a very easy way would be to define a Map or object in separate file which you import and add/check based on some userdata or ip using headers... but then there are more fancy methods like upstash ratelimit that should be able to be used very similar to route handlers

interesting. isnt it run on serverless so how would the map / object persist?

well you see... serverless still perstists data (if its not edge)

upstash also does local cache, but to ensure trustworty, it also can sync to redis or db

wait so u can run the upstash rate limiting package without using their infra?

as i think if you spam enough, vercel can have multiple of your serverless things running at once with their own ram

well i have been told at least

yeah: https://github.com/upstash/ratelimit?tab=readme-ov-file#ephemeral-cache... hmm thats just for cache, but im sure there is also way to use map for main

so then the map / obj way wouldnt be reliable. is that what you mean?

thats why you have to have something hosted separately or try and abuse unstable cache

oh golly gosh

would be cheaper to just spin up a redis instance on railway i think

i do wonder, as this kinda sounds easy to make whole project down, but then again who is using your app that much (upstash pricing)

i hate upstash pricing. its way too expensive

i also remember getting random reads and writes when i wasnt even using the upstash instance

😦

but honesly its pretty hard to achieve the concurrency on vercel

if there are many different users at same time, then its easier

yea ill just use upstash ratelimiter but host my instance elsewhere

sounds good!

I thought while it “persists” it only persists until the function has not been called in awhile and then the server less has to go through a cold start to boot up again.

Plus if you’re having a lot of traffic won’t it spawn two server less functions?

1. i dont remember how long the cache lasts, but i know its somewhat large (i havent tested enough, so for all i know it could be 15min)
2. yeah that is what i was saying

last i checked it's 5 mins until a lambda container spins down without traffic

the upstash rate limiter can work in-memory btw

oh i remember hearing something about 15, but maybe 5mins is enough

yeah i sent this earlier, but as i havent used it i wasnt fully sure if you needed main redis input or if you can just only have ephemeralCache

idk if it can work without redis

but rate limiting in an ephmeral fashion without upstash is pretty simple honestly

yeah

just tried this out. wow so simple and easy to set up and use (if im using it correctly lol)

Nice!

It is really simple indeed

export const rateLimiter = new RateLimiterMemory({
  keyPrefix: "rateLimiter",
  points: 1,
  duration: 10,
});

then in boom

  try {
    // Consume 1 point per request
    await rateLimiter.consume(ipAddress);
    // Your API logic here
    console.log("Request allowed");
  } catch (rejRes) {
    // Handling exceeding rate limit
    console.log("Request blocked");
  }

love it. thanks again

dangit. this doesnt work in prod for some reason lol

what about it doesnt work

its not cunsoming the points properly so it never hits the limit

running on node 20 serverless so im not sure what could be wrong

if you use the RateLimiterMemory limiter it won't work on serverless platforms because the memory is thrown away between different requests. you need to use an external service to keep track of the points

i have found vercel serverless to have some degree of memory existing between requests, tho it doesnt seem to be very good to trust

This is somewhat true. It will get thrown away only after a certain time. I think having a in-memory rate limiter is still good for very short-term request bursts.

just like what risky said

i think if you just want a basic thing its fine, but for actual ratelimiting you have to have an external "db" to have it properly done

it doesnt even work for short term bursts. i tested it on prod

it just doesnt work at all

might have to just spin up a redis server eh