@joint-ops/hitlimit 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 JointOps
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,396 @@
+# @joint-ops/hitlimit
+
+[![npm version](https://img.shields.io/npm/v/@joint-ops/hitlimit.svg)](https://www.npmjs.com/package/@joint-ops/hitlimit)
+[![npm downloads](https://img.shields.io/npm/dm/@joint-ops/hitlimit.svg)](https://www.npmjs.com/package/@joint-ops/hitlimit)
+[![GitHub](https://img.shields.io/github/license/JointOps/hitlimit-monorepo)](https://github.com/JointOps/hitlimit-monorepo)
+[![TypeScript](https://img.shields.io/badge/TypeScript-Ready-blue.svg)](https://www.typescriptlang.org/)
+[![Bundle Size](https://img.shields.io/bundlephobia/minzip/@joint-ops/hitlimit)](https://bundlephobia.com/package/@joint-ops/hitlimit)
+
+> The fastest rate limiter for Node.js - Express, NestJS, and native HTTP | express-rate-limit alternative
+
+**hitlimit** is a high-performance rate limiting middleware for Node.js applications. Protect your APIs from abuse, prevent brute force attacks, and throttle requests with sub-millisecond overhead. A faster, lighter alternative to express-rate-limit and rate-limiter-flexible.
+
+**[Documentation](https://hitlimit.dev)** | **[GitHub](https://github.com/JointOps/hitlimit-monorepo)** | **[npm](https://www.npmjs.com/package/@joint-ops/hitlimit)**
+
+## Why hitlimit?
+
+- **Blazing Fast** - 400,000+ ops/sec with memory store, ~7% HTTP overhead
+- **Zero Config** - Works out of the box with sensible defaults
+- **Tiny Footprint** - Only ~5KB minified, no bloat
+- **Framework Agnostic** - Express, NestJS, Fastify, native HTTP
+- **Multiple Stores** - Memory, Redis, SQLite for distributed systems
+- **TypeScript First** - Full type safety and IntelliSense support
+- **Flexible Keys** - Rate limit by IP, user ID, API key, or custom logic
+- **Tiered Limits** - Different limits for free/pro/enterprise users
+- **Standard Headers** - RFC-compliant RateLimit-* and X-RateLimit-* headers
+
+## Performance
+
+hitlimit is designed for speed. Here's how it performs:
+
+### Store Benchmarks
+
+| Store | Operations/sec | Avg Latency | Use Case |
+|-------|----------------|-------------|----------|
+| **Memory** | 400,000+ | 0.002ms | Single instance, no persistence |
+| **SQLite** | 35,000+ | 0.025ms | Single instance, persistence needed |
+| **Redis** | 12,000+ | 0.08ms | Multi-instance, distributed |
+
+### vs Competitors
+
+| Library | Memory (ops/s) | Bundle Size |
+|---------|----------------|-------------|
+| **hitlimit** | **400,000** | **~5KB** |
+| rate-limiter-flexible | 250,000 | ~45KB |
+| express-rate-limit | 180,000 | ~15KB |
+
+### HTTP Overhead
+
+| Framework | Without Limiter | With hitlimit | Overhead |
+|-----------|-----------------|---------------|----------|
+| Express | 45,000 req/s | 42,000 req/s | **7%** |
+| Fastify | 65,000 req/s | 61,000 req/s | **6%** |
+
+<details>
+<summary>Run benchmarks yourself</summary>
+
+```bash
+git clone https://github.com/JointOps/hitlimit-monorepo
+cd hitlimit-monorepo
+pnpm install
+pnpm build
+pnpm benchmark
+```
+
+</details>
+
+## Installation
+
+```bash
+npm install @joint-ops/hitlimit
+# or
+pnpm add @joint-ops/hitlimit
+# or
+yarn add @joint-ops/hitlimit
+```
+
+## Quick Start
+
+### Express Rate Limiting
+
+```javascript
+import express from 'express'
+import { hitlimit } from '@joint-ops/hitlimit'
+
+const app = express()
+
+// Default: 100 requests per minute per IP
+app.use(hitlimit())
+
+// Or with custom options
+app.use(hitlimit({
+  limit: 100,     // max requests
+  window: '15m'   // per 15 minutes
+}))
+
+app.get('/api', (req, res) => res.json({ status: 'ok' }))
+app.listen(3000)
+```
+
+### NestJS Rate Limiting
+
+```typescript
+import { Module } from '@nestjs/common'
+import { APP_GUARD } from '@nestjs/core'
+import { HitLimitModule, HitLimitGuard } from '@joint-ops/hitlimit/nest'
+
+@Module({
+  imports: [
+    HitLimitModule.register({
+      limit: 100,
+      window: '1m'
+    })
+  ],
+  providers: [
+    {
+      provide: APP_GUARD,
+      useClass: HitLimitGuard
+    }
+  ]
+})
+export class AppModule {}
+```
+
+### Node.js HTTP Rate Limiting
+
+```javascript
+import http from 'node:http'
+import { createHitLimit } from '@joint-ops/hitlimit/node'
+
+const limiter = createHitLimit({ limit: 100, window: '1m' })
+
+const server = http.createServer(async (req, res) => {
+  const result = await limiter(req, res)
+  if (!result.allowed) return // Already sent 429
+
+  res.writeHead(200)
+  res.end('Hello!')
+})
+
+server.listen(3000)
+```
+
+## Features
+
+### API Rate Limiting
+
+Protect your REST APIs from abuse and ensure fair usage across all clients.
+
+```javascript
+// Limit API endpoints
+app.use('/api', hitlimit({ limit: 1000, window: '1h' }))
+```
+
+### Login & Authentication Protection
+
+Prevent brute force attacks on login endpoints with strict rate limits.
+
+```javascript
+// Strict limits for auth routes
+app.use('/auth/login', hitlimit({ limit: 5, window: '15m' }))
+app.use('/auth/register', hitlimit({ limit: 3, window: '1h' }))
+```
+
+### Tiered Rate Limits
+
+Different limits for different user tiers (free, pro, enterprise).
+
+```javascript
+hitlimit({
+  tiers: {
+    free: { limit: 100, window: '1h' },
+    pro: { limit: 5000, window: '1h' },
+    enterprise: { limit: Infinity }
+  },
+  tier: (req) => req.user?.plan || 'free'
+})
+```
+
+### Custom Rate Limit Keys
+
+Rate limit by IP address, user ID, API key, or any custom identifier.
+
+```javascript
+hitlimit({
+  key: (req) => {
+    // By API key
+    if (req.headers['x-api-key']) return req.headers['x-api-key']
+    // By user ID
+    if (req.user?.id) return `user:${req.user.id}`
+    // Fallback to IP
+    return req.ip
+  }
+})
+```
+
+### Skip Certain Requests
+
+Whitelist health checks, internal routes, or admin users.
+
+```javascript
+hitlimit({
+  skip: (req) => {
+    if (req.path === '/health') return true
+    if (req.user?.role === 'admin') return true
+    return false
+  }
+})
+```
+
+## Configuration Options
+
+```javascript
+hitlimit({
+  // Basic options
+  limit: 100,              // Max requests per window (default: 100)
+  window: '1m',            // Time window: 30s, 15m, 1h, 1d (default: '1m')
+
+  // Custom key extraction
+  key: (req) => req.ip,
+
+  // Tiered rate limits
+  tiers: {
+    free: { limit: 100, window: '1h' },
+    pro: { limit: 5000, window: '1h' },
+    enterprise: { limit: Infinity }
+  },
+  tier: (req) => req.user?.plan || 'free',
+
+  // Custom 429 response
+  response: {
+    message: 'Too many requests',
+    statusCode: 429
+  },
+
+  // Headers configuration
+  headers: {
+    standard: true,   // RateLimit-* headers
+    legacy: true,     // X-RateLimit-* headers
+    retryAfter: true  // Retry-After header on 429
+  },
+
+  // Store backend
+  store: memoryStore(),
+
+  // Skip rate limiting
+  skip: (req) => req.path === '/health',
+
+  // Error handling
+  onStoreError: (error, req) => 'allow' // or 'deny'
+})
+```
+
+## Storage Backends
+
+### Memory Store (Default)
+
+Best for single-server deployments. Fast and zero-config.
+
+```javascript
+import { hitlimit } from '@joint-ops/hitlimit'
+
+app.use(hitlimit()) // Uses memory store by default
+```
+
+### Redis Store
+
+Best for distributed systems and multi-server deployments.
+
+```javascript
+import { hitlimit } from '@joint-ops/hitlimit'
+import { redisStore } from '@joint-ops/hitlimit/stores/redis'
+
+app.use(hitlimit({
+  store: redisStore({ url: 'redis://localhost:6379' })
+}))
+```
+
+### SQLite Store
+
+Best for persistent rate limiting with local storage.
+
+```javascript
+import { hitlimit } from '@joint-ops/hitlimit'
+import { sqliteStore } from '@joint-ops/hitlimit/stores/sqlite'
+
+app.use(hitlimit({
+  store: sqliteStore({ path: './ratelimit.db' })
+}))
+```
+
+## Response Headers
+
+Every response includes rate limit information:
+
+```
+RateLimit-Limit: 100
+RateLimit-Remaining: 99
+RateLimit-Reset: 1234567890
+X-RateLimit-Limit: 100
+X-RateLimit-Remaining: 99
+X-RateLimit-Reset: 1234567890
+```
+
+When rate limited (429 Too Many Requests):
+
+```
+Retry-After: 42
+```
+
+## Default 429 Response
+
+```json
+{
+  "hitlimit": true,
+  "message": "Whoa there! Rate limit exceeded.",
+  "limit": 100,
+  "remaining": 0,
+  "resetIn": 42
+}
+```
+
+## NestJS Decorators
+
+Apply different limits to specific routes:
+
+```typescript
+import { Controller, Get, UseGuards } from '@nestjs/common'
+import { HitLimitGuard, HitLimit } from '@joint-ops/hitlimit/nest'
+
+@Controller()
+@UseGuards(HitLimitGuard)
+export class AppController {
+  @Get()
+  @HitLimit({ limit: 10, window: '1m' })
+  strictEndpoint() {
+    return 'Limited to 10/min'
+  }
+
+  @Get('relaxed')
+  @HitLimit({ limit: 1000, window: '1m' })
+  relaxedEndpoint() {
+    return 'Limited to 1000/min'
+  }
+}
+```
+
+## Related Packages
+
+- [@joint-ops/hitlimit-bun](https://www.npmjs.com/package/@joint-ops/hitlimit-bun) - Bun-native rate limiting with bun:sqlite
+
+## Migrating from Other Libraries
+
+### From express-rate-limit
+
+```javascript
+// Before (express-rate-limit)
+import rateLimit from 'express-rate-limit'
+app.use(rateLimit({ windowMs: 60000, max: 100 }))
+
+// After (hitlimit) - 2x faster, smaller bundle
+import { hitlimit } from '@joint-ops/hitlimit'
+app.use(hitlimit({ window: '1m', limit: 100 }))
+```
+
+### From rate-limiter-flexible
+
+```javascript
+// Before (rate-limiter-flexible)
+import { RateLimiterMemory } from 'rate-limiter-flexible'
+const limiter = new RateLimiterMemory({ points: 100, duration: 60 })
+
+// After (hitlimit) - simpler API, better DX
+import { hitlimit } from '@joint-ops/hitlimit'
+app.use(hitlimit({ limit: 100, window: '1m' }))
+```
+
+### From @nestjs/throttler
+
+```typescript
+// Before (@nestjs/throttler)
+@UseGuards(ThrottlerGuard)
+@Throttle({ default: { limit: 100, ttl: 60000 } })
+
+// After (hitlimit) - more flexible, better performance
+import { HitLimitGuard, HitLimit } from '@joint-ops/hitlimit/nest'
+@UseGuards(HitLimitGuard)
+@HitLimit({ limit: 100, window: '1m' })
+```
+
+## License
+
+MIT - Use freely in personal and commercial projects.
+
+## Keywords
+
+rate limit, rate limiter, rate limiting, express rate limit, express middleware, express-rate-limit, express-rate-limit alternative, nestjs rate limit, nestjs throttler, @nestjs/throttler alternative, nestjs guard, nodejs rate limit, node rate limiter, api rate limiting, throttle requests, request throttling, api throttling, ddos protection, brute force protection, redis rate limit, memory rate limit, sqlite rate limit, sliding window, fixed window, token bucket, leaky bucket, rate-limiter-flexible alternative, api security, request limiter, http rate limit, express slow down, api protection, login protection, authentication rate limit

package/dist/core/config.d.ts

@@ -0,0 +1,3 @@
+import type { HitLimitOptions, HitLimitStore, KeyGenerator, ResolvedConfig } from '@joint-ops/hitlimit-types';
+export declare function resolveConfig<TRequest>(options: HitLimitOptions<TRequest>, defaultStore: HitLimitStore, defaultKey: KeyGenerator<TRequest>): ResolvedConfig<TRequest>;
+//# sourceMappingURL=config.d.ts.map

package/dist/core/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,eAAe,EACf,aAAa,EACb,YAAY,EACZ,cAAc,EACf,MAAM,2BAA2B,CAAA;AAGlC,wBAAgB,aAAa,CAAC,QAAQ,EACpC,OAAO,EAAE,eAAe,CAAC,QAAQ,CAAC,EAClC,YAAY,EAAE,aAAa,EAC3B,UAAU,EAAE,YAAY,CAAC,QAAQ,CAAC,GACjC,cAAc,CAAC,QAAQ,CAAC,CAiB1B"}

package/dist/core/config.js

@@ -0,0 +1,20 @@
+import { parseWindow } from './utils.js';
+export function resolveConfig(options, defaultStore, defaultKey) {
+    return {
+        limit: options.limit ?? 100,
+        windowMs: parseWindow(options.window ?? '1m'),
+        key: options.key ?? defaultKey,
+        tiers: options.tiers,
+        tier: options.tier,
+        response: options.response ?? { hitlimit: true, message: 'Whoa there! Rate limit exceeded.' },
+        headers: {
+            standard: options.headers?.standard ?? true,
+            legacy: options.headers?.legacy ?? true,
+            retryAfter: options.headers?.retryAfter ?? true
+        },
+        store: options.store ?? defaultStore,
+        onStoreError: options.onStoreError ?? (() => 'allow'),
+        skip: options.skip
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/core/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAExC,MAAM,UAAU,aAAa,CAC3B,OAAkC,EAClC,YAA2B,EAC3B,UAAkC;IAElC,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,GAAG;QAC3B,QAAQ,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC;QAC7C,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,UAAU;QAC9B,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,kCAAkC,EAAE;QAC7F,OAAO,EAAE;YACP,QAAQ,EAAE,OAAO,CAAC,OAAO,EAAE,QAAQ,IAAI,IAAI;YAC3C,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM,IAAI,IAAI;YACvC,UAAU,EAAE,OAAO,CAAC,OAAO,EAAE,UAAU,IAAI,IAAI;SAChD;QACD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,YAAY;QACpC,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC;QACrD,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAA;AACH,CAAC"}

package/dist/core/headers.d.ts

@@ -0,0 +1,3 @@
+import type { HitLimitInfo, HeadersConfig } from '@joint-ops/hitlimit-types';
+export declare function buildHeaders(info: HitLimitInfo, config: Required<HeadersConfig>, allowed: boolean): Record<string, string>;
+//# sourceMappingURL=headers.d.ts.map

package/dist/core/headers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../src/core/headers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAA;AAE5E,wBAAgB,YAAY,CAC1B,IAAI,EAAE,YAAY,EAClB,MAAM,EAAE,QAAQ,CAAC,aAAa,CAAC,EAC/B,OAAO,EAAE,OAAO,GACf,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAoBxB"}

package/dist/core/headers.js

@@ -0,0 +1,18 @@
+export function buildHeaders(info, config, allowed) {
+    const headers = {};
+    if (config.standard) {
+        headers['RateLimit-Limit'] = String(info.limit);
+        headers['RateLimit-Remaining'] = String(info.remaining);
+        headers['RateLimit-Reset'] = String(Math.ceil(info.resetAt / 1000));
+    }
+    if (config.legacy) {
+        headers['X-RateLimit-Limit'] = String(info.limit);
+        headers['X-RateLimit-Remaining'] = String(info.remaining);
+        headers['X-RateLimit-Reset'] = String(Math.ceil(info.resetAt / 1000));
+    }
+    if (!allowed && config.retryAfter) {
+        headers['Retry-After'] = String(info.resetIn);
+    }
+    return headers;
+}
+//# sourceMappingURL=headers.js.map

package/dist/core/headers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"headers.js","sourceRoot":"","sources":["../../src/core/headers.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,YAAY,CAC1B,IAAkB,EAClB,MAA+B,EAC/B,OAAgB;IAEhB,MAAM,OAAO,GAA2B,EAAE,CAAA;IAE1C,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,CAAC,iBAAiB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAC/C,OAAO,CAAC,qBAAqB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACvD,OAAO,CAAC,iBAAiB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAA;IACrE,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO,CAAC,mBAAmB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACjD,OAAO,CAAC,uBAAuB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACzD,OAAO,CAAC,mBAAmB,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAA;IACvE,CAAC;IAED,IAAI,CAAC,OAAO,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAClC,OAAO,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC/C,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC"}

package/dist/core/limiter.d.ts

@@ -0,0 +1,3 @@
+import type { HitLimitResult, ResolvedConfig } from '@joint-ops/hitlimit-types';
+export declare function checkLimit<TRequest>(config: ResolvedConfig<TRequest>, req: TRequest): Promise<HitLimitResult>;
+//# sourceMappingURL=limiter.d.ts.map

package/dist/core/limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"limiter.d.ts","sourceRoot":"","sources":["../../src/core/limiter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAgB,cAAc,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAK7F,wBAAsB,UAAU,CAAC,QAAQ,EACvC,MAAM,EAAE,cAAc,CAAC,QAAQ,CAAC,EAChC,GAAG,EAAE,QAAQ,GACZ,OAAO,CAAC,cAAc,CAAC,CAiDzB"}

package/dist/core/limiter.js

@@ -0,0 +1,48 @@
+import { parseWindow, hashKey } from './utils.js';
+import { buildHeaders } from './headers.js';
+import { buildBody } from './response.js';
+export async function checkLimit(config, req) {
+    const rawKey = await config.key(req);
+    const key = hashKey(rawKey);
+    let limit = config.limit;
+    let windowMs = config.windowMs;
+    let tierName;
+    if (config.tier && config.tiers) {
+        tierName = await config.tier(req);
+        const tierConfig = config.tiers[tierName];
+        if (tierConfig) {
+            limit = tierConfig.limit;
+            if (tierConfig.window) {
+                windowMs = parseWindow(tierConfig.window);
+            }
+        }
+    }
+    if (limit === Infinity) {
+        return {
+            allowed: true,
+            info: { limit, remaining: Infinity, resetIn: 0, resetAt: 0, key: rawKey, tier: tierName },
+            headers: {},
+            body: {}
+        };
+    }
+    const result = await config.store.hit(key, windowMs, limit);
+    const now = Date.now();
+    const resetIn = Math.max(0, Math.ceil((result.resetAt - now) / 1000));
+    const remaining = Math.max(0, limit - result.count);
+    const allowed = result.count <= limit;
+    const info = {
+        limit,
+        remaining,
+        resetIn,
+        resetAt: result.resetAt,
+        key: rawKey,
+        tier: tierName
+    };
+    return {
+        allowed,
+        info,
+        headers: buildHeaders(info, config.headers, allowed),
+        body: allowed ? {} : buildBody(config.response, info)
+    };
+}
+//# sourceMappingURL=limiter.js.map

package/dist/core/limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"limiter.js","sourceRoot":"","sources":["../../src/core/limiter.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AAEzC,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,MAAgC,EAChC,GAAa;IAEb,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IACpC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IAE3B,IAAI,KAAK,GAAG,MAAM,CAAC,KAAK,CAAA;IACxB,IAAI,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAA;IAC9B,IAAI,QAA4B,CAAA;IAEhC,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QAChC,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACjC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QACzC,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,GAAG,UAAU,CAAC,KAAK,CAAA;YACxB,IAAI,UAAU,CAAC,MAAM,EAAE,CAAC;gBACtB,QAAQ,GAAG,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;YAC3C,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE;YACzF,OAAO,EAAE,EAAE;YACX,IAAI,EAAE,EAAE;SACT,CAAA;IACH,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAA;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAA;IACrE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;IACnD,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,IAAI,KAAK,CAAA;IAErC,MAAM,IAAI,GAAiB;QACzB,KAAK;QACL,SAAS;QACT,OAAO;QACP,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,GAAG,EAAE,MAAM;QACX,IAAI,EAAE,QAAQ;KACf,CAAA;IAED,OAAO;QACL,OAAO;QACP,IAAI;QACJ,OAAO,EAAE,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC;QACpD,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC;KACtD,CAAA;AACH,CAAC"}

package/dist/core/response.d.ts

@@ -0,0 +1,3 @@
+import type { HitLimitInfo, ResponseConfig, ResponseFormatter } from '@joint-ops/hitlimit-types';
+export declare function buildBody(response: ResponseConfig | ResponseFormatter, info: HitLimitInfo): Record<string, any>;
+//# sourceMappingURL=response.d.ts.map

package/dist/core/response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.d.ts","sourceRoot":"","sources":["../../src/core/response.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAEhG,wBAAgB,SAAS,CACvB,QAAQ,EAAE,cAAc,GAAG,iBAAiB,EAC5C,IAAI,EAAE,YAAY,GACjB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAWrB"}

package/dist/core/response.js

@@ -0,0 +1,12 @@
+export function buildBody(response, info) {
+    if (typeof response === 'function') {
+        return response(info);
+    }
+    return {
+        ...response,
+        limit: info.limit,
+        remaining: info.remaining,
+        resetIn: info.resetIn
+    };
+}
+//# sourceMappingURL=response.js.map

package/dist/core/response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response.js","sourceRoot":"","sources":["../../src/core/response.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,SAAS,CACvB,QAA4C,EAC5C,IAAkB;IAElB,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE,CAAC;QACnC,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAA;IACvB,CAAC;IAED,OAAO;QACL,GAAG,QAAQ;QACX,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAA;AACH,CAAC"}

package/dist/core/utils.d.ts

@@ -0,0 +1,3 @@
+export declare function parseWindow(window: string | number): number;
+export declare function hashKey(key: string): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/core/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/core/utils.ts"],"names":[],"mappings":"AASA,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAO3D;AAED,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE3C"}

package/dist/core/utils.js

@@ -0,0 +1,19 @@
+import { createHash } from 'crypto';
+const UNITS = {
+    s: 1000,
+    m: 60 * 1000,
+    h: 60 * 60 * 1000,
+    d: 24 * 60 * 60 * 1000
+};
+export function parseWindow(window) {
+    if (typeof window === 'number')
+        return window;
+    const match = window.match(/^(\d+)(s|m|h|d)$/);
+    if (!match)
+        throw new Error(`Invalid window format: ${window}`);
+    return parseInt(match[1]) * UNITS[match[2]];
+}
+export function hashKey(key) {
+    return createHash('sha256').update(key).digest('hex').slice(0, 16);
+}
+//# sourceMappingURL=utils.js.map

package/dist/core/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/core/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AAEnC,MAAM,KAAK,GAA2B;IACpC,CAAC,EAAE,IAAI;IACP,CAAC,EAAE,EAAE,GAAG,IAAI;IACZ,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI;IACjB,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;CACvB,CAAA;AAED,MAAM,UAAU,WAAW,CAAC,MAAuB;IACjD,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAA;IAE7C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAA;IAC9C,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,EAAE,CAAC,CAAA;IAE/D,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;AAC7C,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,GAAW;IACjC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AACpE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+import type { Request, Response, NextFunction } from 'express';
+import type { HitLimitOptions } from '@joint-ops/hitlimit-types';
+export type { HitLimitOptions, HitLimitInfo, HitLimitResult, HitLimitStore, StoreResult, TierConfig, HeadersConfig, ResolvedConfig, KeyGenerator, TierResolver, SkipFunction, StoreErrorHandler, ResponseFormatter, ResponseConfig } from '@joint-ops/hitlimit-types';
+export { DEFAULT_LIMIT, DEFAULT_WINDOW, DEFAULT_WINDOW_MS, DEFAULT_MESSAGE } from '@joint-ops/hitlimit-types';
+export { memoryStore } from './stores/memory.js';
+export declare function hitlimit(options?: HitLimitOptions<Request>): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAKhE,YAAY,EAAE,eAAe,EAAE,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AACrQ,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAC7G,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAMhD,wBAAgB,QAAQ,CAAC,OAAO,GAAE,eAAe,CAAC,OAAO,CAAM,IAI/C,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBA8B9D"}

package/dist/index.js

@@ -0,0 +1,40 @@
+import { resolveConfig } from './core/config.js';
+import { checkLimit } from './core/limiter.js';
+import { memoryStore } from './stores/memory.js';
+export { DEFAULT_LIMIT, DEFAULT_WINDOW, DEFAULT_WINDOW_MS, DEFAULT_MESSAGE } from '@joint-ops/hitlimit-types';
+export { memoryStore } from './stores/memory.js';
+function getDefaultKey(req) {
+    return req.ip || req.socket?.remoteAddress || 'unknown';
+}
+export function hitlimit(options = {}) {
+    const store = options.store ?? memoryStore();
+    const config = resolveConfig(options, store, getDefaultKey);
+    return async (req, res, next) => {
+        if (config.skip) {
+            const shouldSkip = await config.skip(req);
+            if (shouldSkip) {
+                return next();
+            }
+        }
+        try {
+            const result = await checkLimit(config, req);
+            Object.entries(result.headers).forEach(([key, value]) => {
+                res.setHeader(key, value);
+            });
+            if (!result.allowed) {
+                res.status(429).json(result.body);
+                return;
+            }
+            next();
+        }
+        catch (error) {
+            const action = await config.onStoreError(error, req);
+            if (action === 'deny') {
+                res.status(429).json({ hitlimit: true, message: 'Rate limit error' });
+                return;
+            }
+            next();
+        }
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAGhD,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAA;AAC7G,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAEhD,SAAS,aAAa,CAAC,GAAY;IACjC,OAAO,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,IAAI,SAAS,CAAA;AACzD,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,UAAoC,EAAE;IAC7D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,WAAW,EAAE,CAAA;IAC5C,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,EAAE,KAAK,EAAE,aAAa,CAAC,CAAA;IAE3D,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC/D,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAChB,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACzC,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,IAAI,EAAE,CAAA;YACf,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;YAE5C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;gBACtD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YAC3B,CAAC,CAAC,CAAA;YAEF,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;gBACjC,OAAM;YACR,CAAC;YAED,IAAI,EAAE,CAAA;QACR,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,KAAc,EAAE,GAAG,CAAC,CAAA;YAC7D,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAA;gBACrE,OAAM;YACR,CAAC;YACD,IAAI,EAAE,CAAA;QACR,CAAC;IACH,CAAC,CAAA;AACH,CAAC"}