ac-ratelimiter 1.0.10 → 2.0.0-beta.1

package/.eslintrc.js

@@ -17,10 +17,11 @@ const config = {
   },
   globals: {
     describe: true,
-    it: true
+    it: true,
+    after: true
   },
   'parserOptions': {
-    'ecmaVersion': 2018
+    'ecmaVersion': 2022
 },
 }
 

package/.github/workflows/node.js.yml

@@ -5,9 +5,9 @@ name: Node.js CI
 
 on:
   push:
-    branches: [ master ]
+    branches: [ master, develop ]
   pull_request:
-    branches: [ master ]
+    branches: [ master, develop ]
 
 jobs:
   build:
@@ -18,6 +18,7 @@ jobs:
       matrix:
         node-version: [16.x, 18.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+        redis-version: [6]
 
     steps:
     - uses: actions/checkout@v3
@@ -26,5 +27,10 @@ jobs:
       with:
         node-version: ${{ matrix.node-version }}
     
+    - name: Start Redis
+      uses: supercharge/redis-github-action@1.4.0
+      with:
+        redis-version: ${{ matrix.redis-version }}  
+    
     - run: yarn install
     - run: yarn run test

package/README.md

@@ -1,12 +1,18 @@
 # ac-ratelimiter
 
-This tool provides rate-limiter based on Redis and ExpressJs.
+This tool provides rate-limiter that can be used as middleware with ExpressJs.
+
+For huge production load it is recommended that you use it with Redis. However, for smaller applications you can use the build in Node Cache.
 
 [![Node.js CI](https://github.com/AdmiralCloud/ac-ratelimiter/actions/workflows/node.js.yml/badge.svg)](https://github.com/AdmiralCloud/ac-ratelimiter/actions/workflows/node.js.yml)
 
-## Usage
+## Breaking changes for version 2
+Version 2 is a complete re-write of this module. It is now a class and uses async/await.
 
 ```
+// Migration example
+
+// Version 1
 const acrl = require('ac-ratelimiter')
 
 const init = {
@@ -26,37 +32,73 @@ acrl.limiter(req, {}, err => {
   return res.json({ status: _.get(err, 'status') })
 })
 
+
+// Version 2
+const acrl = require('ac-ratelimiter')
+
+const init = {
+  routes: [
+    { route: 'user/find', throttleLimit: 1, limit: 2, expires: 3, delay: 250 },
+  ],
+  redis: REDIS INSTANCE
+  logger: winston.log INSTANCE
+}
+
+const rateLimiter = new acrl(init)
+
+try {
+  await rateLimiter.limiter(req)
+}
+catch(e) {
+  // e.status === 900 => throttling is active
+  // e.status === 429 => limiter is active
+}
+
+```
+
+## Usage
+
+### Without any dependencies
+This example initiates the rate limiter with NodeCache (instead of Redis) and console.log (instead of Winston). Default limits are 150 requests within 3 seconds. Starting at 50 request, requests will be throttled by 250ms.
+
+```
+const acrl = require('ac-ratelimiter')
+
+const rateLimiter = new acrl()
+
+try {
+  await rateLimiter.limiter(req)
+}
+catch(e) {
+  // e.status === 900 => throttling is active
+  // e.status === 429 => limiter is active
+}
+
 ```
 
 ## Prerequisites
 
 ### Init
-The ac-ratelimiter uses Redis as storage for the rate-limiter keys. You can also write your own, memory-based, backend. See the test for an example.
+The ac-ratelimiter can use Redis as storage for the rate-limiter keys. By default and to run out-of-the-box it uses Node Cache.
 
 Additionally, for logging purposes, we use Winston. But you can also use any other logger that provides logging for "warn" and "error".
 
 Last but not least, provide an array of objects with rate limiter instructions. Each object has the following properties:
-Property | Type | Example | Remarks
+Property | Type | Defaults | Remarks
 ---|---|---|---|
-route | string | user/find | A combination of controller and action (express) or any other identifier you can provide
-throttleLimit | integer | 20 | Number of calls before throttling starts
+routes | string |  | A combination of controller and action (express) or any other identifier you can provide
+throttleLimit | 50 | 20 | Number of calls before throttling starts
 delay | integer | 250 | Number of milliseconds a throttle request is delayed (on purpose)
-limit | integer | 100 | Number of calls before the limiter kicks in
+limit | integer | 150 | Number of calls before the limiter kicks in
 expires | integer | 3 | Number of seconds before the rate-limiter resets
 
 
-The init function can take additional parameters like 
-+ environment
-+ debugMode
 
 ### RateLimiter
 The actual rateLimiter function takes two arguments, the Express request object (req) and an options object with the following optional properties:
 
 Property | Type | Example | Remarks
 ---|---|---|---|
-knownIP | Object | { name: 'AdmiralCloud' } | Display known IPs with their name when limiter is active
-link | String | myLink | Display and locks the limiter to a given link (as identifier)
-token | String | myToken | Locks the limiter to a given token/user session
 name | String | myName | Identifier for the route - falls back to controller/action
 redisKey | String | myKey | Optional RedisKey to use for rate limiter
 fallbackRoute | String | fbroute | Optional fallback route identifier
@@ -73,12 +115,13 @@ Both values might be retrieved prior to the rate limiter so there is no need to
 
 # Links
 - [Website](https://www.admiralcloud.com/)
-- [Twitter (@admiralcloud)](https://twitter.com/admiralcloud)
 - [Facebook](https://www.facebook.com/MediaAssetManagement/)
 
 # Run tests
-Call yarn run test
+```
+yarn run test
+```
 
 ## License
 
-[MIT License](https://opensource.org/licenses/MIT) Copyright © 2009-present, AdmiralCloud, Mark Poepping
+[MIT License](https://opensource.org/licenses/MIT) Copyright © 2009-present, AdmiralCloud AG, Mark Poepping

package/index.js

@@ -1,188 +1,207 @@
-/**
- * Copyright mmpro film- und medienproduktion GmbH and other Node contributors
- *
- */
-
-const async = require('async');
-const _ = require('lodash');
+const  { setTimeout } = require('timers/promises')
 
+const NodeCache = require('node-cache')
 const acts = require('ac-ip')
 
-const ratelimiter = () => {
-
-  let environment = process.env.NODE_ENV || 'development'
-  let routes = []
-  let redis
-  let logger
-  let debugMode
-  let knownIPs
-  let ignorePrivateIps = true
-
-  const init = (options) => {
-    if (_.get(options, 'environment')) environment = _.get(options, 'environment')
-    if (_.get(options, 'routes')) routes = _.get(options, 'routes')
-    if (_.get(options, 'debugMode')) debugMode = _.get(options, 'debugMode')
-    if (_.get(options, 'knownIPs')) knownIPs = _.get(options, 'knownIPs')
-    if (_.has(options, 'ignorePrivateIps')) ignorePrivateIps = _.get(options, 'ignorePrivateIps')
-
-    if (!_.get(options, 'redis')) {
-      throw new Error('Redis instance is required')
+class ACError extends Error {
+  constructor(message, options = {}) {
+    super(message)
+    
+    if (Error.captureStackTrace) {
+      Error.captureStackTrace(this, ACError)
+    }
+    // info
+    this.code = options.code || -1
+    this.errorMessage = message
+    // show other properties of options object
+    for (const [key, value] of Object.entries(options)) {
+      this[key] = value;
+    }    
+  }
+}
+
+class RateLimiter {
+  constructor({ redisInstance, logger = console, routes = [], knownIPs = [], ignorePrivateIps } = {}) {
+    // make sure only one instance exists!
+    if (RateLimiter._instance) {
+      return RateLimiter._instance
     }
-    redis = _.get(options, 'redis')
-    if (!_.get(options, 'logger')) {
-      throw new Error('Logger instance is required')
+    RateLimiter._instance = this;
+
+    this.environment = process.env.NODE_ENV || 'development'
+    if(redisInstance) {
+      this.redisInstance = redisInstance
+    }
+    else {
+      this.cache = new NodeCache()
     }
-    logger = _.get(options, 'logger')
+
+    this.limits = {
+      expires: 3,
+      limit: 150,
+      throttleLimit: 50,
+      delay: 250
+    }
+
+    this.logger = logger
+    this.routes = routes
+    this.knownIPs = knownIPs
+    this.ignorePrivateIps = ignorePrivateIps
   }
 
-  const prepareRedisKey = (params) => {
-    const ip = _.get(params, 'ip')
-    const controller = _.get(params, 'controller', 'controller')
-    const action = _.get(params, 'action', 'action')
-    const clientId = _.get(params, 'clientId', 'clientId')
-    const identifier = _.get(params, 'identifier')
-  
-    let redisKey = _.get(params, 'redisKey', (environment + ':rateLimiter:' + clientId + ':' + ip + ':' + controller + ':' + action))
-    if (identifier) redisKey += ':' + identifier
-    return redisKey
+  whichStorage() {
+    if (this.redisInstance) return 'Redis'
+    else return 'NodeCache'
   }
 
-  const limiter = (req, options, cb) => {
-    const ip = _.get(req, 'determinedIP') || acts.determineIP(req)
-    if (ignorePrivateIps && acts.isPrivate(ip)) return cb(null)
-    const controller = _.get(req, 'options.controller')
-    const action = _.get(req, 'options.action')
-    const clientId = _.get(options, 'clientId')
-    const route = _.get(options, 'name') || `${controller}/${action}`
-    const knownIP = _.find(knownIPs, { ip })
-    const identifier = _.get(options, 'identifier')
-    // obscure identifier for logging
-    const logIdentifier = _.isString(identifier) && identifier.replace(/(\w{1,4})-(\w{1,4})/g, 'xxxx')
-
-    const redisKey = prepareRedisKey({
+  // private 
+  prepareRedisKey({ ip, controller = 'controller', action = 'action', clientId = 'clientId', identifier = 'identifier', redisKey }) {
+    let rateLimiterKey = redisKey || (this.environment + ':rateLimiter:' + clientId + ':' + ip + ':' + controller + ':' + action)
+    if (identifier) rateLimiterKey += ':' + identifier
+    return rateLimiterKey
+  }
+
+  async limiter(req, { 
+    ip = req?.determinedIP || acts.determineIP(req),
+    clientId = 'clientId', 
+    identifier = 'identifier', 
+    redisKey,
+    expires,
+    limit,
+    throttleLimit,
+    delay,
+    fallbackRoute = 'default',
+    name,
+    debugMode,
+    rateLimitCounter
+  }) {
+
+    if (this.ignorePrivateIps && acts.isPrivate(ip)) return
+
+    const logIdentifier = typeof identifier === 'string' && identifier.replace(/(\w{1,4})-(\w{1,4})/g, 'xxxx')
+    const knownIP = this.knownIPs.find(({ knownIP }) => knownIP === ip)
+
+    const controller = req?.options?.controller || 'controller'
+    const action = req?.options?.action || 'action'
+    const currentRoute = name || `${controller}/${action}`
+
+
+    const rateLimiterKey = this.prepareRedisKey({
       ip,
       controller,
       action,
       clientId,
       identifier,
-      redisKey: _.get(options, 'redisKey')
+      redisKey
     })
 
-    const fallbackRoute = _.get(options, 'fallbackRoute', 'default')
-    let settings = routes.find(item => {
-      if (ip && clientId && route && item.ip === ip && item.clientId === clientId && item.route === route ) return item
-      else if (ip && route && item.ip === ip && item.route === route && !item.clientId ) return item
-      else if (clientId && route && item.clientId === clientId && item.route === route && !item.ip) return item
-      else if (route && item.route === route && !item.clientId && !item.ip) return item
+    const rateLogger = ({ type, rateLimitCounter, currentLimit }) => {
+      this.logger.warn('-'.repeat(80))
+      if (debugMode) this.logger.warn('DEBUG MODE - DEBUG MODE - DEBUG MODE')
+      this.logger.warn('%s | %s | %s | %s | Counter %s/%s', 'ACRateLimiter'.padEnd(15), type.padEnd(12), currentRoute.padEnd(32), (ip + ' ' + (knownIP?.name || '')).padEnd(16), rateLimitCounter, currentLimit)
+      if (logIdentifier) this.logger.warn('%s | Identifier: %s', ' '.padEnd(15), logIdentifier)
+    }
+
+    let settings = this.routes.find(item => {
+      if (ip && clientId && currentRoute && item.ip === ip && item.clientId === clientId && item.route === currentRoute ) return item
+      else if (ip && currentRoute && item.ip === ip && item.route === currentRoute && !item.clientId ) return item
+      else if (clientId && currentRoute && item.clientId === clientId && item.route === currentRoute && !item.ip) return item
+      else if (currentRoute && item.route === currentRoute && !item.clientId && !item.ip) return item
     })
     if (!settings) {
       // check fallback route
-      settings = routes.find(item => {
+      settings = this.routes.find(item => {
         if (item.route === fallbackRoute && !item.clientId && !item.ip) return item
       })
     }
-    const expires = _.get(options, 'expires', _.get(settings, 'expires', 3))
-    const limit = _.get(options, 'limit', _.get(settings, 'limit', 150))
-    const throttleLimit = _.get(options, 'throttleLimit', _.get(settings, 'throttleLimit', 50)) // optional
-    const delay = _.get(options, 'delay', _.get(settings, 'delay', 250)) // delay in ms which kicks in if throttle if active
-
-    let rateLimitCounter
-
-    const rateLogger = (params) => {
-      const type = _.get(params, 'type')
-      logger.warn(_.repeat('-', 80))
-      if (debugMode) logger.warn('DEBUG MODE - DEBUG MODE - DEBUG MODE')
-      logger.warn('%s | %s | %s | %s | Counter %s/%s', _.padEnd('ACRateLimiter', 15), _.padEnd(type, 12), _.padEnd(route, 32), _.padEnd((ip + ' ' + _.get(knownIP, 'name', '')), 16), rateLimitCounter, limit)
-      if (logIdentifier) logger.warn('%s | Identifier: %s', _.padEnd(' ', 15), logIdentifier)
+    
+    let current = {
+      expires,
+      limit,
+      throttleLimit,
+      delay
     }
-  
-
-    async.series({
-      increaseCounter: (done) => {
-        redis.incr(redisKey, (err, result) => {
-          if (err) {
-            logger.error('ACRateLimiter | Redis failed %j', err)
-            // silently ignore
-            return done()
-          }
-          rateLimitCounter = result
-          return done()
-        })
-      },
-      processLimits: (done) => {
-        if (rateLimitCounter === 1 && rateLimitCounter < limit) {
-          // key has never been set before - set expire time and return
-          redis.expire(redisKey, expires, done)
-        }
-        else if (rateLimitCounter > limit) {
-          // only log every 10th entry
-          if (rateLimitCounter === limit || rateLimitCounter % 10 === 0) {
-            rateLogger({ type: 'Blocking' })
-          }
-          // debug mode shows the rate limiting but does not limit
-          if (debugMode) return done()
-          return done({ message: 'tooManyRequestsFromThisIP', status: 429, logging: false, counter: rateLimitCounter, additionalInfo: { expires } })
-        }
-        else if (throttleLimit && rateLimitCounter > limit * 0.9) {
-          // at 90 percent delay with expire time, to avoid limit kicking in
-          rateLogger({ type: 'Final Throttling' })
-          _.delay(() => {
-            // do not "taint" process time when deliberately throttline
-            if (req._startTime) req._startTime += expires * 1000
-
-            return done({ message: 'finalThrottlingActive_requestsIsDelayed', status: 900, additionalInfo: { expires } })
-          }, expires * 1000)
-        }
-        else if (throttleLimit && rateLimitCounter > throttleLimit) {
-          // log the first throttling and every 50th entry
-          if (rateLimitCounter === (throttleLimit + 1) || rateLimitCounter % 50 === 0) {
-            rateLogger({ type: 'Throttling' })
-          }
-          _.delay(() => {
-            // do not "taint" process time when deliberately throttline
-            if (req._startTime) req._startTime += delay
-
-            return done({ message: 'throttlingActive_requestsIsDelayed', status: 900, additionalInfo: { expires } })
-          }, delay)
-        }
-        else {
-          return done()
-        }
+
+    const props = ['expires', 'limit', 'throttleLimit', 'delay']
+    props.forEach(prop => {
+      if (!Number.isFinite(current[prop])) {
+        // use from setting
+        if (Number.isFinite(settings?.[prop])) current[prop] = settings[prop]
+        else current[prop] = this.limits[prop]
       }
-    }, err => {
-      return cb(err, { ip, controller, action, counter: rateLimitCounter, knownIPName: _.get(knownIP, 'name', '-'), identifier: logIdentifier })      
     })
-  }
 
-  const resetLimiter = (params, cb) => {
-    const ip = _.get(params, 'ip')
-    const controller = _.get(params, 'controller')
-    const action = _.get(params, 'action')
-    const identifier = _.get(params, 'identifier')
-
-    let redisKey = environment + ':rateLimiter:'
-    if (ip) redisKey += ip + ':' 
-    if (controller) redisKey += controller + ':' 
-    if (action) redisKey += action + ':'
-    if (identifier) redisKey += ':' + identifier
-    redisKey += '*'
-    redis.keys(redisKey, (err, keys) => {
-      if (err) return cb(err)
-      const multi = redis.multi()
-      _.forEach(keys, key => {
-        multi.del(key)
-      })
-      multi.exec(cb)
-    })
+    if (rateLimitCounter) {
+      // if rateLimitCounter is sent with the request, then don't fetch it again
+    }
+    else if (this.redisInstance) {
+      // use Redis instance for rate limiting
+      rateLimitCounter = await this.redisInstance.incr(rateLimiterKey)
+      if (rateLimitCounter === 1 && rateLimitCounter < current.limit) {
+        // key has never been set before - set expire time and return
+        await this.redisInstance.expire(redisKey, expires)
+      }
+    }
+    else {
+      // use Node cache (memory) for rate limiting - please see README before using in production!
+      rateLimitCounter = this.cache.get(rateLimiterKey)
+      let ts = this.cache.getTtl(rateLimiterKey) // ts in ms when the key will expire
+      rateLimitCounter = rateLimitCounter + 1 || 1
+      if (ts === undefined || ts === 0) {
+        // first entry - set expiration
+        this.cache.set(rateLimiterKey, rateLimitCounter, current?.expires )
+      }
+      else {
+        // update but use the existing timestamp
+        const newTTL = ts - new Date().getTime()
+        this.cache.set(rateLimiterKey, rateLimitCounter, Math.ceil(newTTL/1000))
+      }
+    }
+
+    if (debugMode) {
+      console.log('Route %s | Current Counter %s | Throttle %s | Limit %s | Delay %s | Expires %s', currentRoute, rateLimitCounter, current.throttleLimit, current.limit, current.delay, current.expires) 
+    }
+
+    if (rateLimitCounter > current.limit) {
+      // only log every 10th entry
+      if (rateLimitCounter === current.limit || rateLimitCounter % 10 === 0) {
+        rateLogger({ type: 'Blocking', rateLimitCounter, currentLimit: current.limit })
+      }
+      throw new ACError('tooManyRequestsFromThisIP', { status: 429, logging: false, counter: rateLimitCounter, additionalInfo: { expires: current.expires } })
+      
+    }
+    else if (current.throttleLimit && rateLimitCounter > current.limit * 0.9) {
+      // at 90 percent delay with expire time, to avoid limit kicking in
+      rateLogger({ type: 'Final Throttling', rateLimitCounter, currentLimit: current.limit })
+      await setTimeout(current.expires * 1000)
+      // do not "taint" process time when deliberately throttline
+      if (req._startTime) req._startTime += current.expires * 1000
+      throw new ACError('finalThrottlingActive_requestsIsDelayed', { status: 900, additionalInfo: { counter: rateLimitCounter, expires: current.expires } })
+    }
+    else if (current.throttleLimit && rateLimitCounter > current.throttleLimit) {
+      // log the first throttling and every 50th entry
+      if (rateLimitCounter === (throttleLimit + 1) || rateLimitCounter % 50 === 0) {
+        rateLogger({ type: 'Throttling', rateLimitCounter, currentLimit: current.limit })
+      }
+      await setTimeout(current.delay)
+      // do not "taint" process time when deliberately throttline
+      if (req._startTime) req._startTime += current.delay
+      throw new ACError('throttlingActive_requestsIsDelayed', { status: 900, additionalInfo: { counter: rateLimitCounter, expires: current.expires } })
+    }
   }
 
+  async updateLimiter({ routes, knownIPs, ignorePrivateIps }) {
+    if (Array.isArray(routes)) this.routes = routes
+    if (Array.isArray(knownIPs)) this.knownIPs = knownIPs
+    if (typeof ignorePrivateIps === 'boolean') this.ignorePrivateIps = ignorePrivateIps
+  }
 
-  return {
-    init,
-    limiter,
-    prepareRedisKey,
-    resetLimiter
+  async resetLimiter() {
+    // reset completely
+    this.cache.flushAll()
   }
 
+
 }
-module.exports = ratelimiter()
+
+module.exports = RateLimiter

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "ac-ratelimiter",
   "description": "Simple ratelimiter for express",
-  "version": "1.0.10",
-  "author": "Mark Poepping",
+  "version": "2.0.0-beta.1",
+  "author": "Mark Poepping (www.admiralcloud.com)",
   "repository": {
     "type": "git",
     "url": "git://github.com/admiralcloud/ac-ratelimiter"
@@ -10,13 +10,13 @@
   "homepage": "https://www.admiralcloud.com",
   "dependencies": {
     "ac-ip": "^3.0.1",
-    "async": "^3.2.4",
-    "lodash": "^4.17.21"
+    "node-cache": "^5.1.2"
   },
   "devDependencies": {
-    "ac-semantic-release": "^0.3.4",
+    "ac-semantic-release": "^0.3.5",
     "chai": "^4.3.7",
-    "eslint": "8.31.0",
+    "eslint": "8.35.0",
+    "ioredis": "^5.3.1",
     "mocha": "^10.2.0"
   },
   "scripts": {
@@ -25,6 +25,6 @@
     "test-jenkins": "JUNIT_REPORT_PATH=./report.xml mocha --slow 1000 --colors --reporter mocha-jenkins-reporter --reporter-options junit_report_name='RATELIMITER'"
   },
   "engines": {
-    "node": ">=10.0.0"
+    "node": ">=16.0.0"
   }
 }

package/test/test.js

@@ -1,298 +1,403 @@
-const _ = require('lodash')
-const { expect } = require('chai');
+const { expect } = require('chai')
+const  { setTimeout } = require('timers/promises')
 
-const ratelimiter = require('../index')
+const ratelimiterModule = require('../index')
 
-const redisStoreSimulator = {}
-
-const init = {
-  routes: [
-    { route: 'user/find', throttleLimit: 1, limit: 2, expires: 3, delay: 250 },
-  ],
-  redis: {
-    incr: (key, cb) => {
-      redisStoreSimulator[key] = redisStoreSimulator[key] || 0
-      redisStoreSimulator[key] += 1
-      //console.log('Redis incr', key, redisStoreSimulator[key])
-      return cb(null, redisStoreSimulator[key])
-    },
-    expire: (key, expires, cb) => {
-      //console.log('Redis expires', key)
-      setTimeout(() => {
-        _.unset(redisStoreSimulator, key)
-      }, expires * 1000)
-      return cb()
-    }
-  },
-  logger: {
-    warn: () => {
-      // just for simulation
-    }
-  }
-}
+const Redis = require('ioredis')
+const redis = new Redis()
 
 let req = {
   options: {
     controller: 'user',
-    action: 'find'
+    action: 'find',
   },
   determinedIP: '1.2.3.4'
 }
 
+
+let initOptions = {
+  routes: [
+    { route: 'user/find', throttleLimit: 1, limit: 2, expires: 3, delay: 250 },
+  ]
+}
 let options = {}
 
-describe('Test section #1', function () {
-  describe('RATE LIMITER TEST', function() {
-    this.timeout(5000)
-    it('init tests', done => {
-      ratelimiter.init(init)
-      return done()
-    })
+const ratelimiter = new ratelimiterModule(initOptions)
+const ratelimiterRedis = new ratelimiterModule({ redisInstance: redis, routes: initOptions.routes })
+
 
-    it('should not trigger', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+describe('Use NodeCache', () => {
+
+  describe('Test section #1', function () {
+    describe('RATE LIMITER TEST', function() {
+      this.timeout(5000)
+
+      it('Reset Limiter', async() => {
+        await ratelimiter.resetLimiter()
       })
-    })
-    it('should still not trigger', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).to.have.property('status', 900)
-        return done()
+
+      it('should not trigger - req #1', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
-    it('should still not trigger as only throttling is active', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('should still not trigger - req #2 - but throw 900', async() => {
+        try {
+          await ratelimiter.limiter(req, options)
+        }
+        catch(e) {
+          expect(e).to.have.property('message', 'finalThrottlingActive_requestsIsDelayed')
+          expect(e).to.have.property('status', 900)
+        }
+      })
+      it('should not trigger - req #3 - rate limiter is reset', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
     })
   })
-})
 
 
-describe('Test section #2 - immediate limiter', function () {
-  describe('RATE LIMITER TEST', function() {
-    this.timeout(5000)
-    it('init tests', done => {
-      req.determinedIP = '4.1.4.1'
-      init.routes = [
-        { route: 'user/find', limit: 0, expires: 3, delay: 250 },
-      ]
-      ratelimiter.init(init)
-      return done()
-    })
+  describe('Test section #2 - immediate limiter', function () {
+    describe('RATE LIMITER TEST', function() {
+      this.timeout(5000)
+
+      it('Reset Limiter', async() => {
+        await ratelimiter.resetLimiter()
+      })
 
-    it('should trigger immediately', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).to.have.property('status', 429)
-        return done()
+      it('Update settings', async() => {
+        await ratelimiter.updateLimiter({
+          routes: [
+            { route: 'user/find', limit: 0, expires: 3, delay: 250 },
+          ]
+        })
+      })
+    
+      it('should trigger immediately', async()  => {
+        req.determinedIP = '4.1.4.1'
+        try {
+          await ratelimiter.limiter(req, options)
+        }
+        catch(e) {
+          expect(e).to.be.an('error')
+          expect(e).to.have.property('message', 'tooManyRequestsFromThisIP')
+          expect(e).to.have.property('status', 429)
+        }
       })
     })
   })
-})
 
 
-describe('Test section #3 - no throttling', function () {
-  describe('RATE LIMITER TEST', function() {
-    this.timeout(5000)
-    it('init tests', done => {
-      req.determinedIP = '2.3.4.1'
-      init.routes = [
-        { route: 'user/find', throttleLimit: 0, limit: 2, expires: 3, delay: 0 },
-      ]
-      ratelimiter.init(init)
-      return done()
-    })
+  describe('Test section #3 - no throttling', function () {
+    describe('RATE LIMITER TEST', function() {
+      this.timeout(5000)
+      it('Reset Limiter', async() => {
+        await ratelimiter.resetLimiter()
+      })
 
-    it('should not trigger', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('Update settings', async() => {
+        await ratelimiter.updateLimiter({
+          routes: [
+            { route: 'user/find', throttleLimit: 0, limit: 2, expires: 3, delay: 0 },
+          ]
+        })
       })
-    })
-    it('should still not trigger', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+
+      it('should not trigger req #1', async() => {
+        req.determinedIP = '2.3.4.1'
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
-    it('should trigger the limiter', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).to.have.property('status', 429)
-        return done()
+      it('should still not trigger - delayed req #2', async() => {
+        try {
+          await ratelimiter.limiter(req, options)
+        }
+        catch(e) {
+          expect(e).to.have.property('message', 'finalThrottlingActive_requestsIsDelayed')
+          expect(e).to.have.property('status', 900)
+        }
+      })
+      it('should trigger the limiter', async() => {
+        try {
+          await ratelimiter.limiter(req, options)
+        }
+        catch(e) {
+          expect(e).to.have.property('message', 'tooManyRequestsFromThisIP')
+          expect(e).to.have.property('status', 429)
+        }
       })
     })
   })
-})
 
-describe('Test section #4 - routes with clientId', function() {
-  describe('RATE LIMITER TEST', function() {
-    this.timeout(5000)
-    let req = {
-      options: {
-        controller: 'customer',
-        action: 'find'
-      },
-      determinedIP: '1.2.3.4'
-    }
-    let options = {
-      clientId: 'abc'
-    }
-    it('init tests', done => {
-      init.routes = [
-        { route: 'customer/find', clientId: 'abc', throttleLimit: 1, limit: 2, expires: 3, delay: 250 },
-        { route: 'customer/find', throttleLimit: 3, limit: 10, expires: 3, delay: 250 },
-      ]
-      ratelimiter.init(init)
-      return done()
-    })
+  describe('Test section #4 - routes with clientId', function() {
+    describe('RATE LIMITER TEST', function() {
+      this.timeout(5000)
+      let req = {
+        options: {
+          controller: 'customer',
+          action: 'find'
+        },
+        determinedIP: '1.2.3.4'
+      }
+      let options = {
+        clientId: 'abc',
+        routes: [
+          { route: 'customer/find', clientId: 'abc', throttleLimit: 1, limit: 2, expires: 3, delay: 250 },
+          { route: 'customer/find', throttleLimit: 3, limit: 10, expires: 3, delay: 250 },
+        ]
+      }
 
-    it('should not trigger', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('Reset Limiter', async() => {
+        await ratelimiter.resetLimiter()
       })
-    })
-    it('should still not trigger', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).to.have.property('status', 900)
-        return done()
+
+      it('should not trigger - req #1', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
-    it('should still not trigger as only throttling is active', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('should still not trigger but delay - req #2', async() => {
+        try {
+          await ratelimiter.limiter(req, options)
+        }
+        catch(e) {
+          expect(e).to.have.property('message', 'finalThrottlingActive_requestsIsDelayed')
+          expect(e).to.have.property('status', 900)
+        }
+      })
+      it('should still not trigger as ratelimiter is reset', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
 
-    it('Now make request without clientId - should throttler after 3 requests', done => {
-      options = {}
-      return done()
-    })
+      it('Now make request without clientId - should throttler after 3 requests', async() => {
+        options = {
+          routes: [
+            { route: 'customer/find', clientId: 'abc', throttleLimit: 1, limit: 2, expires: 3, delay: 250 },
+            { route: 'customer/find', throttleLimit: 3, limit: 10, expires: 3, delay: 250 },
+          ]
+        }
+      })
 
-    it('should not trigger #1', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('should not trigger #1', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
 
-    it('should not trigger #2', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('should not trigger #2', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
 
-    it('should not trigger #3', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('should not trigger #3', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
 
-    it('should still not trigger', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).to.have.property('status', 900)
-        return done()
+      it('should delay request #4', async() => {
+        try {
+          await ratelimiter.limiter(req, options)
+        }
+        catch(e) {
+          expect(e).to.have.property('message', 'throttlingActive_requestsIsDelayed')
+          expect(e).to.have.property('status', 900)
+        }
       })
     })
   })
-})
 
+  describe('Test section #5 - no limiting', function () {
+    describe('RATE LIMITER TEST', function() {
+      this.timeout(5000)
+      let req = {
+        options: {
+          controller: 'search',
+          action: 'search'
+        },
+        determinedIP: '1.2.3.4'
+      }
+
+      it('Reset Limiter', async() => {
+        await ratelimiter.resetLimiter()
+      })
 
-describe('Test section #5 - no limiting', function () {
-  describe('RATE LIMITER TEST', function() {
-    this.timeout(5000)
-    let req = {
-      options: {
-        controller: 'search',
-        action: 'search'
-      },
-      determinedIP: '1.2.3.4'
-    }
-
-    it('init tests', done => {
-      ratelimiter.init(init)
-      return done()
-    })
+      it('should not trigger #1', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
+      })
 
-    it('should not trigger #1', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('should not trigger #2', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
 
-    it('should not trigger #2', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('should not trigger #3', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
+      })
+
+      it('should not trigger #4', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
-    })
 
-    it('should not trigger #3', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('should not trigger #5', async() => {
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
     })
+  })
+
+  describe('Test section #6 - ignore ignorePrivateIps', function () {
+    describe('RATE LIMITER TEST - ignorePrivateIps', function() {
+      this.timeout(5000)
 
-    it('should not trigger #4', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      let req = {
+        options: {
+          controller: 'user',
+          action: 'find'
+        },
+        determinedIP: '4.1.4.1'
+      }
+
+      it('Reset Limiter', async() => {
+        await ratelimiter.resetLimiter()
+      })
+
+      it('Update settings', async() => {
+        await ratelimiter.updateLimiter({
+          routes: [
+            { route: 'user/find', limit: 0, expires: 3, delay: 250 }
+          ],
+          ignorePrivateIps: true
+        })
+      })
+
+      it('should trigger immediately', async() => {
+        try {
+          await ratelimiter.limiter(req, options)
+        }
+        catch(e) {
+          expect(e).to.have.property('message', 'tooManyRequestsFromThisIP')
+          expect(e).to.have.property('status', 429)
+        }
+      })
+
+      it('should not trigger', async() => {
+        req.determinedIP = '127.0.0.1'
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
+      })
+
+      it('should not trigger - IPv6', async() => {
+        req.determinedIP = '::ffff:127.0.0.1'
+        let result = await ratelimiter.limiter(req, options)
+        expect(result).eql(undefined)
       })
     })
+  })
+
+  describe('Test section #7 - send rateLimitCounter with request', function() {
+    describe('RATE LIMITER TEST - send rateLimitCounter', function() {
+      this.timeout(5000)
 
-    it('should not trigger #5', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+      it('Reset Limiter', async() => {
+        await ratelimiter.resetLimiter()
       })
+
+      it('Update settings', async() => {
+        await ratelimiter.updateLimiter({
+          routes: [
+            { route: 'user/find', limit: 2, expires: 3, delay: 250 }
+          ]
+        })
+      })
+
+      it('should not trigger', async() => {
+        let result = await ratelimiter.limiter(req, { rateLimitCounter: 0 })
+        expect(result).eql(undefined)
+      })
+
+      it('should trigger immediately', async() => {
+        try {
+          await ratelimiter.limiter(req, { rateLimitCounter: 100 })
+        }
+        catch(e) {
+          expect(e).to.have.property('message', 'tooManyRequestsFromThisIP')
+          expect(e).to.have.property('status', 429)
+        }
+      })
+
+
     })
   })
+
 })
 
+describe('Use Redis', () => {
+  
+  after(() => {
+    redis.quit()
+  })
 
-describe('Test section #6 - ignore local ips', function () {
-  describe('RATE LIMITER TEST - LOCAL IPS', function() {
+  describe('Use Redis for ratelimiter', function() {
     this.timeout(5000)
 
-    for (let i=0; i<1000; i++) {
-      it('init tests', done => {
-        req.determinedIP = '4.1.4.1'
-        init.routes = [
-          { route: 'user/find', limit: 0, expires: 3, delay: 250 },
-        ]
-        ratelimiter.init(init)
-        return done()
+    it('Update settings', async() => {
+      await ratelimiterRedis.updateLimiter({
+        routes: [
+        { route: 'user/find', limit: 0, expires: 2, delay: 250 },
+        ],
       })
-    }
+    })
 
-    it('should trigger immediately', done => {
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).to.have.property('status', 429)
-        return done()
-      })
+    it('should trigger immediately', async()  => {
+      req.determinedIP = '4.1.4.1'
+      try {
+        let x = await ratelimiterRedis.limiter(req, options)
+        console.log(304, x)
+      }
+      catch(e) {
+        expect(e).to.be.an('error')
+        expect(e).to.have.property('message', 'tooManyRequestsFromThisIP')
+        expect(e).to.have.property('status', 429)
+      }
     })
 
-    it('should not trigger', done => {
-      req.determinedIP = '127.0.0.1'
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
-      })
+    it('wait for rate limiter to reset', async() => {
+      await setTimeout(3000)
     })
 
-    it('should not trigger - IPv6', done => {
-      req.determinedIP = '::ffff:127.0.0.1'
-      ratelimiter.limiter(req, options, (err) => {
-        expect(err).eql(null)
-        return done()
+    it('Update settings', async() => {
+      await ratelimiterRedis.updateLimiter({
+        routes: [
+          { route: 'user/find', throttleLimit: 1, limit: 2, expires: 3, delay: 250 },
+        ],
       })
     })
+
+    it('req #1 should not trigger', async()  => {
+      let result = await ratelimiterRedis.limiter(req, options)
+      expect(result).eql(undefined)
+    })
+
+    it('req #2 should not trigger throttle warning', async()  => {
+
+      try {
+        await ratelimiterRedis.limiter(req, options)
+      }
+      catch(e) {
+        expect(e).to.be.an('error')
+        expect(e).to.have.property('message', 'finalThrottlingActive_requestsIsDelayed')
+        expect(e).to.have.property('status', 900)
+        expect(e.additionalInfo).to.have.property('counter', 2)
+      }
+    })
+
+    it('req #3 should not trigger the limiter - the throttling has reset the limiter', async()  => {
+      let result = await ratelimiterRedis.limiter(req, options)
+      expect(result).eql(undefined)
+    })
+
   })
+
 })