Express Rate Limiting Quiz Quiz

1. Rate Limiter Setup

   Which middleware is most commonly used in Express.js to implement rate limiting on a per-user basis?

   1. A. express-session
   2. B. cors
   3. C. express-rate-limit
   4. D. body-parser
   5. E. morgan

2. Identifying Users

   How can you reliably identify a user for rate limiting purposes in an Express.js application?

   1. A. By their IP address only, using `req.ip`
   2. B. Only by their username
   3. C. By their browser's user agent
   4. D. By a combination of IP address and user ID (if authenticated) or a session identifier
   5. E. Randomly assigning a number to each request.

3. Rate Limit Store

   What is the purpose of a 'store' in the `express-rate-limit` middleware?

   1. A. To store user session data.
   2. B. To temporarily cache the requested jokes.
   3. C. To store the rate limit counters for each user.
   4. D. To store API keys.
   5. E. To store the configuration settings for the rate limiter.

4. Custom Key Generator

   You want to use the user ID from a JWT (JSON Web Token) for rate limiting. How would you customize the `keyGenerator` option in `express-rate-limit`?

   1. A. Set `keyGenerator` to `'req.user.id'`.
   2. B. `keyGenerator: (req, res) =u003E req.headers['user-id'];`
   3. C. `keyGenerator: (req) =u003E req.user.id;` if `req.user` is populated by a JWT middleware.
   4. D. By not including a keyGenerator at all.
   5. E. Setting the store to the user's ID.

5. Rate Limit Exceeded Response

   What HTTP status code should your server typically return when a user exceeds the rate limit?

   1. A. 200 OK
   2. B. 400 Bad Request
   3. C. 404 Not Found
   4. D. 429 Too Many Requests
   5. E. 500 Internal Server Error

6. Time Window Configuration

   How do you configure the duration of the rate limiting 'window' using `express-rate-limit`?

   1. A. Using the `window` option in milliseconds.
   2. B. Using the `duration` option in seconds.
   3. C. Using the `timeframe` property in minutes.
   4. D. Using the `windowMs` option in milliseconds.
   5. E. This feature cannot be configured.

7. Max Requests Configuration

   How do you specify the maximum number of requests allowed within the defined time window using `express-rate-limit`?

   1. A. Using the `requests` property.
   2. B. Using the `limit` property.
   3. C. Using the `max` option.
   4. D. Using the `allowedRequests` option.
   5. E. This feature is defined by the underlying store.

8. Custom Error Message

   How can you customize the error message returned when a user exceeds the rate limit?

   1. A. Using the `errorMessage` option.
   2. B. Using the `message` option and passing a string.
   3. C. By modifying the HTTP status code.
   4. D. You cannot customize the message
   5. E. Using the `error` property and passing a function.

9. Ignoring specific routes

   You want to exclude a specific route, '/healthcheck', from rate limiting. How do you achieve this with `express-rate-limit`?

   1. A. Wrap the route handler in a `noRateLimit` function.
   2. B. Use the `skip` option with a function that returns true for '/healthcheck'.
   3. C. You cannot exclude specific routes.
   4. D. Set `max` to 0 for the '/healthcheck' route.
   5. E. By setting `windowMs` to 0 on that route

10. In-Memory Store Limitations

    What is a major limitation of using the default in-memory store provided by `express-rate-limit` in a production environment?

    1. A. It is incredibly slow.
    2. B. It does not support HTTPS.
    3. C. It will only store IP addresses.
    4. D. It doesn't work with cookies.
    5. E. It does not scale horizontally across multiple server instances.