Node.js Token Bucket Rate Limiter

This is a compact, production-minded implementation of a Token Bucket rate limiter for Express. It demonstrates a per-IP token-bucket, request logging, metrics, and a Redis-backed approach for correctness under concurrency and horizontal scaling. TL;DR Capacity: 10 tokens per IP Refill: 1 token / second Each request consumes 1 token State persisted in Redis; recommended atomic updates via Redis Lua scripting Why this project Implementing a simple in-memory limiter is straightforward, but it fails when multiple Node processes or concurrent requests are involved. Persisting per-IP state in Redis and performing atomic updates prevents race conditions and makes the limiter safe for production-like environments. This repo keeps the implementation small and easy to follow. Features Token Bucket algorithm (burst + steady-rate control) Per-IP state persisted in Redis Designed for atomic, server-side updates in Redis (Lua/EVAL recommended) Request logging via pino Minimal metrics endpoint for q