@upstash/ratelimit 0.2.0 → 0.3.0-canary.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/README.md +14 -0
  2. package/dist/index.d.ts +569 -0
  3. package/dist/index.js +736 -0
  4. package/dist/index.js.map +1 -0
  5. package/dist/index.mjs +707 -0
  6. package/dist/index.mjs.map +1 -0
  7. package/package.json +23 -42
  8. package/.releaserc +0 -14
  9. package/esm/_dnt.shims.js +0 -62
  10. package/esm/cache.js +0 -40
  11. package/esm/duration.js +0 -21
  12. package/esm/mod.js +0 -2
  13. package/esm/multi.js +0 -267
  14. package/esm/package.json +0 -3
  15. package/esm/ratelimit.js +0 -171
  16. package/esm/single.js +0 -375
  17. package/esm/types.js +0 -1
  18. package/script/_dnt.shims.js +0 -66
  19. package/script/cache.js +0 -44
  20. package/script/duration.js +0 -25
  21. package/script/mod.js +0 -7
  22. package/script/multi.js +0 -294
  23. package/script/package.json +0 -3
  24. package/script/ratelimit.js +0 -176
  25. package/script/single.js +0 -379
  26. package/script/types.js +0 -2
  27. package/types/_dnt.shims.d.ts +0 -5
  28. package/types/cache.d.ts +0 -16
  29. package/types/duration.d.ts +0 -7
  30. package/types/mod.d.ts +0 -5
  31. package/types/multi.d.ts +0 -121
  32. package/types/ratelimit.d.ts +0 -112
  33. package/types/single.d.ts +0 -187
  34. package/types/types.d.ts +0 -70
package/script/multi.js DELETED
@@ -1,294 +0,0 @@
1
- "use strict";
2
- var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
- if (k2 === undefined) k2 = k;
4
- var desc = Object.getOwnPropertyDescriptor(m, k);
5
- if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
- desc = { enumerable: true, get: function() { return m[k]; } };
7
- }
8
- Object.defineProperty(o, k2, desc);
9
- }) : (function(o, m, k, k2) {
10
- if (k2 === undefined) k2 = k;
11
- o[k2] = m[k];
12
- }));
13
- var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
- Object.defineProperty(o, "default", { enumerable: true, value: v });
15
- }) : function(o, v) {
16
- o["default"] = v;
17
- });
18
- var __importStar = (this && this.__importStar) || function (mod) {
19
- if (mod && mod.__esModule) return mod;
20
- var result = {};
21
- if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
22
- __setModuleDefault(result, mod);
23
- return result;
24
- };
25
- Object.defineProperty(exports, "__esModule", { value: true });
26
- exports.MultiRegionRatelimit = void 0;
27
- const dntShim = __importStar(require("./_dnt.shims.js"));
28
- const duration_js_1 = require("./duration.js");
29
- const ratelimit_js_1 = require("./ratelimit.js");
30
- const cache_js_1 = require("./cache.js");
31
- /**
32
- * Ratelimiter using serverless redis from https://upstash.com/
33
- *
34
- * @example
35
- * ```ts
36
- * const { limit } = new MultiRegionRatelimit({
37
- * redis: Redis.fromEnv(),
38
- * limiter: MultiRegionRatelimit.fixedWindow(
39
- * 10, // Allow 10 requests per window of 30 minutes
40
- * "30 m", // interval of 30 minutes
41
- * )
42
- * })
43
- *
44
- * ```
45
- */
46
- class MultiRegionRatelimit extends ratelimit_js_1.Ratelimit {
47
- /**
48
- * Create a new Ratelimit instance by providing a `@upstash/redis` instance and the algorithn of your choice.
49
- */
50
- constructor(config) {
51
- super({
52
- prefix: config.prefix,
53
- limiter: config.limiter,
54
- timeout: config.timeout,
55
- ctx: {
56
- redis: config.redis,
57
- cache: config.ephemeralCache
58
- ? new cache_js_1.Cache(config.ephemeralCache)
59
- : undefined,
60
- },
61
- });
62
- }
63
- /**
64
- * Each requests inside a fixed time increases a counter.
65
- * Once the counter reaches a maxmimum allowed number, all further requests are
66
- * rejected.
67
- *
68
- * **Pro:**
69
- *
70
- * - Newer requests are not starved by old ones.
71
- * - Low storage cost.
72
- *
73
- * **Con:**
74
- *
75
- * A burst of requests near the boundary of a window can result in a very
76
- * high request rate because two windows will be filled with requests quickly.
77
- *
78
- * @param tokens - How many requests a user can make in each time window.
79
- * @param window - A fixed timeframe
80
- */
81
- static fixedWindow(
82
- /**
83
- * How many requests are allowed per window.
84
- */
85
- tokens,
86
- /**
87
- * The duration in which `tokens` requests are allowed.
88
- */
89
- window) {
90
- const windowDuration = (0, duration_js_1.ms)(window);
91
- const script = `
92
- local key = KEYS[1]
93
- local id = ARGV[1]
94
- local window = ARGV[2]
95
-
96
- redis.call("SADD", key, id)
97
- local members = redis.call("SMEMBERS", key)
98
- if #members == 1 then
99
- -- The first time this key is set, the value will be 1.
100
- -- So we only need the expire command once
101
- redis.call("PEXPIRE", key, window)
102
- end
103
-
104
- return members
105
- `;
106
- return async function (ctx, identifier) {
107
- if (ctx.cache) {
108
- const { blocked, reset } = ctx.cache.isBlocked(identifier);
109
- if (blocked) {
110
- return {
111
- success: false,
112
- limit: tokens,
113
- remaining: 0,
114
- reset: reset,
115
- pending: Promise.resolve(),
116
- };
117
- }
118
- }
119
- const requestID = dntShim.crypto.randomUUID();
120
- const bucket = Math.floor(Date.now() / windowDuration);
121
- const key = [identifier, bucket].join(":");
122
- const dbs = ctx.redis.map((redis) => ({
123
- redis,
124
- request: redis.eval(script, [key], [requestID, windowDuration]),
125
- }));
126
- const firstResponse = await Promise.any(dbs.map((s) => s.request));
127
- const usedTokens = firstResponse.length;
128
- const remaining = tokens - usedTokens - 1;
129
- /**
130
- * If the length between two databases does not match, we sync the two databases
131
- */
132
- async function sync() {
133
- const individualIDs = await Promise.all(dbs.map((s) => s.request));
134
- const allIDs = Array.from(new Set(individualIDs.flatMap((_) => _)).values());
135
- for (const db of dbs) {
136
- const ids = await db.request;
137
- /**
138
- * If the bucket in this db is already full, it doesn't matter which ids it contains.
139
- * So we do not have to sync.
140
- */
141
- if (ids.length >= tokens) {
142
- continue;
143
- }
144
- const diff = allIDs.filter((id) => !ids.includes(id));
145
- /**
146
- * Don't waste a request if there is nothing to send
147
- */
148
- if (diff.length === 0) {
149
- continue;
150
- }
151
- await db.redis.sadd(key, ...allIDs);
152
- }
153
- }
154
- /**
155
- * Do not await sync. This should not run in the critical path.
156
- */
157
- const success = remaining > 0;
158
- const reset = (bucket + 1) * windowDuration;
159
- if (ctx.cache && !success) {
160
- ctx.cache.blockUntil(identifier, reset);
161
- }
162
- return {
163
- success,
164
- limit: tokens,
165
- remaining,
166
- reset,
167
- pending: sync(),
168
- };
169
- };
170
- }
171
- /**
172
- * Combined approach of `slidingLogs` and `fixedWindow` with lower storage
173
- * costs than `slidingLogs` and improved boundary behavior by calcualting a
174
- * weighted score between two windows.
175
- *
176
- * **Pro:**
177
- *
178
- * Good performance allows this to scale to very high loads.
179
- *
180
- * **Con:**
181
- *
182
- * Nothing major.
183
- *
184
- * @param tokens - How many requests a user can make in each time window.
185
- * @param window - The duration in which the user can max X requests.
186
- */
187
- static slidingWindow(
188
- /**
189
- * How many requests are allowed per window.
190
- */
191
- tokens,
192
- /**
193
- * The duration in which `tokens` requests are allowed.
194
- */
195
- window) {
196
- const windowSize = (0, duration_js_1.ms)(window);
197
- const script = `
198
- local currentKey = KEYS[1] -- identifier including prefixes
199
- local previousKey = KEYS[2] -- key of the previous bucket
200
- local tokens = tonumber(ARGV[1]) -- tokens per window
201
- local now = ARGV[2] -- current timestamp in milliseconds
202
- local window = ARGV[3] -- interval in milliseconds
203
- local requestID = ARGV[4] -- uuid for this request
204
-
205
-
206
- local currentMembers = redis.call("SMEMBERS", currentKey)
207
- local requestsInCurrentWindow = #currentMembers
208
- local previousMembers = redis.call("SMEMBERS", previousKey)
209
- local requestsInPreviousWindow = #previousMembers
210
-
211
- local percentageInCurrent = ( now % window) / window
212
- if requestsInPreviousWindow * ( 1 - percentageInCurrent ) + requestsInCurrentWindow >= tokens then
213
- return {currentMembers, previousMembers}
214
- end
215
-
216
- redis.call("SADD", currentKey, requestID)
217
- table.insert(currentMembers, requestID)
218
- if requestsInCurrentWindow == 0 then
219
- -- The first time this key is set, the value will be 1.
220
- -- So we only need the expire command once
221
- redis.call("PEXPIRE", currentKey, window * 2 + 1000) -- Enough time to overlap with a new window + 1 second
222
- end
223
- return {currentMembers, previousMembers}
224
- `;
225
- const windowDuration = (0, duration_js_1.ms)(window);
226
- return async function (ctx, identifier) {
227
- if (ctx.cache) {
228
- const { blocked, reset } = ctx.cache.isBlocked(identifier);
229
- if (blocked) {
230
- return {
231
- success: false,
232
- limit: tokens,
233
- remaining: 0,
234
- reset: reset,
235
- pending: Promise.resolve(),
236
- };
237
- }
238
- }
239
- const requestID = dntShim.crypto.randomUUID();
240
- const now = Date.now();
241
- const currentWindow = Math.floor(now / windowSize);
242
- const currentKey = [identifier, currentWindow].join(":");
243
- const previousWindow = currentWindow - windowSize;
244
- const previousKey = [identifier, previousWindow].join(":");
245
- const dbs = ctx.redis.map((redis) => ({
246
- redis,
247
- request: redis.eval(script, [currentKey, previousKey], [tokens, now, windowDuration, requestID]),
248
- }));
249
- const percentageInCurrent = (now % windowDuration) / windowDuration;
250
- const [current, previous] = await Promise.any(dbs.map((s) => s.request));
251
- const usedTokens = previous.length * (1 - percentageInCurrent) +
252
- current.length;
253
- const remaining = tokens - usedTokens;
254
- /**
255
- * If a database differs from the consensus, we sync it
256
- */
257
- async function sync() {
258
- const [individualIDs] = await Promise.all(dbs.map((s) => s.request));
259
- const allIDs = Array.from(new Set(individualIDs.flatMap((_) => _)).values());
260
- for (const db of dbs) {
261
- const [ids] = await db.request;
262
- /**
263
- * If the bucket in this db is already full, it doesn't matter which ids it contains.
264
- * So we do not have to sync.
265
- */
266
- if (ids.length >= tokens) {
267
- continue;
268
- }
269
- const diff = allIDs.filter((id) => !ids.includes(id));
270
- /**
271
- * Don't waste a request if there is nothing to send
272
- */
273
- if (diff.length === 0) {
274
- continue;
275
- }
276
- await db.redis.sadd(currentKey, ...allIDs);
277
- }
278
- }
279
- const success = remaining > 0;
280
- const reset = (currentWindow + 1) * windowDuration;
281
- if (ctx.cache && !success) {
282
- ctx.cache.blockUntil(identifier, reset);
283
- }
284
- return {
285
- success,
286
- limit: tokens,
287
- remaining,
288
- reset,
289
- pending: sync(),
290
- };
291
- };
292
- }
293
- }
294
- exports.MultiRegionRatelimit = MultiRegionRatelimit;
package/script/package.json DELETED
@@ -1,3 +0,0 @@
1
- {
2
- "type": "commonjs"
3
- }
package/script/ratelimit.js DELETED
@@ -1,176 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.Ratelimit = exports.TimeoutError = void 0;
4
- const cache_js_1 = require("./cache.js");
5
- class TimeoutError extends Error {
6
- constructor() {
7
- super("Timeout");
8
- this.name = "TimeoutError";
9
- }
10
- }
11
- exports.TimeoutError = TimeoutError;
12
- /**
13
- * Ratelimiter using serverless redis from https://upstash.com/
14
- *
15
- * @example
16
- * ```ts
17
- * const { limit } = new Ratelimit({
18
- * redis: Redis.fromEnv(),
19
- * limiter: Ratelimit.slidingWindow(
20
- * 10, // Allow 10 requests per window of 30 minutes
21
- * "30 m", // interval of 30 minutes
22
- * ),
23
- * })
24
- *
25
- * ```
26
- */
27
- class Ratelimit {
28
- constructor(config) {
29
- Object.defineProperty(this, "limiter", {
30
- enumerable: true,
31
- configurable: true,
32
- writable: true,
33
- value: void 0
34
- });
35
- Object.defineProperty(this, "ctx", {
36
- enumerable: true,
37
- configurable: true,
38
- writable: true,
39
- value: void 0
40
- });
41
- Object.defineProperty(this, "prefix", {
42
- enumerable: true,
43
- configurable: true,
44
- writable: true,
45
- value: void 0
46
- });
47
- Object.defineProperty(this, "timeout", {
48
- enumerable: true,
49
- configurable: true,
50
- writable: true,
51
- value: void 0
52
- });
53
- /**
54
- * Determine if a request should pass or be rejected based on the identifier and previously chosen ratelimit.
55
- *
56
- * Use this if you want to reject all requests that you can not handle right now.
57
- *
58
- * @example
59
- * ```ts
60
- * const ratelimit = new Ratelimit({
61
- * redis: Redis.fromEnv(),
62
- * limiter: Ratelimit.slidingWindow(10, "10 s")
63
- * })
64
- *
65
- * const { success } = await ratelimit.limit(id)
66
- * if (!success){
67
- * return "Nope"
68
- * }
69
- * return "Yes"
70
- * ```
71
- */
72
- Object.defineProperty(this, "limit", {
73
- enumerable: true,
74
- configurable: true,
75
- writable: true,
76
- value: async (identifier) => {
77
- const key = [this.prefix, identifier].join(":");
78
- let timeoutId = null;
79
- try {
80
- const arr = [this.limiter(this.ctx, key)];
81
- if (this.timeout) {
82
- arr.push(new Promise((resolve) => {
83
- timeoutId = setTimeout(() => {
84
- resolve({
85
- success: true,
86
- limit: 0,
87
- remaining: 0,
88
- reset: 0,
89
- pending: Promise.resolve(),
90
- });
91
- }, this.timeout);
92
- }));
93
- }
94
- return await Promise.race(arr);
95
- }
96
- finally {
97
- if (timeoutId) {
98
- clearTimeout(timeoutId);
99
- }
100
- }
101
- }
102
- });
103
- /**
104
- * Block until the request may pass or timeout is reached.
105
- *
106
- * This method returns a promsie that resolves as soon as the request may be processed
107
- * or after the timeoue has been reached.
108
- *
109
- * Use this if you want to delay the request until it is ready to get processed.
110
- *
111
- * @example
112
- * ```ts
113
- * const ratelimit = new Ratelimit({
114
- * redis: Redis.fromEnv(),
115
- * limiter: Ratelimit.slidingWindow(10, "10 s")
116
- * })
117
- *
118
- * const { success } = await ratelimit.blockUntilReady(id, 60_000)
119
- * if (!success){
120
- * return "Nope"
121
- * }
122
- * return "Yes"
123
- * ```
124
- */
125
- Object.defineProperty(this, "blockUntilReady", {
126
- enumerable: true,
127
- configurable: true,
128
- writable: true,
129
- value: async (
130
- /**
131
- * An identifier per user or api.
132
- * Choose a userID, or api token, or ip address.
133
- *
134
- * If you want to limit your api across all users, you can set a constant string.
135
- */
136
- identifier,
137
- /**
138
- * Maximum duration to wait in milliseconds.
139
- * After this time the request will be denied.
140
- */
141
- timeout) => {
142
- if (timeout <= 0) {
143
- throw new Error("timeout must be positive");
144
- }
145
- let res;
146
- const deadline = Date.now() + timeout;
147
- while (true) {
148
- res = await this.limit(identifier);
149
- if (res.success) {
150
- break;
151
- }
152
- if (res.reset === 0) {
153
- throw new Error("This should not happen");
154
- }
155
- const wait = Math.min(res.reset, deadline) - Date.now();
156
- await new Promise((r) => setTimeout(r, wait));
157
- if (Date.now() > deadline) {
158
- break;
159
- }
160
- }
161
- return res;
162
- }
163
- });
164
- this.ctx = config.ctx;
165
- this.limiter = config.limiter;
166
- this.timeout = config.timeout;
167
- this.prefix = config.prefix ?? "@upstash/ratelimit";
168
- if (config.ephemeralCache instanceof Map) {
169
- this.ctx.cache = new cache_js_1.Cache(config.ephemeralCache);
170
- }
171
- else if (typeof config.ephemeralCache === "undefined") {
172
- this.ctx.cache = new cache_js_1.Cache(new Map());
173
- }
174
- }
175
- }
176
- exports.Ratelimit = Ratelimit;