@meridianjs/framework 0.1.11 → 0.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +14 -2
- package/dist/index.js +6 -0
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -173,8 +173,20 @@ declare class ConsoleLogger implements ILogger {
|
|
|
173
173
|
|
|
174
174
|
declare function createServer(container: MeridianContainer, config: MeridianConfig): Express;
|
|
175
175
|
|
|
176
|
-
/**
|
|
176
|
+
/**
|
|
177
|
+
* Strict limiter for password-based auth endpoints (login, register).
|
|
178
|
+
* 10 requests per minute per IP — guards against brute-force attacks.
|
|
179
|
+
*/
|
|
177
180
|
declare const authRateLimit: express_rate_limit.RateLimitRequestHandler;
|
|
181
|
+
/**
|
|
182
|
+
* Loose limiter for OAuth redirect/callback endpoints.
|
|
183
|
+
* 30 requests per minute per IP — a complete OAuth flow (initiate → callback →
|
|
184
|
+
* exchange) consumes 3 requests, so 30/min allows ~10 flows per minute.
|
|
185
|
+
* OAuth routes are not brute-forceable at the application level because they
|
|
186
|
+
* require a real interaction with the external identity provider and a
|
|
187
|
+
* cryptographic CSRF nonce.
|
|
188
|
+
*/
|
|
189
|
+
declare const oauthRateLimit: express_rate_limit.RateLimitRequestHandler;
|
|
178
190
|
/** General API limiter: 300 requests per minute per IP. */
|
|
179
191
|
declare const apiRateLimit: express_rate_limit.RateLimitRequestHandler;
|
|
180
192
|
|
|
@@ -211,4 +223,4 @@ declare class SseManager {
|
|
|
211
223
|
/** Singleton shared across all routes and subscribers. */
|
|
212
224
|
declare const sseManager: SseManager;
|
|
213
225
|
|
|
214
|
-
export { type BootstrapOptions, ConsoleLogger, type MeridianApp, type MiddlewareRoute, type MiddlewaresConfig, SseManager, apiRateLimit, authRateLimit, bootstrap, createMeridianContainer, createServer, defineConfig, defineMiddlewares, loadConfig, loadJobs, loadLinks, loadModules, loadPlugins, loadRoutes, loadSubscribers, resolveModuleDefinition, sseManager, validate };
|
|
226
|
+
export { type BootstrapOptions, ConsoleLogger, type MeridianApp, type MiddlewareRoute, type MiddlewaresConfig, SseManager, apiRateLimit, authRateLimit, bootstrap, createMeridianContainer, createServer, defineConfig, defineMiddlewares, loadConfig, loadJobs, loadLinks, loadModules, loadPlugins, loadRoutes, loadSubscribers, oauthRateLimit, resolveModuleDefinition, sseManager, validate };
|
package/dist/index.js
CHANGED
|
@@ -730,6 +730,11 @@ var authRateLimit = rateLimit({
|
|
|
730
730
|
max: 10,
|
|
731
731
|
...sharedOpts
|
|
732
732
|
});
|
|
733
|
+
var oauthRateLimit = rateLimit({
|
|
734
|
+
windowMs: 6e4,
|
|
735
|
+
max: 30,
|
|
736
|
+
...sharedOpts
|
|
737
|
+
});
|
|
733
738
|
var apiRateLimit = rateLimit({
|
|
734
739
|
windowMs: 6e4,
|
|
735
740
|
max: 300,
|
|
@@ -820,6 +825,7 @@ export {
|
|
|
820
825
|
loadPlugins,
|
|
821
826
|
loadRoutes,
|
|
822
827
|
loadSubscribers,
|
|
828
|
+
oauthRateLimit,
|
|
823
829
|
resolveModuleDefinition,
|
|
824
830
|
sseManager,
|
|
825
831
|
validate
|
package/package.json
CHANGED