SoFunction
Updated on 2025-04-12

Add API current limit and log optimization detailed explanation

Preface

In the previous articles, we have added authentication, CORS configuration, caching mechanisms, and performance monitoring to the API. This article will continue to further enhance the stability and maintainability of the API based on this. We will add API stream limiting capabilities and optimize logs to better track and debug applications.

1. Add API to limit current

To prevent the API from being maliciously requested or abused, we can add API current limiting capabilities. This helps protect the server from DDoS attacks and ensures that requests from normal users can be promptly responded. We will useexpress-rate-limitlibrary to implement this function.

1.1 Installation dependencies

First, we need to installexpress-rate-limitLibrary. Open the terminal, navigate to the project root directory, and run the following command:

npm install express-rate-limit

1.2 Create a stream limit middleware

Next, we aremiddlewaresCreate a directory calledfile used to define the stream limit middleware.

const rateLimit = require('express-rate-limit');

const apiLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes  max: 100, // Maximum number of requests allowed per IP  message: 'Too many requests from this IP, please try again later.',
});

 = apiLimiter;

In this middleware, we set up to send up to 100 requests per IP in 15 minutes. If this limit is exceeded, the client will receive a prompt message telling it that it has too many requests and needs to try again later.

1.3 Application of current limiting middleware

Finally, we need toApply this stream limiting middleware in the file. OpenFile, add the following code:

require('dotenv').config();
const express = require('express');
const helmet = require('helmet');
const compression = require('compression');
const cors = require('cors');
const swaggerUi = require('swagger-ui-express');
const swaggerJSDoc = require('swagger-jsdoc');
const itemsRouter = require('./routes/items');
const authRouter = require('./routes/auth');
const errorHandler = require('./middlewares/error-handler');
const connectDB = require('./config/db');
const logger = require('./middlewares/logger');
const statusMonitor = require('express-status-monitor');
const apiLimiter = require('./middlewares/rateLimiter');

const app = express();

// Configure Helmet(helmet());

// Configure CORS(cors());

// Log middleware((req, res, next) => {
  (`${} ${}`);
  next();
});

(()); // parse the JSON request body
// Compress the response body(compression());

// Connect to MongoDBconnectDB();

// Performance monitoring(statusMonitor());

// API current limit(apiLimiter);

//Route('/items', itemsRouter);
('/auth', authRouter);

// Swagger configurationconst options = {
  definition: {
    openapi: '3.0.0',
    info: {
      title: 'My API',
      version: '1.0.0',
      description: 'This is a simple API for managing items.',
    },
    servers: [
      {
        url: `http://localhost:${ || 3000}`,
      },
    ],
  },
  apis: ['./routes/*.js'], // Specify the file containing API annotations};

const specs = swaggerJSDoc(options);
('/api-docs', , (specs));

// Error handling middleware(errorHandler);

 = app;

2. Optimize logging

In order to better track and debug applications, we need to optimize logging. A good logging system can help us quickly locate problems and understand the operating status of the application. We will usewinstonLibrary to implement more detailed and flexible logging.

2.1 Installation dependencies

First, we need to installwinstonandwinston-daily-rotate-fileLibrary. Open the terminal, navigate to the project root directory, and run the following command:

npm install winston winston-daily-rotate-file

2.2 Creating a log configuration

Next, we areconfigCreate a directory calledfile, used to define log configuration.

const winston = require('winston');
const DailyRotateFile = require('winston-daily-rotate-file');

const transport = new DailyRotateFile({
  filename: 'application-%DATE%.log',
  datePattern: 'YYYY-MM-DD',
  zippedArchive: true,
  maxSize: '20m',
  maxFiles: '14d',
  dirname: 'logs',
});

const logger = ({
  level: 'info',
  format: (
    (),
    ()
  ),
  transports: [
    transport,
    new ({
      format: (
        (),
        ()
      ),
    }),
  ],
});

 = logger;

In this configuration, we set the naming rules, date mode, archive method, maximum file size and retention days of log files. At the same time, we also configured console output so that we can view log information in real time during development.

2.3 Update log middleware

Finally, we need to updatemiddlewares/File, use the new log configuration.

const logger = require('../config/logger');

const logRequest = (req, res, next) => {
  (`${} ${}`);
  next();
};

 = logRequest;

3. Project structure

Ensure the project structure is as follows:

my-app/
├── node_modules/
├── public/
│   └── 
├── routes/
│   ├── 
│   └── 
├── models/
│   ├── 
│   └── 
├── middlewares/
│   ├── 
│   ├── 
│   ├── 
│   ├── 
│   └── 
├── config/
│   ├── 
│   ├── 
│   └── 
├── .env
├── 
└──

4. Run the project

Make sure that the MongoDB and Redis services are started. Run the following command in the project root directory to start the application:

npm install node

Visithttp://localhost:3000/api-docsView Swagger documentation and accesshttp://localhost:3000/statusCheck the performance monitoring page.

5. Testing and Verification

5.1 Test API Current Limiting

To verify that the API current limiting feature is in effect, we can use Postman or other HTTP client tools to send multiple requests. Assuming that the current limit rule we set is that each IP has up to 100 requests per 15 minutes, we can try to send more than 100 requests to see if it will be restricted.

  • Open Postman, create a new request, and set the request method toGET, the URL ishttp://localhost:3000/items
  • Send multiple requests quickly until 100 requests are reached.
  • Continue to send the request and observe whether the response returns429 Too Many RequestsStatus code and contains prompt messageToo many requests from this IP, please try again later.

5.2 Verify logging

To verify that the logging is correct, we can check the log file and console output.

  • In the project root directory, findlogsDirectory, check whether there are generated log files.
  • Open one of the log files and check if the contents contain the requested method, URL, and timestamp.
  • At the same time, check the console output to make sure that the log information is also displayed on the console.

6. Summary and Outlook

Through this article, we have added current limiting capabilities to the API and optimized logging, further enhancing the stability and maintainability of the API. The API current limiting function can help us prevent malicious requests and DDoS attacks, ensuring that normal user requests can be responded in a timely manner. The optimized logging system can help us better track and debug applications and quickly locate problems.

This is the article about adding API current limiting and log optimization. For more related API current limiting and log optimization content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!