I am trying to prevent a user to be able to call a Meteor method too often with the Meteor package ddp-rate-limiter (For example to prevent spamming or a DOS attack), but I can not get it to work.

Does anybody have an idea?

server/ddpRateLimiter.js:

Meteor.methods({
  dosAttack: function() {console.log("dos");}
});

var preventDosAttack= {
  userId: function() {return true;},
  type: 'method',
  method: 'dosAttack'
}

DDPRateLimiter.addRule(preventDosAttack, 5, 1000);

With this code I can still run the method from the client console as often as I want to. (Tested with a for loop 100 times)

You can find the entire sourcecode here: opensource project

And this certain commit here: commit

Thank you very much for your help,

Max

My mistake is simple: It is not 'method': 'dosAttack' but 'name': 'dosAttack'. Seems like the example in the documentation MeteorDoc DDPRateLimiter does the same mistake. I created an issue on the meteor GitHub page

Rate limiting is now offered as a vendor-supported Meteor package. I've recently used it to create Meteor Candy, the admin panel for Meteor. Here's how I did it.

First, add the package:

meteor add ddp-rate-limiter.

Second, define the method:

Meteor.methods({
    myFancyMethod: function () {
        return true;
    }
})

Finally, define the rate limiting rules for it:

import { DDPRateLimiter } from 'meteor/ddp-rate-limiter';

var requestLimit = 5;
var requestTimeout = 5000;

DDPRateLimiter.addRule({
    type: "method",
    name: "myFancyMethod",
}, requestLimit, requestTimeout);