution to increase the ratelimit at strapi 4.

What I want?
A special service with special user credentials is updating some data very often. He uses a typical authentification by username and password. But after 5 “login + update” I get the well known “Auth.form.error.ratelimit” error.

Has no one an idea to increase the rate limit by user or api route?

Middlewares is what you are looking for, you would most likely want a global middleware but you will want to exclude any traffic aimed at admin endpoints. There is packages like koa-ratelimit that could help you.

I don’t really have a good example of one at a global level but we do have a very basic and minimal one applied in the users-permissions plugin for the auth endpoints: https://github.com/strapi/strapi/blob/master/packages/plugins/users-permissions/server/middlewares/rateLimit.js

This is a good starting point.

How can I change this rateLimit.js to allow - for a specific user - to increase the max value?

In my case this is the first rateLimit where the service is blocked, because the write operation is done with an authenticated user.

easiest method in v4 would be using patch-package. I’ll let you explore that one on your own first but let me know if you get stuck :slight_smile:

1 Like

I don´t understand how “patch-package” can help … at the moment I hard coded changed the rateLimit but this will be overwritten with the next update of the plugin.

patch-package execute the patches after you install node_modules, meaning if you update the package and there was no update to the files you modified in the patches then the patch will just get reapplied.

Is there a documentation for strapi? Otherwise I have to start with the patch-package from npm and try my own way?