express-project-builder 1.0.27 → 1.0.28

package/README.md

@@ -394,40 +394,27 @@ router.post(
 import { createProgressiveRateLimiter } from "../../middlewares/rateLimitingHandler";
 
 // Create rate limiter instances with different configurations
-const apiRateLimiter = createProgressiveRateLimiter({
-  initialWindowMs: 60 * 1000, // 1 minute
-  initialMax: 100, // limit each IP to 100 requests per windowMs
-  initialBlockMs: 15 * 60 * 1000, // block for 15 minutes on first offense
+const globalRateLimiter = createProgressiveRateLimiter({
+  windowMs: 60 * 1000, // 1 minute window
+  maxRequests: 200, // 200 requests per window
+  initialBlockMs: 15 * 60 * 1000, // 15 minutes initial block
+  // enableLogger: true, // Enable console logs
   message: {
     success: false,
     message: "Too many requests from this IP, please try again later.",
   },
-  skipSuccessfulRequests: false,
-  skipFailedRequests: false,
-  // Custom keyGenerator to handle proxied requests
   keyGenerator: (req: Request) => {
-    // Check for X-Forwarded-For header (common when behind proxy)
+    // Get real IP from proxy headers
     const forwarded = req.headers["x-forwarded-for"] as string;
-    if (forwarded) {
-      // If multiple IPs, take the first one (client IP)
-      return forwarded.split(",")[0].trim();
-    }
-
-    // Fallback to other methods
-    return (
-      req.ip ||
-      req.socket?.remoteAddress ||
-      req.connection?.remoteAddress ||
-      "unknown"
-    );
+    if (forwarded) return forwarded.split(",")[0].trim();
+    return req.ip || req.socket?.remoteAddress || "unknown";
   },
 });
-
 // Apply rate limiter to a specific route
-router.get("/products", apiRateLimiter, ProductControllers.getAllProducts);
+router.get("/products", globalRateLimiter, ProductControllers.getAllProducts);
 
 // Apply rate limiter globally to all API routes
-app.use("/v1/api/", apiRateLimiter, routers);
+app.use("/v1/api/", globalRateLimiter, routers);
 ```
 
 - /src/middlewares/**validateRequest.ts** <br/>

package/dist/lib/src/createAppFile.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"createAppFile.d.ts","sourceRoot":"","sources":["../../../src/lib/src/createAppFile.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,aAAa,GAAU,aAAa,MAAM,KAAG,OAAO,CAAC,IAAI,CA2IrE,CAAC"}
+{"version":3,"file":"createAppFile.d.ts","sourceRoot":"","sources":["../../../src/lib/src/createAppFile.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,aAAa,GAAU,aAAa,MAAM,KAAG,OAAO,CAAC,IAAI,CAiIrE,CAAC"}

package/dist/lib/src/createAppFile.js

@@ -19,33 +19,23 @@ const app: Application = express();
 // Enable trust proxy (if behind proxy)
   app.enable('trust proxy');
 
-// Rate limiting configuration
-const apiRateLimiter = createProgressiveRateLimiter({
-  initialWindowMs: 60 * 1000, // 1 minute
-  initialMax: 100, // limit each IP to 100 requests per windowMs
-  initialBlockMs: 15 * 60 * 1000, // block for 15 minutes on first offense
+// 🧱 Create limiter instance
+const globalRateLimiter = createProgressiveRateLimiter({
+  windowMs: 60 * 1000, // 1 minute window
+  maxRequests: 200, // 200 requests per window
+  initialBlockMs: 15 * 60 * 1000, // 15 minutes initial block
+  // enableLogger: true, // Enable console logs
   message: {
     success: false,
     message: 'Too many requests from this IP, please try again later.'
   },
-  skipSuccessfulRequests: false,
-  skipFailedRequests: false,
-  // Add this custom keyGenerator
   keyGenerator: (req: Request) => {
-    // Check for X-Forwarded-For header (common when behind proxy)
-    const forwarded = req.headers['x-forwarded-for'] as string;
-    if (forwarded) {
-      // If multiple IPs, take the first one (client IP)
-      return forwarded.split(',')[0].trim();
-    }
-    
-    // Fallback to other methods
-    return req.ip || 
-           req.socket?.remoteAddress || 
-           req.connection?.remoteAddress || 
-           'unknown';
+    // Get real IP from proxy headers
+    const forwarded = req.headers['x-forwarded-for'] as string
+    if (forwarded) return forwarded.split(',')[0].trim()
+    return req.ip || req.socket?.remoteAddress || 'unknown'
   }
-});
+})
 
 // CORS configuration
 const getCorsOrigin = async (): Promise<string[]> => {
@@ -81,7 +71,7 @@ app.use(bigIntSerializer);
 // CORS configuration with dynamic origins
 app.use(
   '/v1/api',
-  apiRateLimiter,
+  globalRateLimiter,
   cors({
     origin: async (origin: string | undefined, callback: (err: Error | null, allow?: boolean) => void) => {
       try {
@@ -107,7 +97,7 @@ app.use(
   }),
 );
 // API routes
-app.use('/v1/api', apiRateLimiter, routers);
+app.use('/v1/api', globalRateLimiter, routers);
 // Home route
 const homeRoute = (req: Request, res: Response): void => {
   res.status(200).json({
@@ -118,9 +108,9 @@ const homeRoute = (req: Request, res: Response): void => {
     timestamp: new Date().toISOString()
   });
 };
-app.get('/', apiRateLimiter, homeRoute);
+app.get('/', globalRateLimiter, homeRoute);
 // Health check endpoint
-app.get('/health', apiRateLimiter, (req: Request, res: Response) => {
+app.get('/health', globalRateLimiter, (req: Request, res: Response) => {
   res.status(200).json({
     status: 'OK',
     timestamp: new Date().toISOString(),

package/dist/lib/src/createAppFile.js.map

@@ -1 +1 @@
-{"version":3,"file":"createAppFile.js","sourceRoot":"","sources":["../../../src/lib/src/createAppFile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,KAAK,MAAM,OAAO,CAAC,CAAC,qBAAqB;AAEhD,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,WAAmB,EAAiB,EAAE;IACxE,IAAI,CAAC;QACH,IAAI,WAAW,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgIrB,CAAC;QACE,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC;QACvE,mCAAmC;QACnC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,mCAAmC;QACnC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,4BAA4B,CAAC,EAAE,GAAG,CAAC,CAAC;QAC5D,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"createAppFile.js","sourceRoot":"","sources":["../../../src/lib/src/createAppFile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,KAAK,MAAM,OAAO,CAAC,CAAC,qBAAqB;AAEhD,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,WAAmB,EAAiB,EAAE;IACxE,IAAI,CAAC;QACH,IAAI,WAAW,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsHrB,CAAC;QACE,MAAM,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,WAAW,CAAC,CAAC;QACvE,mCAAmC;QACnC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,mCAAmC;QACnC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,4BAA4B,CAAC,EAAE,GAAG,CAAC,CAAC;QAC5D,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC,CAAC"}

package/dist/lib/src/middlewares/create_RateLimiting_Handler_Guard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create_RateLimiting_Handler_Guard.d.ts","sourceRoot":"","sources":["../../../../src/lib/src/middlewares/create_RateLimiting_Handler_Guard.ts"],"names":[],"mappings":"AAIA;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,GAC5C,aAAa,MAAM,KAClB,OAAO,CAAC,IAAI,CA6Qd,CAAC"}
+{"version":3,"file":"create_RateLimiting_Handler_Guard.d.ts","sourceRoot":"","sources":["../../../../src/lib/src/middlewares/create_RateLimiting_Handler_Guard.ts"],"names":[],"mappings":"AAIA;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,GAC5C,aAAa,MAAM,KAClB,OAAO,CAAC,IAAI,CAyYd,CAAC"}

package/dist/lib/src/middlewares/create_RateLimiting_Handler_Guard.js

@@ -8,254 +8,378 @@ import chalk from "chalk";
  */
 export const create_RateLimiting_Handler_Guard = async (projectPath) => {
     try {
-        const rateLimitingHandlerTemplate = `import { NextFunction, Request, Response } from 'express';
+        const rateLimitingHandlerTemplate = `/* eslint-disable @typescript-eslint/ban-ts-comment */
+/* eslint-disable @typescript-eslint/no-explicit-any */
+/* eslint-disable @typescript-eslint/no-unused-vars */
+import { NextFunction, Request, Response } from 'express'
+
+interface RateLimitOptions {
+  windowMs?: number
+  maxRequests?: number
+  initialBlockMs?: number
+  message?: string | object
+  skipSuccessfulRequests?: boolean
+  skipFailedRequests?: boolean
+  keyGenerator?: (req: Request) => string
+  enableLogger?: boolean
+  skip?: (req: Request) => boolean
+}
+
+interface RequestTracker {
+  count: number
+  resetTime: number
+  windowStart: number
+}
+
+interface BlockInfo {
+  unblockTime: number
+  blockCount: number
+  lastBlockDuration: number
+  blockHistory: Array<{
+    duration: number
+    timestamp: number
+  }>
+}
+
+// Symbol to mark that a request has already been processed
+const RATE_LIMIT_CHECKED = Symbol('rateLimitChecked')
 
 /**
- * Creates a progressive rate limiter with increasing block durations
- * @param options Configuration options
- * @returns Express middleware function
+ * Creates a progressive rate limiter with escalating block durations
+ * Features:
+ * - IP-based or user-based rate limiting
+ * - Progressive blocking (15min → 1day → 7days → 30days → 1year)
+ * - Automatic cleanup of old entries
+ * - Prevents double-counting on same request
+ * - Standard rate limit headers
  */
 export const createProgressiveRateLimiter = (
-  options: {
-    initialWindowMs?: number; // Time window for counting requests
-    initialMax?: number; // Max requests per window
-    initialBlockMs?: number; // Initial block duration
-    message?: string | object; // Custom message when blocked
-    skipSuccessfulRequests?: boolean;
-    skipFailedRequests?: boolean;
-    keyGenerator?: (req: Request) => string;
-  } = {}
+  options: RateLimitOptions = {}
 ) => {
-  // Set default values
   const {
-    initialWindowMs = 60 * 1000, // 1 minute by default
-    initialMax = 15, // 15 requests by default
-    initialBlockMs = 20 * 60 * 1000, // 20 minutes initial block
+    windowMs = 60 * 1000, // 1 minute
+    maxRequests = 15,
+    initialBlockMs = 20 * 60 * 1000, // 20 minutes
     message = {
       success: false,
       message: 'Too many requests. You are temporarily blocked.'
     },
     skipSuccessfulRequests = false,
     skipFailedRequests = false,
-    keyGenerator = (req: Request) =>
-      req.ip || req.connection.remoteAddress || 'unknown'
-  } = options;
-
-  // Store for tracking request counts and blocked IPs
-  const requestCounts = new Map<string, { count: number; resetTime: number }>();
-  const blockedIPs = new Map<
-    string,
-    {
-      unblockTime: number;
-      blockHistory: { duration: number; timestamp: number }[];
+    keyGenerator = (req: Request) => {
+      // Get real IP from common proxy headers
+      const forwarded = req.headers['x-forwarded-for'] as string
+      if (forwarded) return forwarded.split(',')[0].trim()
+      return req.ip || req.socket?.remoteAddress || 'unknown'
+    },
+    enableLogger = false,
+    skip = () => false
+  } = options
+
+  // In-memory stores
+  const requestTrackers = new Map<string, RequestTracker>()
+  const blockedClients = new Map<string, BlockInfo>()
+
+  // Logging helper
+  const log = (...args: any[]) => {
+    if (enableLogger) {
+      console.log('[RateLimiter]', ...args)
     }
-  >();
+  }
 
-  // Cleanup function to remove old entries
+  /**
+   * Cleanup old entries to prevent memory leaks
+   */
   const cleanup = () => {
-    const now = Date.now();
-    
-    // Clean up request counts
-    for (const [key, value] of requestCounts.entries()) {
-      if (value.resetTime < now) {
-        requestCounts.delete(key);
+    const now = Date.now()
+    let cleanedTrackers = 0
+    let cleanedBlocks = 0
+
+    // Clean expired request trackers
+    for (const [key, tracker] of requestTrackers.entries()) {
+      if (tracker.resetTime < now) {
+        requestTrackers.delete(key)
+        cleanedTrackers++
       }
     }
-    
-    // Clean up blocked IPs
-    for (const [key, value] of blockedIPs.entries()) {
-      if (value.unblockTime < now) {
-        // Keep block history but remove the block
-        blockedIPs.delete(key);
+
+    // Clean expired blocks
+    for (const [key, blockInfo] of blockedClients.entries()) {
+      if (blockInfo.unblockTime < now) {
+        blockedClients.delete(key)
+        cleanedBlocks++
       }
     }
-  };
 
-  // Run cleanup every minute
-  setInterval(cleanup, 60 * 1000);
+    if (cleanedTrackers > 0 || cleanedBlocks > 0) {
+      log(
+        \`Cleanup: \${cleanedTrackers} trackers, \${cleanedBlocks} blocks removed\`
+      )
+    }
+  }
+
+  // Run cleanup every 2 minutes
+  const cleanupInterval = setInterval(cleanup, 2 * 60 * 1000)
 
-  // Function to determine next block duration based on history
-  const calculateNextBlockDuration = (
-    blockHistory: { duration: number; timestamp: number }[]
+  // Cleanup on process exit
+  if (typeof process !== 'undefined') {
+    process.on('exit', () => clearInterval(cleanupInterval))
+  }
+
+  /**
+   * Calculate next block duration based on violation history
+   */
+  const calculateBlockDuration = (
+    blockHistory: Array<{ duration: number; timestamp: number }>
   ): number => {
-    const now = Date.now();
-    
-    // Filter out old blocks (older than 30 days)
+    const now = Date.now()
+    const thirtyDaysAgo = now - 30 * 24 * 60 * 60 * 1000
+
+    // Only consider blocks in last 30 days
     const recentBlocks = blockHistory.filter(
-      block => now - block.timestamp < 30 * 24 * 60 * 60 * 1000
-    );
-    
-    // Count blocks by duration type
-    const twentyMinBlocks = recentBlocks.filter(
-      b => b.duration === initialBlockMs
-    ).length;
-    const oneDayBlocks = recentBlocks.filter(
-      b => b.duration === 24 * 60 * 60 * 1000
-    ).length;
-    const sevenDayBlocks = recentBlocks.filter(
-      b => b.duration === 7 * 24 * 60 * 60 * 1000
-    ).length;
-    const oneMonthBlocks = recentBlocks.filter(
-      b => b.duration === 30 * 24 * 60 * 60 * 1000
-    ).length;
-    
-    // Progressive blocking logic
-    if (oneMonthBlocks >= 3) {
-      // 1 year block
-      return 365 * 24 * 60 * 60 * 1000;
-    } else if (sevenDayBlocks >= 3) {
-      // 1 month block
-      return 30 * 24 * 60 * 60 * 1000;
-    } else if (oneDayBlocks >= 3) {
-      // 7 days block
-      return 7 * 24 * 60 * 60 * 1000;
-    } else if (twentyMinBlocks >= 5) {
-      // 1 day block
-      return 24 * 60 * 60 * 1000;
-    } else {
-      // Default 20 minutes block
-      return initialBlockMs;
+      block => block.timestamp > thirtyDaysAgo
+    )
+
+    if (recentBlocks.length === 0) {
+      return initialBlockMs // First offense: initial block duration
     }
-  };
 
-  // Function to get block message based on duration
-  const getBlockMessage = (duration: number): string | object => {
-    if (typeof message === 'string') {
-      return message;
+    // Count violations by severity
+    const blockCounts = {
+      initial: 0, // 15-20 minutes
+      day: 0, // 1 day
+      week: 0, // 7 days
+      month: 0, // 30 days
+      year: 0 // 1 year
     }
-    
-    let blockDurationText = '';
-    if (duration >= 365 * 24 * 60 * 60 * 1000) {
-      blockDurationText = '1 year';
-    } else if (duration >= 30 * 24 * 60 * 60 * 1000) {
-      blockDurationText = '1 month';
-    } else if (duration >= 7 * 24 * 60 * 60 * 1000) {
-      blockDurationText = '7 days';
-    } else if (duration >= 24 * 60 * 60 * 1000) {
-      blockDurationText = '1 day';
+
+    recentBlocks.forEach(block => {
+      if (block.duration >= 365 * 24 * 60 * 60 * 1000) {
+        blockCounts.year++
+      } else if (block.duration >= 30 * 24 * 60 * 60 * 1000) {
+        blockCounts.month++
+      } else if (block.duration >= 7 * 24 * 60 * 60 * 1000) {
+        blockCounts.week++
+      } else if (block.duration >= 24 * 60 * 60 * 1000) {
+        blockCounts.day++
+      } else {
+        blockCounts.initial++
+      }
+    })
+
+    // Progressive escalation logic
+    if (blockCounts.month >= 3) {
+      return 365 * 24 * 60 * 60 * 1000 // 1 year
+    } else if (blockCounts.week >= 3) {
+      return 30 * 24 * 60 * 60 * 1000 // 30 days
+    } else if (blockCounts.day >= 3) {
+      return 7 * 24 * 60 * 60 * 1000 // 7 days
+    } else if (blockCounts.initial >= 5) {
+      return 24 * 60 * 60 * 1000 // 1 day
     } else {
-      blockDurationText = \`\${initialBlockMs ? initialBlockMs / 60000 : 20} minutes\`;
+      return initialBlockMs // Initial block duration
+    }
+  }
+
+  /**
+   * Format block duration for user-friendly message
+   */
+  const formatDuration = (durationMs: number): string => {
+    const minutes = Math.floor(durationMs / 60000)
+    const hours = Math.floor(minutes / 60)
+    const days = Math.floor(hours / 24)
+
+    if (days >= 365) return '1 year'
+    if (days >= 30) return '30 days'
+    if (days >= 7) return '7 days'
+    if (days >= 1) return \`\${days} day\${days > 1 ? 's' : ''}\`
+    if (hours >= 1) return \`\${hours} hour\${hours > 1 ? 's' : ''}\`
+    return \`\${minutes} minute\${minutes > 1 ? 's' : ''}\`
+  }
+
+  /**
+   * Get block message with duration
+   */
+  const getBlockMessage = (durationMs: number): any => {
+    if (typeof message === 'string') {
+      return message
     }
-    
+
+    const duration = formatDuration(durationMs)
     return {
       ...message,
-      message: \`Too many requests. You are blocked for \${blockDurationText}.\`
-    };
-  };
+      message: \`Too many requests. You are blocked for \${duration}.\`,
+      retryAfter: Math.ceil(durationMs / 1000)
+    }
+  }
 
-  // Helper function to set rate limit headers
-  const setRateLimitHeaders = (
+  /**
+   * Set standard rate limit headers
+   */
+  const setHeaders = (
     res: Response,
     limit: number,
     remaining: number,
     resetTime: number,
     retryAfter?: number
   ) => {
-    res.setHeader('X-RateLimit-Limit', limit.toString());
-    res.setHeader('X-RateLimit-Remaining', remaining.toString());
-    res.setHeader('X-RateLimit-Reset', Math.ceil(resetTime / 1000).toString());
-    if (retryAfter) {
-      res.setHeader('Retry-After', retryAfter.toString());
+    res.setHeader('X-RateLimit-Limit', limit.toString())
+    res.setHeader('X-RateLimit-Remaining', Math.max(0, remaining).toString())
+    res.setHeader('X-RateLimit-Reset', Math.ceil(resetTime / 1000).toString())
+
+    if (retryAfter !== undefined) {
+      res.setHeader('Retry-After', Math.ceil(retryAfter).toString())
     }
-  };
+  }
 
+  /**
+   * Main middleware function
+   */
   return (req: Request, res: Response, next: NextFunction) => {
-    const key = keyGenerator(req);
-    const now = Date.now();
-    
-    // Check if IP is blocked
-    if (blockedIPs.has(key)) {
-      const blockInfo = blockedIPs.get(key)!;
-      if (blockInfo.unblockTime > now) {
-        const retryAfter = Math.ceil((blockInfo.unblockTime - now) / 1000);
-        setRateLimitHeaders(
-          res,
-          initialMax,
-          0,
-          blockInfo.unblockTime,
-          retryAfter
-        );
-        res.status(429).json(getBlockMessage(blockInfo.unblockTime - now));
-        return;
-      } else {
-        // Unblock if time has passed
-        blockedIPs.delete(key);
-      }
+    // Check if this request should be skipped
+    if (skip(req)) {
+      return next()
+    }
+
+    // Prevent double-counting the same request
+    // @ts-ignore
+    if (req[RATE_LIMIT_CHECKED]) {
+      log(\`Request already checked, skipping...\`)
+      return next()
+    }
+    // @ts-ignore
+    req[RATE_LIMIT_CHECKED] = true
+
+    const key = keyGenerator(req)
+    const now = Date.now()
+
+    log(\`Request from \${key}\`)
+
+    // Check if client is currently blocked
+    const blockInfo = blockedClients.get(key)
+    if (blockInfo && blockInfo.unblockTime > now) {
+      const remainingTime = blockInfo.unblockTime - now
+      const retryAfterSeconds = Math.ceil(remainingTime / 1000)
+
+      log(\`Blocked client \${key} - \${formatDuration(remainingTime)} remaining\`)
+
+      setHeaders(res, maxRequests, 0, blockInfo.unblockTime, retryAfterSeconds)
+      return res.status(429).json(getBlockMessage(remainingTime))
     }
-    
-    // Get or create request count info
-    let countInfo = requestCounts.get(key);
-    if (!countInfo || countInfo.resetTime < now) {
-      // New window
-      countInfo = {
-        count: 1,
-        resetTime: now + initialWindowMs
-      };
-      requestCounts.set(key, countInfo);
-      // Set headers for new window
-      setRateLimitHeaders(res, initialMax, initialMax - 1, countInfo.resetTime);
-      next();
-      return;
+
+    // Client is no longer blocked, remove from blocked list
+    if (blockInfo) {
+      blockedClients.delete(key)
+      log(\`Unblocked client \${key}\`)
     }
-    
-    // Increment count
-    countInfo.count++;
-    
-    // Set headers for existing window
-    setRateLimitHeaders(
-      res,
-      initialMax,
-      Math.max(0, initialMax - countInfo.count),
-      countInfo.resetTime
-    );
-    
-    // Check if we should skip counting this request
-    const isSuccess = res.statusCode < 400;
-    if (
-      (skipSuccessfulRequests && isSuccess) ||
-      (skipFailedRequests && !isSuccess)
-    ) {
-      next();
-      return;
+
+    // Get or initialize request tracker
+    let tracker = requestTrackers.get(key)
+
+    if (!tracker || tracker.resetTime <= now) {
+      // Start new tracking window
+      tracker = {
+        count: 0,
+        resetTime: now + windowMs,
+        windowStart: now
+      }
+      requestTrackers.set(key, tracker)
+      log(\`New window for \${key}\`)
     }
-    
+
+    // Increment request count
+    tracker.count++
+    const remaining = maxRequests - tracker.count
+
+    log(\`Client \${key}: \${tracker.count}/\${maxRequests} requests\`)
+
+    // Set rate limit headers
+    setHeaders(res, maxRequests, remaining, tracker.resetTime)
+
     // Check if limit exceeded
-    if (countInfo.count > initialMax) {
-      // Get existing block history or create new one
-      let blockHistory: { duration: number; timestamp: number }[] = [];
-      if (blockedIPs.has(key)) {
-        blockHistory = blockedIPs.get(key)!.blockHistory;
-      }
-      
-      // Calculate next block duration based on history
-      const blockDuration = calculateNextBlockDuration(blockHistory);
-      
-      // Add this block to history
+    if (tracker.count > maxRequests) {
+      // Get or initialize block history
+      const existingBlock = blockedClients.get(key)
+      const blockHistory = existingBlock?.blockHistory || []
+
+      // Calculate new block duration
+      const blockDuration = calculateBlockDuration(blockHistory)
+      const unblockTime = now + blockDuration
+
+      // Add this violation to history
       blockHistory.push({
         duration: blockDuration,
         timestamp: now
-      });
-      
-      // Block the IP
-      const unblockTime = now + blockDuration;
-      blockedIPs.set(key, {
+      })
+
+      // Keep only last 30 days of history
+      const filteredHistory = blockHistory.filter(
+        block => now - block.timestamp < 30 * 24 * 60 * 60 * 1000
+      )
+
+      // Block the client
+      blockedClients.set(key, {
         unblockTime,
-        blockHistory
-      });
-      
-      // Remove from request counts to save memory
-      requestCounts.delete(key);
-      
-      // Set headers for blocked IP
-      const retryAfter = Math.ceil(blockDuration / 1000);
-      setRateLimitHeaders(res, initialMax, 0, unblockTime, retryAfter);
-      res.status(429).json(getBlockMessage(blockDuration));
-      return;
+        blockCount: (existingBlock?.blockCount || 0) + 1,
+        lastBlockDuration: blockDuration,
+        blockHistory: filteredHistory
+      })
+
+      // Remove from active trackers
+      requestTrackers.delete(key)
+
+      const retryAfterSeconds = Math.ceil(blockDuration / 1000)
+
+      log(
+        \`BLOCKED \${key} for \${formatDuration(blockDuration)} (violation #\${filteredHistory.length})\`
+      )
+
+      setHeaders(res, maxRequests, 0, unblockTime, retryAfterSeconds)
+      return res.status(429).json(getBlockMessage(blockDuration))
+    }
+
+    // Allow request to proceed
+    next()
+  }
+}
+
+/**
+ * Create user-specific rate limiter (requires authentication middleware first)
+ */
+export const createUserRateLimiter = (options: RateLimitOptions = {}) => {
+  return createProgressiveRateLimiter({
+    ...options,
+    keyGenerator: (req: Request) => {
+      // @ts-ignore - assuming req.user exists from auth middleware
+      const userId = req.user?.id || req.user?._id
+      if (userId) {
+        return \`user:\${userId}\`
+      }
+      // Fallback to IP if no user
+      const forwarded = req.headers['x-forwarded-for'] as string
+      if (forwarded) return \`ip:\${forwarded.split(',')[0].trim()}\`
+      return \`ip:\${req.ip || req.socket?.remoteAddress || 'unknown'}\`
+    }
+  })
+}
+
+/**
+ * Create endpoint-specific rate limiter
+ */
+export const createEndpointRateLimiter = (
+  endpoint: string,
+  options: RateLimitOptions = {}
+) => {
+  return createProgressiveRateLimiter({
+    ...options,
+    keyGenerator: (req: Request) => {
+      const baseKey = options.keyGenerator
+        ? options.keyGenerator(req)
+        : req.ip || 'unknown'
+      return \`\${endpoint}:\${baseKey}\`
     }
-    
-    next();
-  };
-};
+  })
+}
 `;
         await createFile(path.join(projectPath, "src/app/middlewares", "rateLimitingHandler.ts"), rateLimitingHandlerTemplate);
         // Success message with green checkmark and text

package/dist/lib/src/middlewares/create_RateLimiting_Handler_Guard.js.map

@@ -1 +1 @@
-{"version":3,"file":"create_RateLimiting_Handler_Guard.js","sourceRoot":"","sources":["../../../../src/lib/src/middlewares/create_RateLimiting_Handler_Guard.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B;;;;GAIG;AACH,MAAM,CAAC,MAAM,iCAAiC,GAAG,KAAK,EACpD,WAAmB,EACJ,EAAE;IACjB,IAAI,CAAC;QACH,MAAM,2BAA2B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwPvC,CAAC;QAEE,MAAM,UAAU,CACd,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,EAAE,wBAAwB,CAAC,EACvE,2BAA2B,CAC5B,CAAC;QAEF,gDAAgD;QAChD,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,KAAK,CAAC,mDAAmD,CAAC,CACjE,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,wCAAwC;QACxC,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,8CAA8C,CAAC,EACzD,GAAG,CACJ,CAAC;QACF,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC,CAAC"}
+{"version":3,"file":"create_RateLimiting_Handler_Guard.js","sourceRoot":"","sources":["../../../../src/lib/src/middlewares/create_RateLimiting_Handler_Guard.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B;;;;GAIG;AACH,MAAM,CAAC,MAAM,iCAAiC,GAAG,KAAK,EACpD,WAAmB,EACJ,EAAE;IACjB,IAAI,CAAC;QACH,MAAM,2BAA2B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoXvC,CAAC;QAEE,MAAM,UAAU,CACd,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,qBAAqB,EAAE,wBAAwB,CAAC,EACvE,2BAA2B,CAC5B,CAAC;QAEF,gDAAgD;QAChD,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,KAAK,CAAC,mDAAmD,CAAC,CACjE,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,wCAAwC;QACxC,OAAO,CAAC,KAAK,CACX,KAAK,CAAC,GAAG,CAAC,8CAA8C,CAAC,EACzD,GAAG,CACJ,CAAC;QACF,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "express-project-builder",
-  "version": "1.0.27",
+  "version": "1.0.28",
   "description": "A powerful and professional Express.js project generator CLI that instantly scaffolds a production-ready backend with TypeScript, modular architecture, and built-in support for MongoDB (Mongoose) or PostgreSQL (Prisma). Includes authentication, error handling, rate limiting, file upload, caching, and utility functions—so you can focus on building features instead of boilerplate. Perfect for kickstarting your next Express.js API project with best practices and modern tools.",
   "type": "module",
   "main": "dist/bin/index.js",