2nfm-api Rate Limiting

My work was creating a javascript module that can be added on any js server code. The module limits the number of requests made from given identity within a time period to protect the server.

Comment

My contribution was adding a rate limit module in the project. The signaling server will ignore all the requests from a specific ip address that exceeded 5000 requests within 5 minutes.

My goal for HackIllinois 2020 was to learn the backend work of web applications. I found 2nfm project a perfect fit for my goal. But it was rather hard to come up with the ideas. 2nfm uses open source webRTC library called rtcmulticonnection, so most of the work needed for 2nfm was refining the code in the library. After struggling for hours coming up with an idea, we found out that the signaling server does not have the rate limiting, which made the server prone to DoS attacks. I worked on creating a rate limiting module that can be applied on any javascript server code. Existing rate limiting libraries are intended to be added as middleware, using express. Instead, my rate limiting can be added on any part of the server code. It can check the limit and return -1 when the limit has exceeded, so user could at any condition on server code to ignore the request when the rate limiting function returns -1.

The current rate limiting uses server in-memory since 2nfm uses only one server for now. The data structure can be easily changed by editing the MemoryStore.js. The challenge I faced while dealing with the memory was to apply an algorithm that will be memory-efficient and precise at the same time. I used hash map to store request count information of given key(IP in 2nfm project). Each key will have sliding window request counter as value, which is an optimized way of storing real time request counts. FIFO behavior of queue was great option to delete outdated request counts and sub array will efficiently group request counts by sampling period (1 second by default), there by not storing every requests one by one, but keeping the precision by sampling period. Increasing the sampling period will increase memory usage and precision.

The work open for my module is to add Redis database support for ACID.

RTCMultiConnection - WebRTC JavaScript Library

Demos: https://rtcmulticonnection.herokuapp.com/demos/

npm downloads Build Status: Linux

Install On Your Own Site

mkdir demo && cd demo
git clone https://github.com/muaz-khan/RTCMultiConnection.git ./
npm install --production
node server --port=9001

Free socket.io servers

// v3.4.7 or newer
connection.socketURL = 'https://rtcmulticonnection.herokuapp.com:443/';

// v3.4.6 or older
connection.socketURL = 'https://webrtcweb.com:9001/';

YouTube videos

  1. Getting started guide / RTCMultiConnection
  2. Setup custom socket.io server / RTCMultiConnection
  3. Write screen sharing applications / RTCMultiConnection
  4. YouTube Playlist
  5. RTCMultiConnection-v2 (old) videos: https://vimeo.com/muazkh

Docs/Tutorials

  1. Getting Started guide for RTCMultiConnection
  2. Installation Guide
  3. How to Use?
  4. API Reference
  5. Upgrade from v2 to v3
  6. How to write iOS/Android applications?
  7. Tips & Tricks

iOS+Android Demo Apps

Note: RTCMultiConnection supports Safari-11 browser both on iOS and MacOSX.

So you do not need to build a cordova or ionic application.

Wiki Pages

License

RTCMultiConnection is released under MIT licence . Copyright (c) Muaz Khan.

Built With

Share this project:

Updates