sathergate/floodgate
Rate limiting for Next.js. Zero dependencies.
Platform-specific configuration:
{
"mcpServers": {
"floodgate": {
"command": "npx",
"args": [
"-y",
"floodgate"
]
}
}
}Add the config above to .claude/settings.json under the mcpServers key.
Rate limiting for Next.js. Zero dependencies.
Declarative rules, type-safe API, pluggable stores. Works in Edge Runtime, Node.js, and serverless.
npm install ratelimit-next// lib/rate-limit.ts
import { createFloodgate } from "ratelimit-next";
export const gate = createFloodgate({
rules: {
api: { limit: 100, window: "1m" },
auth: { limit: 5, window: "15m", algorithm: "fixed-window" },
uploads: { limit: 10, window: "1h", algorithm: "token-bucket" },
},
});// app/api/data/route.ts
import { withRateLimit } from "ratelimit-next/next";
import { gate } from "@/lib/rate-limit";
export const GET = withRateLimit(gate, "api", async (request) => {
return Response.json({ data: "hello" });
});Clients get standard rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) on every response and a 429 with Retry-After when limited.
Divides time into fixed intervals and counts requests per interval. Simple and predictable, but allows bursts at window boundaries.
{ limit: 100, window: "1m", algorithm: "fixed-window" }Approximates a true sliding window by weighting the previous interval's count. Smoother than fixed window with minimal overhead.
{ limit: 100, window: "1m", algorithm: "sliding-window" }Tokens refill at a steady rate. Allows short bursts while maintaining an average rate. Best for APIs where occasional spikes are acceptable.
{ limit: 100, window: "1m", algorithm: "token-bucket" }Duration strings: "10s" (seconds), "5m" (minutes), "1h" (hours), "1d" (days).
Apply rate limiting globally via Next.js middleware:
// middleware.ts
import { createFloodgate } from "ratelimit-next";
import { createRateLimitMiddlewarLoading reviews...