Skip to content

DIYA73/api-rate-guardian

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

34 Commits
.vscode
.vscode
Β 
Β 
admin-ui
admin-ui
Β 
Β 
docs
docs
Β 
Β 
screenshots
screenshots
Β 
Β 
src
src
Β 
Β 
tests
tests
Β 
Β 
.gitignore
.gitignore
Β 
Β 
Dockerfile
Dockerfile
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
docker-compose.yml
docker-compose.yml
Β 
Β 
jest.config.js
jest.config.js
Β 
Β 
package-lock.json
package-lock.json
Β 
Β 
package.json
package.json
Β 
Β 
tsconfig.json
tsconfig.json
Β 
Β 

Repository files navigation

🚦 API Rate Guardian

Production-ready rate limiting microservice β€” Redis-backed, JWT auth, IP ban system, real-time monitoring. Live on Render.

TypeScript Node.js Redis Docker Live License

🌐 Live Demo

API: https://api-rate-guardian-1.onrender.com

Free Render instances sleep when inactive β€” first request may take ~30s.

Admin UI: Run locally or deploy to Vercel.

🎯 Features

  • Redis-backed rate limiting β€” sliding window algorithm, accurate across multiple instances
  • IP ban system β€” permanent or timed bans, auto-expiry, ban list export
  • JWT admin auth β€” stateless, secure admin routes
  • Real-time dashboard β€” live stats, rate limit violations, Redis health
  • Docker ready β€” full docker-compose with Redis included
  • High performance β€” 1000+ req/s, less than 50ms average latency

πŸ›  Tech Stack

Layer Tech
Runtime Node.js 18+ Β· TypeScript 5+
Framework Express.js
Rate limiting store Redis 7+ via ioredis
Auth JWT (jsonwebtoken)
Security Helmet.js Β· CORS
Admin UI React 18 Β· Tailwind Β· Chart.js
DevOps Docker Β· docker-compose Β· Render

πŸš€ Quick Start

Option 1: Docker Compose (recommended)

git clone https://github.com/DIYA73/api-rate-guardian.git
cd api-rate-guardian
cp .env.example .env
docker-compose up -d

Option 2: Local

npm install
docker run -d -p 6379:6379 redis:7-alpine
npm run dev

Environment variables

NODE_ENV=development
PORT=5000
REDIS_URL=redis://localhost:6379
JWT_SECRET=your-secret-min-32-chars
JWT_EXPIRES_IN=24h
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=changeme123
DEFAULT_RATE_LIMIT_WINDOW_MS=900000
DEFAULT_RATE_LIMIT_MAX=100
ALLOWED_ORIGINS=http://localhost:3000

πŸ”Œ API Reference

Public

GET /api/v1/health
GET /api/v1/public/test

Auth

POST /api/v1/auth/login
{ "email": "...", "password": "..." }

Admin (Bearer token required)

GET    /api/v1/admin/stats
POST   /api/v1/admin/ban
DELETE /api/v1/admin/ban/:ip
GET    /api/v1/admin/bans
GET    /api/v1/admin/redis-stats

πŸ”’ Security

  • JWT authentication on all admin routes
  • Helmet.js security headers
  • CORS allowlist
  • Input validation
  • Redis password auth (production)
  • HTTPS enforced on Render

πŸ—Ί Roadmap

Phase 1 β€” Complete

  • Redis-backed rate limiting
  • IP ban system
  • JWT admin API
  • Real-time dashboard
  • Docker deployment
  • Live production on Render

Phase 2 β€” Planned

  • Custom rate limit rules per endpoint
  • Email notifications for abuse
  • API key-based limiting
  • Geographic IP tracking
  • Advanced analytics

πŸ“„ License

MIT β€” see LICENSE.

πŸ‘©β€πŸ’» Author

Diya Taib Ismahil

🚦 Protecting APIs, one request at a time.

About

🚦 Production-ready rate limiting microservice with Redis, IP banning, real-time monitoring & admin dashboard. Protect APIs from abuse. Node.js + TypeScript + Docker. LIVE on Render

Topics

nodejs api docker redis security jwt express typescript backend rate-limiting stars license production-ready live-demo abuse-detection api-protection

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages