npm - @joint-ops/hitlimit-bun - Versions diffs - 1.1.3 → 1.2.0 - Mend

@joint-ops/hitlimit-bun 1.1.3 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +65 -335
package/dist/stores/postgres.d.ts +9 -0
package/dist/stores/postgres.d.ts.map +1 -0
package/dist/stores/postgres.js +220 -0
package/dist/stores/redis.d.ts.map +1 -1
package/dist/stores/redis.js +10 -29
package/package.json +33 -4

package/README.md CHANGED Viewed

@@ -1,49 +1,40 @@
 # @joint-ops/hitlimit-bun
-[![npm version](https://img.shields.io/npm/v/@joint-ops/hitlimit-bun.svg)](https://www.npmjs.com/package/@joint-ops/hitlimit-bun)
-[![npm downloads](https://img.shields.io/npm/dm/@joint-ops/hitlimit-bun.svg)](https://www.npmjs.com/package/@joint-ops/hitlimit-bun)
-[![GitHub](https://img.shields.io/github/license/JointOps/hitlimit-monorepo)](https://github.com/JointOps/hitlimit-monorepo)
-[![TypeScript](https://img.shields.io/badge/TypeScript-Ready-blue.svg)](https://www.typescriptlang.org/)
-[![Bun](https://img.shields.io/badge/Bun-Native-black.svg)](https://bun.sh)
+> Rate limiting built for Bun. Not ported — built.
-> The fastest rate limiter for Bun — 5.6M+ ops/sec | Bun.serve, Elysia & Hono
+**12.38M ops/sec** on memory. **8.32M at 10K IPs**. Native bun:sqlite. Atomic Redis Lua. Postgres. Zero dependencies.
-**hitlimit-bun** is a Bun-native rate limiting library. Memory-first with 5.62M ops/sec under real-world load. Atomic Redis Lua scripts for distributed systems. Native bun:sqlite for persistence. Zero runtime dependencies.
-**[Documentation](https://hitlimit.jointops.dev/docs/bun)** | **[GitHub](https://github.com/JointOps/hitlimit-monorepo)** | **[npm](https://www.npmjs.com/package/@joint-ops/hitlimit-bun)**
+```bash
+bun add @joint-ops/hitlimit-bun
+```
-## Why hitlimit-bun?
+```typescript
+Bun.serve({
+  fetch: hitlimit({}, (req) => new Response('Hello!'))
+})
+```
-- **5.62M ops/sec** under real-world load (10K IPs), ~15x faster than SQLite
-- **Bun native** — built for Bun's runtime, not a Node.js port
-- **3 frameworks** — Bun.serve, Elysia, Hono from one package
-- **3 storage backends** — Memory, bun:sqlite, Redis (atomic Lua scripts)
-- **Atomic Redis** — Single-roundtrip Lua scripts with EVALSHA caching
-- **Zero runtime dependencies** — nothing extra to install
-- **Human-readable windows** — `'1m'`, `'15m'`, `'1h'` instead of milliseconds
-- **Tiered limits** — Free/Pro/Enterprise in 8 lines
-- **Auto-ban** — Ban repeat offenders after threshold violations
-- **TypeScript native** — Full type safety and IntelliSense
+One line. Done. Works with **Bun.serve**, **Elysia**, and **Hono** out of the box.
-## Installation
+**[Docs](https://hitlimit.jointops.dev/docs/bun)** · **[GitHub](https://github.com/JointOps/hitlimit-monorepo)** · **[Benchmarks](https://github.com/JointOps/hitlimit-monorepo/tree/main/benchmarks)**
-```bash
-bun add @joint-ops/hitlimit-bun
-```
+---
-## Quick Start
+## 30 Seconds to Production
-### Bun.serve Rate Limiting
+### Bun.serve
 ```typescript
 import { hitlimit } from '@joint-ops/hitlimit-bun'
 Bun.serve({
-  fetch: hitlimit({}, (req) => new Response('Hello!'))
+  fetch: hitlimit({ limit: 100, window: '1m' }, (req) => {
+    return new Response('Hello!')
+  })
 })
 ```
-### Elysia Rate Limiting
+### Elysia
 ```typescript
 import { Elysia } from 'elysia'
@@ -51,377 +42,116 @@ import { hitlimit } from '@joint-ops/hitlimit-bun/elysia'
 new Elysia()
   .use(hitlimit({ limit: 100, window: '1m' }))
-  .get('/', () => 'Hello World!')
+  .get('/', () => 'Hello!')
   .listen(3000)
 ```
-### Hono Rate Limiting
+### Hono
 ```typescript
 import { Hono } from 'hono'
 import { hitlimit } from '@joint-ops/hitlimit-bun/hono'
 const app = new Hono()
 app.use(hitlimit({ limit: 100, window: '1m' }))
-app.get('/', (c) => c.text('Hello Bun!'))
+app.get('/', (c) => c.text('Hello!'))
 Bun.serve({ port: 3000, fetch: app.fetch })
 ```
-### Using createHitLimit
-```typescript
-import { createHitLimit } from '@joint-ops/hitlimit-bun'
-const limiter = createHitLimit({ limit: 100, window: '1m' })
-Bun.serve({
-  async fetch(req, server) {
-    // Returns a 429 Response if blocked, or null if allowed
-    const blocked = await limiter.check(req, server)
-    if (blocked) return blocked
-    return new Response('Hello!')
-  }
-})
-```
-## Features
+---
-### API Rate Limiting
+## What You Get
-Protect your Bun APIs from abuse with high-performance rate limiting.
-```typescript
-Bun.serve({
-  fetch: hitlimit({ limit: 1000, window: '1h' }, handler)
-})
-```
-### Login & Authentication Protection
-Prevent brute force attacks on login endpoints.
-```typescript
-const authLimiter = createHitLimit({ limit: 5, window: '15m' })
-Bun.serve({
-  async fetch(req, server) {
-    const url = new URL(req.url)
-    if (url.pathname.startsWith('/auth')) {
-      const blocked = await authLimiter.check(req, server)
-      if (blocked) return blocked
-    }
-    return handler(req, server)
-  }
-})
-```
-### Tiered Rate Limits
-Different limits for different user tiers (free, pro, enterprise).
+**Tiered limits** — Free, Pro, Enterprise:
 ```typescript
 hitlimit({
-  tiers: {
-    free: { limit: 100, window: '1h' },
-    pro: { limit: 5000, window: '1h' },
-    enterprise: { limit: Infinity }
-  },
+  tiers: { free: { limit: 100, window: '1h' }, pro: { limit: 5000, window: '1h' } },
   tier: (req) => req.headers.get('x-tier') || 'free'
 }, handler)
 ```
-### Custom Rate Limit Keys
-Rate limit by IP address, user ID, API key, or any custom identifier.
-```typescript
-hitlimit({
-  key: (req) => req.headers.get('x-api-key') || 'anonymous'
-}, handler)
-```
-### Auto-Ban Repeat Offenders
-Automatically ban clients that repeatedly exceed rate limits.
+**Auto-ban** — Repeat offenders get blocked:
 ```typescript
-hitlimit({
-  limit: 10,
-  window: '1m',
-  ban: {
-    threshold: 5,  // Ban after 5 violations
-    duration: '1h' // Ban lasts 1 hour
-  }
-}, handler)
+hitlimit({ limit: 10, window: '1m', ban: { threshold: 5, duration: '1h' } }, handler)
 ```
-Banned clients receive `X-RateLimit-Ban: true` header and `banned: true` in the response body.
-### Grouped / Shared Limits
-Rate limit by organization, API key, or any shared identifier.
+**Custom keys** — Rate limit by anything:
 ```typescript
-// Per-API-key rate limiting
-hitlimit({
-  limit: 1000,
-  window: '1h',
-  group: (req) => req.headers.get('x-api-key') || 'anonymous'
-}, handler)
+hitlimit({ key: (req) => req.headers.get('x-api-key') || 'anon' }, handler)
 ```
-### Elysia Route-Specific Limits
-Apply different limits to different route groups in Elysia.
+**Route-specific limits** (Elysia):
 ```typescript
 new Elysia()
-  // Global limit
   .use(hitlimit({ limit: 100, window: '1m', name: 'global' }))
-  // Stricter limit for auth
-  .group('/auth', (app) =>
-    app
-      .use(hitlimit({ limit: 5, window: '15m', name: 'auth' }))
-      .post('/login', handler)
-  )
-  // Higher limit for API
-  .group('/api', (app) =>
-    app
-      .use(hitlimit({ limit: 1000, window: '1m', name: 'api' }))
-      .get('/data', handler)
-  )
+  .group('/auth', app => app.use(hitlimit({ limit: 5, window: '15m', name: 'auth' })))
   .listen(3000)
 ```
-## Configuration Options
-```typescript
-hitlimit({
-  // Basic options
-  limit: 100,              // Max requests per window (default: 100)
-  window: '1m',            // Time window: 30s, 15m, 1h, 1d (default: '1m')
-  // Custom key extraction
-  key: (req) => req.headers.get('x-api-key') || 'anonymous',
-  // Tiered rate limits
-  tiers: {
-    free: { limit: 100, window: '1h' },
-    pro: { limit: 5000, window: '1h' },
-    enterprise: { limit: Infinity }
-  },
-  tier: (req) => req.headers.get('x-tier') || 'free',
-  // Custom 429 response
-  response: {
-    message: 'Too many requests',
-    statusCode: 429
-  },
-  // Or function:
-  response: (info) => ({
-    error: 'RATE_LIMITED',
-    retryIn: info.resetIn
-  }),
-  // Headers configuration
-  headers: {
-    standard: true,   // RateLimit-* headers
-    legacy: true,     // X-RateLimit-* headers
-    retryAfter: true  // Retry-After header on 429
-  },
-  // Store (default: memory)
-  store: sqliteStore({ path: './ratelimit.db' }),
-  // Skip rate limiting
-  skip: (req) => req.url.includes('/health'),
-  // Error handling
-  onStoreError: (error, req) => {
-    console.error('Store error:', error)
-    return 'allow' // or 'deny'
-  },
-  // Ban repeat offenders
-  ban: {
-    threshold: 5,    // violations before ban
-    duration: '1h'   // ban duration
-  },
-  // Group/shared limits
-  group: (req) => req.headers.get('x-api-key') || 'default'
-}, handler)
-```
+---
-## Storage Backends
+## 4 Storage Backends
-### Memory Store (Default)
-Fastest option, used by default. No persistence.
+All built in. No extra packages to install.
 ```typescript
 import { hitlimit } from '@joint-ops/hitlimit-bun'
-// Default - uses memory store (no config needed)
-Bun.serve({
-  fetch: hitlimit({}, handler)
-})
-```
+// Memory (default) — fastest, no config
+Bun.serve({ fetch: hitlimit({}, handler) })
-### SQLite Store
-Uses Bun's native bun:sqlite for persistent rate limiting.
-```typescript
-import { hitlimit } from '@joint-ops/hitlimit-bun'
+// bun:sqlite — persists across restarts, native performance
 import { sqliteStore } from '@joint-ops/hitlimit-bun'
+Bun.serve({ fetch: hitlimit({ store: sqliteStore({ path: './ratelimit.db' }) }, handler) })
-Bun.serve({
-  fetch: hitlimit({
-    store: sqliteStore({ path: './ratelimit.db' })
-  }, handler)
-})
-```
-### Redis Store
-For distributed systems and multi-server deployments. Uses atomic Lua scripts — single-roundtrip with EVALSHA caching.
-```typescript
-import { hitlimit } from '@joint-ops/hitlimit-bun'
+// Redis — distributed, atomic Lua scripts
 import { redisStore } from '@joint-ops/hitlimit-bun/stores/redis'
+Bun.serve({ fetch: hitlimit({ store: redisStore({ url: 'redis://localhost:6379' }) }, handler) })
-Bun.serve({
-  fetch: hitlimit({
-    store: redisStore({ url: 'redis://localhost:6379' })
-  }, handler)
-})
+// Postgres — distributed, atomic upserts
+import { postgresStore } from '@joint-ops/hitlimit-bun/stores/postgres'
+Bun.serve({ fetch: hitlimit({ store: postgresStore({ url: 'postgres://localhost:5432/mydb' }) }, handler) })
 ```
-## Response Headers
+| Store | Ops/sec | Latency | When to use |
+|-------|---------|---------|-------------|
+| Memory | 8,320,000 | 120ns | Single server, maximum speed |
+| bun:sqlite | 325,000 | 3.1μs | Single server, need persistence |
+| Redis | 6,700 | 148μs | Multi-server / distributed |
+| Postgres | 3,700 | 273μs | Multi-server / already using Postgres |
-Every response includes rate limit information:
-```
-RateLimit-Limit: 100
-RateLimit-Remaining: 99
-RateLimit-Reset: 1234567890
-X-RateLimit-Limit: 100
-X-RateLimit-Remaining: 99
-X-RateLimit-Reset: 1234567890
-```
-When rate limited (429 Too Many Requests):
-```
-Retry-After: 42
-```
-## Default 429 Response
-```json
-{
-  "hitlimit": true,
-  "message": "Whoa there! Rate limit exceeded.",
-  "limit": 100,
-  "remaining": 0,
-  "resetIn": 42
-}
-```
+---
 ## Performance
-hitlimit-bun is optimized for Bun's runtime with native performance:
+### Bun vs Node.js — Memory Store, 10K unique IPs
-### Store Benchmarks
-| Store | Operations/sec | vs Node.js |
-|-------|----------------|------------|
-| **Memory** | 5,620,000+ | +68% faster |
-| **bun:sqlite** | 383,000+ | ~same |
-| **Redis** | 6,800+ | ~same |
-### HTTP Throughput
-| Framework | With hitlimit-bun | Overhead |
-|-----------|-------------------|----------|
-| **Bun.serve** | 105,000 req/s | 12% |
-| **Elysia** | 115,000 req/s | 11% |
-> **Note:** These are our benchmarks and we've done our best to keep them fair and reproducible. Results vary by hardware and environment — clone the repo and run them yourself. They're not set in stone — if you find issues or have suggestions for improvement, please open an issue or PR.
-### Why bun:sqlite is So Fast
-```
-Node.js (better-sqlite3)          Bun (bun:sqlite)
-─────────────────────────         ─────────────────
-JavaScript                        JavaScript
-    ↓                                 ↓
-  N-API                           Direct Call
-    ↓                                 ↓
-  C++ Binding                     Native SQLite
-    ↓                             (No overhead!)
-  SQLite
-```
+| Runtime | Ops/sec | |
+|---------|---------|---|
+| **Bun** | **8,320,000** | ████████████████████ |
+| Node.js | 3,160,000 | ████████ |
-better-sqlite3 uses N-API bindings with C++ overhead.
-bun:sqlite calls SQLite directly from Bun's native layer.
+Bun leads at 10K IPs (8.32M vs 3.16M) and single-IP (12.38M vs 4.83M). Same library, same algorithm, **memory store**. For Redis, Postgres, and cross-store breakdowns, see the [full benchmark results](https://github.com/JointOps/hitlimit-monorepo/tree/main/benchmarks). Controlled-environment microbenchmarks with transparent methodology. Run them yourself.
-<details>
-<summary>Run benchmarks yourself</summary>
+### Why bun:sqlite is faster than better-sqlite3
-```bash
-git clone https://github.com/JointOps/hitlimit-monorepo
-cd hitlimit-monorepo
-bun install
-bun run benchmark:bun
 ```
-</details>
-## Elysia Plugin Options
-```typescript
-import { Elysia } from 'elysia'
-import { hitlimit } from '@joint-ops/hitlimit-bun/elysia'
-new Elysia()
-  .use(hitlimit({
-    limit: 100,
-    window: '1m',
-    key: ({ request }) => request.headers.get('x-api-key') || 'anonymous',
-    tiers: {
-      free: { limit: 100, window: '1h' },
-      pro: { limit: 5000, window: '1h' }
-    },
-    tier: ({ request }) => request.headers.get('x-tier') || 'free'
-  }))
-  .get('/', () => 'Hello!')
-  .listen(3000)
+Node.js: JS → N-API → C++ binding → SQLite
+Bun:     JS → Native call → SQLite (no overhead)
 ```
-## Related Packages
-- [@joint-ops/hitlimit](https://www.npmjs.com/package/@joint-ops/hitlimit) - Node.js rate limiting for Express, Fastify, Hono, NestJS
+No N-API. No C++ bindings. No FFI. Bun calls SQLite directly.
-## Why Not Use Node.js Rate Limiters in Bun?
+---
-Node.js rate limiters like express-rate-limit use better-sqlite3 which relies on N-API bindings. In Bun, this adds overhead and loses the performance benefits of Bun's native runtime.
+## Related
-**hitlimit-bun** is built specifically for Bun:
-- Uses native `bun:sqlite` (no N-API overhead)
-- Atomic Redis Lua scripts for distributed deployments
-- No FFI overhead or Node.js polyfills
-- First-class Bun.serve, Elysia, and Hono support
+- **[@joint-ops/hitlimit](https://www.npmjs.com/package/@joint-ops/hitlimit)** — Node.js variant for Express, Fastify, Hono, NestJS
 ## License
-MIT - Use freely in personal and commercial projects.
+MIT

package/dist/stores/postgres.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { HitLimitStore } from '@joint-ops/hitlimit-types';
+export interface PostgresStoreOptions {
+    pool: any;
+    tablePrefix?: string;
+    cleanupInterval?: number;
+    skipTableCreation?: boolean;
+}
+export declare function postgresStore(options: PostgresStoreOptions): HitLimitStore;
+//# sourceMappingURL=postgres.d.ts.map

package/dist/stores/postgres.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"postgres.d.ts","sourceRoot":"","sources":["../../src/stores/postgres.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAiC,MAAM,2BAA2B,CAAA;AAE7F,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,GAAG,CAAA;IACT,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,iBAAiB,CAAC,EAAE,OAAO,CAAA;CAC5B;AAqPD,wBAAgB,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,aAAa,CAE1E"}

package/dist/stores/postgres.js ADDED Viewed

@@ -0,0 +1,220 @@
+// @bun
+// src/stores/postgres.ts
+class PostgresStore {
+  pool;
+  cleanupTimer = null;
+  tablesReady = null;
+  ready;
+  hitQ;
+  banCheckQ;
+  hitUpsertQ;
+  violationQ;
+  banSetQ;
+  isBannedQ;
+  banQ;
+  recordViolationQ;
+  resetHitsQ;
+  resetBansQ;
+  resetViolationsQ;
+  cleanupHitsQ;
+  cleanupBansQ;
+  cleanupViolationsQ;
+  constructor(options) {
+    this.pool = options.pool;
+    const t = options.tablePrefix ?? "hitlimit";
+    const skipTableCreation = options.skipTableCreation ?? false;
+    if (skipTableCreation) {
+      this.ready = true;
+    } else {
+      this.ready = false;
+      this.tablesReady = this.createTables(t).then(() => {
+        this.ready = true;
+      });
+    }
+    this.hitQ = {
+      name: `hl_hit_${t}`,
+      text: `INSERT INTO ${t}_hits (key, count, reset_at) VALUES ($1, 1, $2) ON CONFLICT (key) DO UPDATE SET count = CASE WHEN ${t}_hits.reset_at <= $3 THEN 1 ELSE ${t}_hits.count + 1 END, reset_at = CASE WHEN ${t}_hits.reset_at <= $3 THEN $2 ELSE ${t}_hits.reset_at END RETURNING count, reset_at`
+    };
+    this.banCheckQ = {
+      name: `hl_banchk_${t}`,
+      text: `SELECT expires_at FROM ${t}_bans WHERE key = $1 AND expires_at > $2`
+    };
+    this.hitUpsertQ = this.hitQ;
+    this.violationQ = {
+      name: `hl_viol_${t}`,
+      text: `INSERT INTO ${t}_violations (key, count, reset_at) VALUES ($1, 1, $2) ON CONFLICT (key) DO UPDATE SET count = CASE WHEN ${t}_violations.reset_at <= $3 THEN 1 ELSE ${t}_violations.count + 1 END, reset_at = CASE WHEN ${t}_violations.reset_at <= $3 THEN $2 ELSE ${t}_violations.reset_at END RETURNING count`
+    };
+    this.banSetQ = {
+      name: `hl_banset_${t}`,
+      text: `INSERT INTO ${t}_bans (key, expires_at) VALUES ($1, $2) ON CONFLICT (key) DO UPDATE SET expires_at = $2`
+    };
+    this.isBannedQ = {
+      name: `hl_isbanned_${t}`,
+      text: `SELECT 1 FROM ${t}_bans WHERE key = $1 AND expires_at > $2`
+    };
+    this.banQ = this.banSetQ;
+    this.recordViolationQ = this.violationQ;
+    this.resetHitsQ = `DELETE FROM ${t}_hits WHERE key = $1`;
+    this.resetBansQ = `DELETE FROM ${t}_bans WHERE key = $1`;
+    this.resetViolationsQ = `DELETE FROM ${t}_violations WHERE key = $1`;
+    this.cleanupHitsQ = `DELETE FROM ${t}_hits WHERE reset_at <= $1`;
+    this.cleanupBansQ = `DELETE FROM ${t}_bans WHERE expires_at <= $1`;
+    this.cleanupViolationsQ = `DELETE FROM ${t}_violations WHERE reset_at <= $1`;
+    const interval = options.cleanupInterval ?? 60000;
+    this.cleanupTimer = setInterval(() => this.cleanup(), interval);
+    if (typeof this.cleanupTimer.unref === "function") {
+      this.cleanupTimer.unref();
+    }
+  }
+  async createTables(t) {
+    await this.pool.query(`
+      CREATE TABLE IF NOT EXISTS ${t}_hits (
+        key TEXT PRIMARY KEY,
+        count INTEGER NOT NULL DEFAULT 1,
+        reset_at BIGINT NOT NULL
+      )
+    `);
+    await this.pool.query(`
+      CREATE TABLE IF NOT EXISTS ${t}_bans (
+        key TEXT PRIMARY KEY,
+        expires_at BIGINT NOT NULL
+      )
+    `);
+    await this.pool.query(`
+      CREATE TABLE IF NOT EXISTS ${t}_violations (
+        key TEXT PRIMARY KEY,
+        count INTEGER NOT NULL DEFAULT 1,
+        reset_at BIGINT NOT NULL
+      )
+    `);
+  }
+  async hit(key, windowMs, _limit) {
+    if (!this.ready)
+      await this.tablesReady;
+    const now = Date.now();
+    const result = await this.pool.query({
+      name: this.hitQ.name,
+      text: this.hitQ.text,
+      values: [key, now + windowMs, now]
+    });
+    return {
+      count: result.rows[0].count,
+      resetAt: Number(result.rows[0].reset_at)
+    };
+  }
+  async hitWithBan(key, windowMs, limit, banThreshold, banDurationMs) {
+    if (!this.ready)
+      await this.tablesReady;
+    const now = Date.now();
+    const resetAt = now + windowMs;
+    const banExpiresAt = now + banDurationMs;
+    const banResult = await this.pool.query({
+      name: this.banCheckQ.name,
+      text: this.banCheckQ.text,
+      values: [key, now]
+    });
+    if (banResult.rowCount > 0) {
+      return {
+        count: 0,
+        resetAt,
+        banned: true,
+        violations: 0,
+        banExpiresAt: Number(banResult.rows[0].expires_at)
+      };
+    }
+    const hitResult = await this.pool.query({
+      name: this.hitUpsertQ.name,
+      text: this.hitUpsertQ.text,
+      values: [key, resetAt, now]
+    });
+    const hitCount = hitResult.rows[0].count;
+    const hitResetAt = Number(hitResult.rows[0].reset_at);
+    if (hitCount > limit) {
+      const violationResult = await this.pool.query({
+        name: this.violationQ.name,
+        text: this.violationQ.text,
+        values: [key, banExpiresAt, now]
+      });
+      const violations = violationResult.rows[0].count;
+      const shouldBan = violations >= banThreshold;
+      if (shouldBan) {
+        await this.pool.query({
+          name: this.banSetQ.name,
+          text: this.banSetQ.text,
+          values: [key, banExpiresAt]
+        });
+      }
+      return {
+        count: hitCount,
+        resetAt: hitResetAt,
+        banned: shouldBan,
+        violations,
+        banExpiresAt: shouldBan ? banExpiresAt : 0
+      };
+    }
+    return {
+      count: hitCount,
+      resetAt: hitResetAt,
+      banned: false,
+      violations: 0,
+      banExpiresAt: 0
+    };
+  }
+  async isBanned(key) {
+    if (!this.ready)
+      await this.tablesReady;
+    const result = await this.pool.query({
+      name: this.isBannedQ.name,
+      text: this.isBannedQ.text,
+      values: [key, Date.now()]
+    });
+    return result.rowCount > 0;
+  }
+  async ban(key, durationMs) {
+    if (!this.ready)
+      await this.tablesReady;
+    await this.pool.query({
+      name: this.banQ.name,
+      text: this.banQ.text,
+      values: [key, Date.now() + durationMs]
+    });
+  }
+  async recordViolation(key, windowMs) {
+    if (!this.ready)
+      await this.tablesReady;
+    const now = Date.now();
+    const result = await this.pool.query({
+      name: this.recordViolationQ.name,
+      text: this.recordViolationQ.text,
+      values: [key, now + windowMs, now]
+    });
+    return result.rows[0].count;
+  }
+  async reset(key) {
+    if (!this.ready)
+      await this.tablesReady;
+    await this.pool.query(this.resetHitsQ, [key]);
+    await this.pool.query(this.resetBansQ, [key]);
+    await this.pool.query(this.resetViolationsQ, [key]);
+  }
+  async cleanup() {
+    try {
+      const now = Date.now();
+      await this.pool.query(this.cleanupHitsQ, [now]);
+      await this.pool.query(this.cleanupBansQ, [now]);
+      await this.pool.query(this.cleanupViolationsQ, [now]);
+    } catch {}
+  }
+  shutdown() {
+    if (this.cleanupTimer) {
+      clearInterval(this.cleanupTimer);
+      this.cleanupTimer = null;
+    }
+  }
+}
+function postgresStore(options) {
+  return new PostgresStore(options);
+}
+export {
+  postgresStore
+};

package/dist/stores/redis.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../src/stores/redis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAiC,MAAM,2BAA2B,CAAA;AAG7F,MAAM,WAAW,iBAAiB;IAChC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;~~AA6KD~~,wBAAgB,UAAU,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,aAAa,CAErE"}
1	+ {"version":3,"file":"redis.d.ts","sourceRoot":"","sources":["../../src/stores/redis.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAiC,MAAM,2BAA2B,CAAA;AAG7F,MAAM,WAAW,iBAAiB;IAChC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAmJD,wBAAgB,UAAU,CAAC,OAAO,CAAC,EAAE,iBAAiB,GAAG,aAAa,CAErE"}

package/dist/stores/redis.js CHANGED Viewed

@@ -57,51 +57,32 @@ class RedisStore {
   prefix;
   banPrefix;
   violationPrefix;
-  hitSHA = null;
-  hitWithBanSHA = null;
   constructor(options = {}) {
     this.redis = new Redis(options.url ?? "redis://localhost:6379");
     this.prefix = options.keyPrefix ?? "hitlimit:";
     this.banPrefix = (options.keyPrefix ?? "hitlimit:") + "ban:";
     this.violationPrefix = (options.keyPrefix ?? "hitlimit:") + "violations:";
-  }
-  async loadScripts() {
-    if (!this.hitSHA) {
-      this.hitSHA = await this.redis.script("LOAD", HIT_SCRIPT);
-    }
-    if (!this.hitWithBanSHA) {
-      this.hitWithBanSHA = await this.redis.script("LOAD", HIT_WITH_BAN_SCRIPT);
-    }
-  }
-  async evalScript(sha, script, keys, args) {
-    try {
-      return await this.redis.evalsha(sha, keys.length, ...keys, ...args);
-    } catch (err) {
-      if (err.message && err.message.includes("NOSCRIPT")) {
-        const newSHA = await this.redis.script("LOAD", script);
-        if (script === HIT_SCRIPT)
-          this.hitSHA = newSHA;
-        else if (script === HIT_WITH_BAN_SCRIPT)
-          this.hitWithBanSHA = newSHA;
-        return await this.redis.evalsha(newSHA, keys.length, ...keys, ...args);
-      }
-      throw err;
-    }
+    this.redis.defineCommand("hitlimitHit", {
+      numberOfKeys: 1,
+      lua: HIT_SCRIPT
+    });
+    this.redis.defineCommand("hitlimitHitWithBan", {
+      numberOfKeys: 3,
+      lua: HIT_WITH_BAN_SCRIPT
+    });
   }
   async hit(key, windowMs, _limit) {
-    await this.loadScripts();
     const redisKey = this.prefix + key;
-    const result = await this.evalScript(this.hitSHA, HIT_SCRIPT, [redisKey], [windowMs]);
+    const result = await this.redis.hitlimitHit(redisKey, windowMs);
     const count = result[0];
     const ttl = result[1];
     return { count, resetAt: Date.now() + ttl };
   }
   async hitWithBan(key, windowMs, limit, banThreshold, banDurationMs) {
-    await this.loadScripts();
     const hitKey = this.prefix + key;
     const banKey = this.banPrefix + key;
     const violationKey = this.violationPrefix + key;
-    const result = await this.evalScript(this.hitWithBanSHA, HIT_WITH_BAN_SCRIPT, [hitKey, banKey, violationKey], [windowMs, limit, banThreshold, banDurationMs]);
+    const result = await this.redis.hitlimitHitWithBan(hitKey, banKey, violationKey, windowMs, limit, banThreshold, banDurationMs);
     const count = result[0];
     const ttl = result[1];
     const banned = result[2] === 1;

package/package.json CHANGED Viewed

@@ -1,12 +1,30 @@
 {
   "name": "@joint-ops/hitlimit-bun",
-  "version": "1.1.3",
+  "version": "1.2.0",
   "description": "Ultra-fast Bun-native rate limiting - Memory-first with 6M+ ops/sec for Bun.serve, Elysia & Hono",
   "author": {
     "name": "Shayan M Hussain",
     "email": "shayanhussain48@gmail.com",
     "url": "https://github.com/ShayanHussainSB"
   },
+  "contributors": [
+    {
+      "name": "tanv33",
+      "url": "https://github.com/tanv33"
+    },
+    {
+      "name": "builtbyali",
+      "url": "https://github.com/builtbyali"
+    },
+    {
+      "name": "MuhammadRehanRasool",
+      "url": "https://github.com/MuhammadRehanRasool"
+    },
+    {
+      "name": "sultandilaram",
+      "url": "https://github.com/sultandilaram"
+    }
+  ],
   "license": "MIT",
   "homepage": "https://hitlimit.jointops.dev/docs/bun",
   "repository": {
@@ -104,6 +122,11 @@
       "types": "./dist/stores/sqlite.d.ts",
       "bun": "./dist/stores/sqlite.js",
       "import": "./dist/stores/sqlite.js"
+    },
+    "./stores/postgres": {
+      "types": "./dist/stores/postgres.d.ts",
+      "bun": "./dist/stores/postgres.js",
+      "import": "./dist/stores/postgres.js"
     }
   },
   "files": [
@@ -111,18 +134,19 @@
   ],
   "sideEffects": false,
   "scripts": {
-    "build": "bun build ./src/index.ts ./src/elysia.ts ./src/hono.ts ./src/stores/memory.ts ./src/stores/redis.ts ./src/stores/sqlite.ts --outdir=./dist --target=bun --external=elysia --external=hono --external=ioredis --external=@sinclair/typebox && tsc --emitDeclarationOnly",
+    "build": "bun build ./src/index.ts ./src/elysia.ts ./src/hono.ts ./src/stores/memory.ts ./src/stores/redis.ts ./src/stores/sqlite.ts ./src/stores/postgres.ts --outdir=./dist --target=bun --external=elysia --external=hono --external=ioredis --external=pg --external=@sinclair/typebox && tsc --emitDeclarationOnly",
     "clean": "rm -rf dist",
     "test": "bun test",
     "test:watch": "bun test --watch"
   },
   "dependencies": {
-    "@joint-ops/hitlimit-types": "1.1.3"
+    "@joint-ops/hitlimit-types": "1.2.0"
   },
   "peerDependencies": {
     "elysia": ">=1.0.0",
     "hono": ">=4.0.0",
-    "ioredis": ">=5.0.0"
+    "ioredis": ">=5.0.0",
+    "pg": ">=8.0.0"
   },
   "peerDependenciesMeta": {
     "elysia": {
@@ -133,14 +157,19 @@
     },
     "ioredis": {
       "optional": true
+    },
+    "pg": {
+      "optional": true
     }
   },
   "devDependencies": {
     "@sinclair/typebox": "^0.34.48",
     "@types/bun": "latest",
+    "@types/pg": "^8.11.0",
     "elysia": "^1.0.0",
     "hono": "^4.11.9",
     "ioredis": "^5.3.0",
+    "pg": "^8.13.0",
     "typescript": "^5.3.0"
   }
 }