express-rate-limit 5.3.0 → 5.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -1
- package/lib/express-rate-limit.js +10 -3
- package/package.json +10 -10
package/README.md
CHANGED
|
@@ -102,6 +102,8 @@ app.post("/create-account", createAccountLimiter, function(req, res) {
|
|
|
102
102
|
|
|
103
103
|
A `req.rateLimit` property is added to all requests with the `limit`, `current`, and `remaining` number of requests and, if the store provides it, a `resetTime` Date object. These may be used in your application code to take additional actions or inform the user of their status.
|
|
104
104
|
|
|
105
|
+
The property name can be configured with the configuration option `requestPropertyName`
|
|
106
|
+
|
|
105
107
|
## Configuration options
|
|
106
108
|
|
|
107
109
|
### max
|
|
@@ -112,6 +114,31 @@ May be a number, or a function that returns a number or a promise. If `max` is a
|
|
|
112
114
|
|
|
113
115
|
Defaults to `5`. Set to `0` to disable.
|
|
114
116
|
|
|
117
|
+
Example of using a function:
|
|
118
|
+
|
|
119
|
+
```js
|
|
120
|
+
const rateLimit = require("express-rate-limit");
|
|
121
|
+
|
|
122
|
+
function isPremium(req) {
|
|
123
|
+
//...
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
const limiter = rateLimit({
|
|
127
|
+
windowMs: 15 * 60 * 1000, // 15 minutes
|
|
128
|
+
|
|
129
|
+
// max could also be an async function or return a promise
|
|
130
|
+
max: function(req, res) {
|
|
131
|
+
if (isPremium(req)) {
|
|
132
|
+
return 10;
|
|
133
|
+
}
|
|
134
|
+
return 5;
|
|
135
|
+
}
|
|
136
|
+
});
|
|
137
|
+
|
|
138
|
+
// apply to all requests
|
|
139
|
+
app.use(limiter);
|
|
140
|
+
```
|
|
141
|
+
|
|
115
142
|
### windowMs
|
|
116
143
|
|
|
117
144
|
Timeframe for which requests are checked/remembered. Also used in the Retry-After header when the limit is reached.
|
|
@@ -230,6 +257,11 @@ function (/*req, res*/) {
|
|
|
230
257
|
}
|
|
231
258
|
```
|
|
232
259
|
|
|
260
|
+
### requestPropertyName
|
|
261
|
+
Parameter to add to `req`-Object.
|
|
262
|
+
|
|
263
|
+
Defaults to `rateLimit`.
|
|
264
|
+
|
|
233
265
|
### store
|
|
234
266
|
|
|
235
267
|
The storage to use when persisting rate limit attempts.
|
|
@@ -314,4 +346,4 @@ v2 uses a less precise but less resource intensive method of tracking hits from
|
|
|
314
346
|
|
|
315
347
|
## License
|
|
316
348
|
|
|
317
|
-
MIT © [Nathan Friedly](http://nfriedly.com/)
|
|
349
|
+
MIT © [Nathan Friedly](http://nfriedly.com/)
|
|
@@ -27,6 +27,7 @@ function RateLimit(options) {
|
|
|
27
27
|
res.status(options.statusCode).send(options.message);
|
|
28
28
|
},
|
|
29
29
|
onLimitReached: function (/*req, res, optionsUsed*/) {},
|
|
30
|
+
requestPropertyName: "rateLimit", // Parameter name appended to req object
|
|
30
31
|
},
|
|
31
32
|
options
|
|
32
33
|
);
|
|
@@ -74,7 +75,7 @@ function RateLimit(options) {
|
|
|
74
75
|
|
|
75
76
|
Promise.resolve(maxResult)
|
|
76
77
|
.then((max) => {
|
|
77
|
-
req.
|
|
78
|
+
req[options.requestPropertyName] = {
|
|
78
79
|
limit: max,
|
|
79
80
|
current: current,
|
|
80
81
|
remaining: Math.max(max - current, 0),
|
|
@@ -83,7 +84,10 @@ function RateLimit(options) {
|
|
|
83
84
|
|
|
84
85
|
if (options.headers && !res.headersSent) {
|
|
85
86
|
res.setHeader("X-RateLimit-Limit", max);
|
|
86
|
-
res.setHeader(
|
|
87
|
+
res.setHeader(
|
|
88
|
+
"X-RateLimit-Remaining",
|
|
89
|
+
req[options.requestPropertyName].remaining
|
|
90
|
+
);
|
|
87
91
|
if (resetTime instanceof Date) {
|
|
88
92
|
// if we have a resetTime, also provide the current date to help avoid issues with incorrect clocks
|
|
89
93
|
res.setHeader("Date", new Date().toUTCString());
|
|
@@ -95,7 +99,10 @@ function RateLimit(options) {
|
|
|
95
99
|
}
|
|
96
100
|
if (options.draft_polli_ratelimit_headers && !res.headersSent) {
|
|
97
101
|
res.setHeader("RateLimit-Limit", max);
|
|
98
|
-
res.setHeader(
|
|
102
|
+
res.setHeader(
|
|
103
|
+
"RateLimit-Remaining",
|
|
104
|
+
req[options.requestPropertyName].remaining
|
|
105
|
+
);
|
|
99
106
|
if (resetTime) {
|
|
100
107
|
const deltaSeconds = Math.ceil(
|
|
101
108
|
(resetTime.getTime() - Date.now()) / 1000
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "express-rate-limit",
|
|
3
|
-
"version": "5.
|
|
3
|
+
"version": "5.4.0",
|
|
4
4
|
"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
|
|
5
5
|
"homepage": "https://github.com/nfriedly/express-rate-limit",
|
|
6
6
|
"author": {
|
|
@@ -33,16 +33,16 @@
|
|
|
33
33
|
],
|
|
34
34
|
"devDependencies": {
|
|
35
35
|
"bluebird": "^3.7.2",
|
|
36
|
-
"eslint": "^7.
|
|
37
|
-
"eslint-config-prettier": "^
|
|
38
|
-
"eslint-plugin-prettier": "^
|
|
36
|
+
"eslint": "^7.32.0",
|
|
37
|
+
"eslint-config-prettier": "^8.3.0",
|
|
38
|
+
"eslint-plugin-prettier": "^4.0.0",
|
|
39
39
|
"express": "^4.17.1",
|
|
40
|
-
"husky": "^
|
|
41
|
-
"mocha": "^
|
|
42
|
-
"prettier": "^2.
|
|
43
|
-
"pretty-quick": "^3.1.
|
|
44
|
-
"sinon": "^
|
|
45
|
-
"supertest": "^6.1.
|
|
40
|
+
"husky": "^7.0.2",
|
|
41
|
+
"mocha": "^9.1.2",
|
|
42
|
+
"prettier": "^2.4.1",
|
|
43
|
+
"pretty-quick": "^3.1.1",
|
|
44
|
+
"sinon": "^11.1.2",
|
|
45
|
+
"supertest": "^6.1.6"
|
|
46
46
|
},
|
|
47
47
|
"scripts": {
|
|
48
48
|
"lint": "eslint .",
|