express-rate-limit 5.4.1 → 6.0.1

package/changelog.md

@@ -0,0 +1,97 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to
+[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [6.0.0](https://github.com/nfriedly/express-rate-limit/releases/v6.0.0)
+
+### Added
+
+- `express` 4.x as a peer dependency.
+- Better Typescript support (the library was rewritten in Typescript).
+- Export the package as both ESM and CJS.
+- Publish the built package (`.tgz` file) on GitHub releases as well as the npm
+  registry.
+- Issue and PR templates.
+- A contributing guide.
+
+### Changed
+
+- Rename the `draft_polli_ratelimit_headers` option to `standardHeaders`.
+- Rename the `headers` option to `legacyHeaders`.
+- `Retry-After` header is now sent if either `legacyHeaders` or
+  `standardHeaders` is set.
+- Allow `keyGenerator` to be an async function/return a promise.
+- Change the way custom stores are defined.
+  - Add the `init` method for stores to set themselves up using options passed
+    to the middleware.
+  - Rename the `incr` method to `increment`.
+  - Allow the `increment`, `decrement`, `resetKey` and `resetAll` methods to
+    return a promise.
+  - Old stores will automatically be promisified and used.
+- The package can now only be used with NodeJS version 12.9.0 or greater.
+- The `onLimitReached` configuration option is now deprecated. Replace it with a
+  custom `handler` that checks the number of hits.
+
+### Removed
+
+- Remove the deprecated `limiter.resetIp` method (use the `limiter.resetKey`
+  method instead).
+- Remove the deprecated options `delayMs`, `delayAfter` (the delay functionality
+  was moved to the
+  [`express-slow-down`](https://github.com/nfriedly/express-slow-down) package)
+  and `global` (use a key generator that returns a constant value).
+
+## [5.x](https://github.com/nfriedly/express-rate-limit/releases/tag/v5.5.1)
+
+### Added
+
+- The middleware ~throws~ logs an error if `request.ip` is undefined.
+
+### Removed
+
+- Removes typescript typings. (See
+  [#138](https://github.com/nfriedly/express-rate-limit/issues/138))
+
+## [4.x](https://github.com/nfriedly/express-rate-limit/releases/tag/v4.0.4)
+
+### Changed
+
+- The library no longer modifies the passed-in options object, it instead makes
+  a clone of it.
+
+## [3.x](https://github.com/nfriedly/express-rate-limit/releases/tag/v3.5.2)
+
+### Added
+
+- Simplifies the default `handler` function so that it no longer changes the
+  response format. The default handler also uses
+  [response.send](https://expressjs.com/en/4x/api.html#response.send).
+
+### Changes
+
+- `onLimitReached` now only triggers once for a client and window. However, the
+  `handle` method is called for every blocked request.
+
+### Removed
+
+- The `delayAfter` and `delayMs` options; they were moved to the
+  [express-slow-down](https://npmjs.org/package/express-slow-down) package.
+
+## [2.x](https://github.com/nfriedly/express-rate-limit/releases/tag/v2.14.2)
+
+### Added
+
+- A `limiter.resetKey()` method to reset the hit counter for a particular client
+
+### Changes
+
+- The rate limiter now uses a less precise but less resource intensive method of
+  tracking hits from a client.
+
+### Removed
+
+- The `global` option.

package/dist/cjs/index.d.ts

@@ -0,0 +1,2 @@
+export * from './types.js';
+export { default } from './lib.js';

package/dist/cjs/index.js

@@ -0,0 +1,19 @@
+"use strict";
+// /source/index.ts
+// Export away!
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+exports.__esModule = true;
+exports["default"] = void 0;
+__exportStar(require("./types.js"), exports);
+var lib_js_1 = require("./lib.js");
+__createBinding(exports, lib_js_1, "default");
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../source/index.ts"],"names":[],"mappings":";AAAA,mBAAmB;AACnB,eAAe;;;;;;;;;;;;;AAEf,6CAA0B;AAC1B,mCAAkC;AAAzB,8CAAO","sourcesContent":["// /source/index.ts\n// Export away!\n\nexport * from './types.js'\nexport { default } from './lib.js'\n"]}

package/dist/cjs/lib.d.ts

@@ -0,0 +1,15 @@
+import { Options, RateLimitRequestHandler, LegacyStore, Store } from './types.js';
+/**
+ *
+ * Create an instance of IP rate-limiting middleware for Express.
+ *
+ * @param passedOptions {Options} - Options to configure the rate limiter
+ *
+ * @returns {RateLimitRequestHandler} - The middleware that rate-limits clients based on your configuration
+ *
+ * @public
+ */
+declare const rateLimit: (passedOptions?: (Omit<Partial<Options>, "store"> & {
+    store?: LegacyStore | Store | undefined;
+}) | undefined) => RateLimitRequestHandler;
+export default rateLimit;

package/dist/cjs/lib.js

@@ -0,0 +1,366 @@
+"use strict";
+// /source/lib.ts
+// The option parser and rate limiting middleware
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (_) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+exports.__esModule = true;
+var memory_store_js_1 = __importDefault(require("./memory-store.js"));
+/**
+ * Type guard to check if a store is legacy store.
+ *
+ * @param store {LegacyStore | Store} - The store to check
+ *
+ * @return {boolean} - Whether the store is a legacy store
+ */
+var isLegacyStore = function (store) {
+    // Check that `incr` exists but `increment` does not - store authors might want
+    // to keep both around for backwards compatibility.
+    return typeof store.incr === 'function' &&
+        typeof store.increment !== 'function';
+};
+/**
+ * Converts a legacy store to the promisified version.
+ *
+ * @param store {LegacyStore | Store} - The legacy store or even a modern store
+ *
+ * @returns {Store} - The promisified version of the store
+ */
+var promisifyStore = function (passedStore) {
+    if (!isLegacyStore(passedStore)) {
+        // It's not an old store, return as is
+        return passedStore;
+    }
+    // Why can't Typescript understand this?
+    var legacyStore = passedStore;
+    // A promisified version of the store
+    var PromisifiedStore = /** @class */ (function () {
+        function PromisifiedStore() {
+        }
+        PromisifiedStore.prototype.increment = function (key) {
+            return __awaiter(this, void 0, void 0, function () {
+                return __generator(this, function (_a) {
+                    return [2 /*return*/, new Promise(function (resolve, reject) {
+                            legacyStore.incr(key, function (error, totalHits, resetTime) {
+                                if (error)
+                                    reject(error);
+                                resolve({ totalHits: totalHits, resetTime: resetTime });
+                            });
+                        })];
+                });
+            });
+        };
+        PromisifiedStore.prototype.decrement = function (key) {
+            return __awaiter(this, void 0, void 0, function () {
+                return __generator(this, function (_a) {
+                    return [2 /*return*/, Promise.resolve(legacyStore.decrement(key))];
+                });
+            });
+        };
+        PromisifiedStore.prototype.resetKey = function (key) {
+            return __awaiter(this, void 0, void 0, function () {
+                return __generator(this, function (_a) {
+                    return [2 /*return*/, Promise.resolve(legacyStore.resetKey(key))];
+                });
+            });
+        };
+        PromisifiedStore.prototype.resetAll = function () {
+            return __awaiter(this, void 0, void 0, function () {
+                return __generator(this, function (_a) {
+                    if (typeof legacyStore.resetAll === 'function')
+                        return [2 /*return*/, Promise.resolve(legacyStore.resetAll())];
+                    return [2 /*return*/];
+                });
+            });
+        };
+        return PromisifiedStore;
+    }());
+    return new PromisifiedStore();
+};
+/**
+ * Adds the defaults for options the user has not specified.
+ *
+ * @param options {Options} - The options the user specifies
+ *
+ * @returns {Options} - A complete configuration object
+ */
+var parseOptions = function (passedOptions) {
+    // Now add the defaults for the other options
+    var _a, _b;
+    var options = __assign({ windowMs: 60 * 1000, store: new memory_store_js_1["default"](), max: 5, message: 'Too many requests, please try again later.', statusCode: 429, legacyHeaders: (_a = passedOptions.headers) !== null && _a !== void 0 ? _a : true, standardHeaders: (_b = passedOptions.draft_polli_ratelimit_headers) !== null && _b !== void 0 ? _b : false, requestPropertyName: 'rateLimit', skipFailedRequests: false, skipSuccessfulRequests: false, requestWasSuccessful: function (_request, response) { return response.statusCode < 400; }, skip: function (_request, _response) {
+            return false;
+        }, keyGenerator: function (request, _response) {
+            if (!request.ip) {
+                console.error('WARN | `express-rate-limit` | `request.ip` is undefined. You can avoid this by providing a custom `keyGenerator` function, but it may be indicative of a larger issue.');
+            }
+            return request.ip;
+        }, handler: function (_request, response, _next, _optionsUsed) {
+            response.status(options.statusCode).send(options.message);
+        }, onLimitReached: function (_request, _response, _optionsUsed) { } }, passedOptions);
+    // Ensure that the store passed implements the either the `Store` or `LegacyStore`
+    // interface
+    if ((typeof options.store.incr !== 'function' &&
+        typeof options.store.increment !== 'function') ||
+        typeof options.store.decrement !== 'function' ||
+        typeof options.store.resetKey !== 'function' ||
+        (typeof options.store.resetAll !== 'undefined' &&
+            typeof options.store.resetAll !== 'function') ||
+        (typeof options.store.init !== 'undefined' &&
+            typeof options.store.init !== 'function')) {
+        throw new TypeError('An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface.');
+    }
+    // Promisify the store, if it is not already
+    options.store = promisifyStore(options.store);
+    // Return the 'clean' options
+    return options;
+};
+/**
+ * Just pass on any errors for the developer to handle, usually as a HTTP 500
+ * Internal Server Error.
+ *
+ * @param fn {Express.RequestHandler} - The request handler for which to handle errors
+ *
+ * @returns {Express.RequestHandler} - The request handler wrapped with a `.catch` clause
+ *
+ * @private
+ */
+var handleAsyncErrors = function (fn) {
+    return function (request, response, next) { return __awaiter(void 0, void 0, void 0, function () {
+        var error_1;
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0:
+                    _a.trys.push([0, 2, , 3]);
+                    return [4 /*yield*/, Promise.resolve(fn(request, response, next))["catch"](next)];
+                case 1:
+                    _a.sent();
+                    return [3 /*break*/, 3];
+                case 2:
+                    error_1 = _a.sent();
+                    next(error_1);
+                    return [3 /*break*/, 3];
+                case 3: return [2 /*return*/];
+            }
+        });
+    }); };
+};
+/**
+ *
+ * Create an instance of IP rate-limiting middleware for Express.
+ *
+ * @param passedOptions {Options} - Options to configure the rate limiter
+ *
+ * @returns {RateLimitRequestHandler} - The middleware that rate-limits clients based on your configuration
+ *
+ * @public
+ */
+var rateLimit = function (passedOptions) {
+    // Parse the options and add the default values for unspecified options
+    var options = parseOptions(passedOptions !== null && passedOptions !== void 0 ? passedOptions : {});
+    // Call the `init` method on the store, if it exists
+    if (typeof options.store.init === 'function')
+        options.store.init(options);
+    // Then return the actual middleware
+    var middleware = handleAsyncErrors(function (request, response, next) { return __awaiter(void 0, void 0, void 0, function () {
+        var skip, augmentedRequest, key, _a, totalHits, resetTime, retrieveQuota, maxHits, deltaSeconds, decremented_1, decrementKey_1;
+        return __generator(this, function (_b) {
+            switch (_b.label) {
+                case 0: return [4 /*yield*/, options.skip(request, response)];
+                case 1:
+                    skip = _b.sent();
+                    if (skip) {
+                        next();
+                        return [2 /*return*/];
+                    }
+                    augmentedRequest = request;
+                    return [4 /*yield*/, options.keyGenerator(request, response)
+                        // Increment the client's hit counter by one
+                    ];
+                case 2:
+                    key = _b.sent();
+                    return [4 /*yield*/, options.store.increment(key)
+                        // Get the quota (max number of hits) for each client
+                    ];
+                case 3:
+                    _a = _b.sent(), totalHits = _a.totalHits, resetTime = _a.resetTime;
+                    retrieveQuota = typeof options.max === 'function'
+                        ? options.max(request, response)
+                        : options.max;
+                    return [4 /*yield*/, retrieveQuota
+                        // Set the rate limit information on the augmented request object
+                    ];
+                case 4:
+                    maxHits = _b.sent();
+                    // Set the rate limit information on the augmented request object
+                    augmentedRequest[options.requestPropertyName] = {
+                        limit: maxHits,
+                        current: totalHits,
+                        remaining: Math.max(maxHits - totalHits, 0),
+                        resetTime: resetTime
+                    };
+                    // Set the X-RateLimit headers on the response object if enabled
+                    if (options.legacyHeaders && !response.headersSent) {
+                        response.setHeader('X-RateLimit-Limit', maxHits);
+                        response.setHeader('X-RateLimit-Remaining', augmentedRequest[options.requestPropertyName].remaining);
+                        // If we have a resetTime, also provide the current date to help avoid issues with incorrect clocks
+                        if (resetTime instanceof Date) {
+                            response.setHeader('Date', new Date().toUTCString());
+                            response.setHeader('X-RateLimit-Reset', Math.ceil(resetTime.getTime() / 1000));
+                        }
+                    }
+                    // Set the standardized RateLimit headers on the response object
+                    // if enabled
+                    if (options.standardHeaders && !response.headersSent) {
+                        response.setHeader('RateLimit-Limit', maxHits);
+                        response.setHeader('RateLimit-Remaining', augmentedRequest[options.requestPropertyName].remaining);
+                        if (resetTime) {
+                            deltaSeconds = Math.ceil((resetTime.getTime() - Date.now()) / 1000);
+                            response.setHeader('RateLimit-Reset', Math.max(0, deltaSeconds));
+                        }
+                    }
+                    // If we are to skip failed/successfull requests, decrement the
+                    // counter accordingly once we know the status code of the request
+                    if (options.skipFailedRequests || options.skipSuccessfulRequests) {
+                        decremented_1 = false;
+                        decrementKey_1 = function () { return __awaiter(void 0, void 0, void 0, function () {
+                            return __generator(this, function (_a) {
+                                switch (_a.label) {
+                                    case 0:
+                                        if (!!decremented_1) return [3 /*break*/, 2];
+                                        return [4 /*yield*/, options.store.decrement(key)];
+                                    case 1:
+                                        _a.sent();
+                                        decremented_1 = true;
+                                        _a.label = 2;
+                                    case 2: return [2 /*return*/];
+                                }
+                            });
+                        }); };
+                        if (options.skipFailedRequests) {
+                            response.on('finish', function () { return __awaiter(void 0, void 0, void 0, function () {
+                                return __generator(this, function (_a) {
+                                    switch (_a.label) {
+                                        case 0:
+                                            if (!!options.requestWasSuccessful(request, response)) return [3 /*break*/, 2];
+                                            return [4 /*yield*/, decrementKey_1()];
+                                        case 1:
+                                            _a.sent();
+                                            _a.label = 2;
+                                        case 2: return [2 /*return*/];
+                                    }
+                                });
+                            }); });
+                            response.on('close', function () { return __awaiter(void 0, void 0, void 0, function () {
+                                return __generator(this, function (_a) {
+                                    switch (_a.label) {
+                                        case 0:
+                                            if (!!response.writableEnded) return [3 /*break*/, 2];
+                                            return [4 /*yield*/, decrementKey_1()];
+                                        case 1:
+                                            _a.sent();
+                                            _a.label = 2;
+                                        case 2: return [2 /*return*/];
+                                    }
+                                });
+                            }); });
+                            response.on('error', function () { return __awaiter(void 0, void 0, void 0, function () {
+                                return __generator(this, function (_a) {
+                                    switch (_a.label) {
+                                        case 0: return [4 /*yield*/, decrementKey_1()];
+                                        case 1:
+                                            _a.sent();
+                                            return [2 /*return*/];
+                                    }
+                                });
+                            }); });
+                        }
+                        if (options.skipSuccessfulRequests) {
+                            response.on('finish', function () { return __awaiter(void 0, void 0, void 0, function () {
+                                return __generator(this, function (_a) {
+                                    switch (_a.label) {
+                                        case 0:
+                                            if (!options.requestWasSuccessful(request, response)) return [3 /*break*/, 2];
+                                            return [4 /*yield*/, decrementKey_1()];
+                                        case 1:
+                                            _a.sent();
+                                            _a.label = 2;
+                                        case 2: return [2 /*return*/];
+                                    }
+                                });
+                            }); });
+                        }
+                    }
+                    // Call the {@link Options.onLimitReached} callback on
+                    // the first request where client exceeds their rate limit.
+                    if (maxHits && totalHits === maxHits + 1) {
+                        options.onLimitReached(request, response, options);
+                    }
+                    // If the client has exceeded their rate limit, set the Retry-After
+                    // header and call the {@link Options.handler} function
+                    if (maxHits && totalHits > maxHits) {
+                        if ((options.legacyHeaders || options.standardHeaders) &&
+                            !response.headersSent) {
+                            response.setHeader('Retry-After', Math.ceil(options.windowMs / 1000));
+                        }
+                        options.handler(request, response, next, options);
+                        return [2 /*return*/];
+                    }
+                    next();
+                    return [2 /*return*/];
+            }
+        });
+    }); });
+    middleware.resetKey =
+        options.store.resetKey.bind(options.store);
+    return middleware;
+};
+// Export it to the world!
+exports["default"] = rateLimit;
+//# sourceMappingURL=lib.js.map

package/dist/cjs/lib.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lib.js","sourceRoot":"","sources":["../../source/lib.ts"],"names":[],"mappings":";AAAA,iBAAiB;AACjB,iDAAiD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAYjD,sEAA2C;AAE3C;;;;;;GAMG;AACH,IAAM,aAAa,GAAG,UAAC,KAA0B;IAChD,+EAA+E;IAC/E,mDAAmD;IACnD,OAAA,OAAQ,KAAa,CAAC,IAAI,KAAK,UAAU;QACzC,OAAQ,KAAa,CAAC,SAAS,KAAK,UAAU;AAD9C,CAC8C,CAAA;AAE/C;;;;;;GAMG;AACH,IAAM,cAAc,GAAG,UAAC,WAAgC;IACvD,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE;QAChC,sCAAsC;QACtC,OAAO,WAAW,CAAA;KAClB;IAED,wCAAwC;IACxC,IAAM,WAAW,GAAG,WAAW,CAAA;IAE/B,qCAAqC;IACrC;QAAA;QA6BA,CAAC;QA5BM,oCAAS,GAAf,UAAgB,GAAW;;;oBAC1B,sBAAO,IAAI,OAAO,CAAC,UAAC,OAAO,EAAE,MAAM;4BAClC,WAAW,CAAC,IAAI,CACf,GAAG,EACH,UACC,KAAwB,EACxB,SAAiB,EACjB,SAA2B;gCAE3B,IAAI,KAAK;oCAAE,MAAM,CAAC,KAAK,CAAC,CAAA;gCACxB,OAAO,CAAC,EAAE,SAAS,WAAA,EAAE,SAAS,WAAA,EAAE,CAAC,CAAA;4BAClC,CAAC,CACD,CAAA;wBACF,CAAC,CAAC,EAAA;;;SACF;QAEK,oCAAS,GAAf,UAAgB,GAAW;;;oBAC1B,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAA;;;SAClD;QAEK,mCAAQ,GAAd,UAAe,GAAW;;;oBACzB,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAA;;;SACjD;QAEK,mCAAQ,GAAd;;;oBACC,IAAI,OAAO,WAAW,CAAC,QAAQ,KAAK,UAAU;wBAC7C,sBAAO,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,EAAA;;;;SAC/C;QACF,uBAAC;IAAD,CAAC,AA7BD,IA6BC;IAED,OAAO,IAAI,gBAAgB,EAAE,CAAA;AAC9B,CAAC,CAAA;AAED;;;;;;GAMG;AACH,IAAM,YAAY,GAAG,UACpB,aAEC;IAED,6CAA6C;;IAE7C,IAAM,OAAO,cACZ,QAAQ,EAAE,EAAE,GAAG,IAAI,EACnB,KAAK,EAAE,IAAI,4BAAW,EAAE,EACxB,GAAG,EAAE,CAAC,EACN,OAAO,EAAE,4CAA4C,EACrD,UAAU,EAAE,GAAG,EACf,aAAa,EAAE,MAAA,aAAa,CAAC,OAAO,mCAAI,IAAI,EAC5C,eAAe,EAAE,MAAA,aAAa,CAAC,6BAA6B,mCAAI,KAAK,EACrE,mBAAmB,EAAE,WAAW,EAChC,kBAAkB,EAAE,KAAK,EACzB,sBAAsB,EAAE,KAAK,EAC7B,oBAAoB,EAAE,UACrB,QAAyB,EACzB,QAA0B,IACb,OAAA,QAAQ,CAAC,UAAU,GAAG,GAAG,EAAzB,CAAyB,EACvC,IAAI,EAAE,UAAC,QAAyB,EAAE,SAA2B;YAC5D,OAAA,KAAK;QAAL,CAAK,EACN,YAAY,EAAE,UACb,OAAwB,EACxB,SAA2B;YAE3B,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE;gBAChB,OAAO,CAAC,KAAK,CACZ,wKAAwK,CACxK,CAAA;aACD;YAED,OAAO,OAAO,CAAC,EAAE,CAAA;QAClB,CAAC,EACD,OAAO,EAAE,UACR,QAAyB,EACzB,QAA0B,EAC1B,KAA2B,EAC3B,YAAqB;YAErB,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;QAC1D,CAAC,EACD,cAAc,EAAE,UACf,QAAyB,EACzB,SAA2B,EAC3B,YAAqB,IACV,CAAC,IACV,aAAa,CAChB,CAAA;IAED,kFAAkF;IAClF,YAAY;IACZ,IACC,CAAC,OAAQ,OAAO,CAAC,KAAqB,CAAC,IAAI,KAAK,UAAU;QACzD,OAAQ,OAAO,CAAC,KAAe,CAAC,SAAS,KAAK,UAAU,CAAC;QAC1D,OAAO,OAAO,CAAC,KAAK,CAAC,SAAS,KAAK,UAAU;QAC7C,OAAO,OAAO,CAAC,KAAK,CAAC,QAAQ,KAAK,UAAU;QAC5C,CAAC,OAAO,OAAO,CAAC,KAAK,CAAC,QAAQ,KAAK,WAAW;YAC7C,OAAO,OAAO,CAAC,KAAK,CAAC,QAAQ,KAAK,UAAU,CAAC;QAC9C,CAAC,OAAQ,OAAO,CAAC,KAAe,CAAC,IAAI,KAAK,WAAW;YACpD,OAAQ,OAAO,CAAC,KAAe,CAAC,IAAI,KAAK,UAAU,CAAC,EACpD;QACD,MAAM,IAAI,SAAS,CAClB,6GAA6G,CAC7G,CAAA;KACD;IAED,4CAA4C;IAC5C,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IAE7C,6BAA6B;IAC7B,OAAO,OAAkB,CAAA;AAC1B,CAAC,CAAA;AAED;;;;;;;;;GASG;AACH,IAAM,iBAAiB,GACtB,UAAC,EAA0B;IAC3B,OAAA,UACC,OAAwB,EACxB,QAA0B,EAC1B,IAA0B;;;;;;oBAGzB,qBAAM,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,OAAK,CAAA,CAAC,IAAI,CAAC,EAAA;;oBAA9D,SAA8D,CAAA;;;;oBAE9D,IAAI,CAAC,OAAK,CAAC,CAAA;;;;;SAEZ;AAVD,CAUC,CAAA;AAEF;;;;;;;;;GASG;AACH,IAAM,SAAS,GAAG,UACjB,aAEC;IAED,uEAAuE;IACvE,IAAM,OAAO,GAAG,YAAY,CAAC,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,EAAE,CAAC,CAAA;IACjD,oDAAoD;IACpD,IAAI,OAAO,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,UAAU;QAAE,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAEzE,oCAAoC;IACpC,IAAM,UAAU,GAAG,iBAAiB,CACnC,UACC,OAAwB,EACxB,QAA0B,EAC1B,IAA0B;;;;wBAGb,qBAAM,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAA;;oBAA5C,IAAI,GAAG,SAAqC;oBAClD,IAAI,IAAI,EAAE;wBACT,IAAI,EAAE,CAAA;wBACN,sBAAM;qBACN;oBAGK,gBAAgB,GAAG,OAA2B,CAAA;oBAGxC,qBAAM,OAAO,CAAC,YAAY,CAAC,OAAO,EAAE,QAAQ,CAAC;wBACzD,4CAA4C;sBADa;;oBAAnD,GAAG,GAAG,SAA6C;oBAExB,qBAAM,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC;wBAEnE,qDAAqD;sBAFc;;oBAA7D,KAA2B,SAAkC,EAA3D,SAAS,eAAA,EAAE,SAAS,eAAA;oBAGtB,aAAa,GAClB,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU;wBAChC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC;wBAChC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAA;oBAEC,qBAAM,aAAa;wBACnC,iEAAiE;sBAD9B;;oBAA7B,OAAO,GAAG,SAAmB;oBACnC,iEAAiE;oBACjE,gBAAgB,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG;wBAC/C,KAAK,EAAE,OAAO;wBACd,OAAO,EAAE,SAAS;wBAClB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,GAAG,SAAS,EAAE,CAAC,CAAC;wBAC3C,SAAS,WAAA;qBACT,CAAA;oBAED,gEAAgE;oBAChE,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;wBACnD,QAAQ,CAAC,SAAS,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAA;wBAChD,QAAQ,CAAC,SAAS,CACjB,uBAAuB,EACvB,gBAAgB,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,SAAS,CACvD,CAAA;wBAED,mGAAmG;wBACnG,IAAI,SAAS,YAAY,IAAI,EAAE;4BAC9B,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAA;4BACpD,QAAQ,CAAC,SAAS,CACjB,mBAAmB,EACnB,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CACrC,CAAA;yBACD;qBACD;oBAED,gEAAgE;oBAChE,aAAa;oBACb,IAAI,OAAO,CAAC,eAAe,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;wBACrD,QAAQ,CAAC,SAAS,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAA;wBAC9C,QAAQ,CAAC,SAAS,CACjB,qBAAqB,EACrB,gBAAgB,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,SAAS,CACvD,CAAA;wBAED,IAAI,SAAS,EAAE;4BACR,YAAY,GAAG,IAAI,CAAC,IAAI,CAC7B,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CACzC,CAAA;4BACD,QAAQ,CAAC,SAAS,CAAC,iBAAiB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAA;yBAChE;qBACD;oBAED,+DAA+D;oBAC/D,kEAAkE;oBAClE,IAAI,OAAO,CAAC,kBAAkB,IAAI,OAAO,CAAC,sBAAsB,EAAE;wBAC7D,gBAAc,KAAK,CAAA;wBACjB,iBAAe;;;;6CAChB,CAAC,aAAW,EAAZ,wBAAY;wCACf,qBAAM,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,CAAC,EAAA;;wCAAlC,SAAkC,CAAA;wCAClC,aAAW,GAAG,IAAI,CAAA;;;;;6BAEnB,CAAA;wBAED,IAAI,OAAO,CAAC,kBAAkB,EAAE;4BAC/B,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE;;;;iDACjB,CAAC,OAAO,CAAC,oBAAoB,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAhD,wBAAgD;4CACnD,qBAAM,cAAY,EAAE,EAAA;;4CAApB,SAAoB,CAAA;;;;;iCACrB,CAAC,CAAA;4BACF,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE;;;;iDAChB,CAAC,QAAQ,CAAC,aAAa,EAAvB,wBAAuB;4CAAE,qBAAM,cAAY,EAAE,EAAA;;4CAApB,SAAoB,CAAA;;;;;iCACjD,CAAC,CAAA;4BACF,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE;;;gDACpB,qBAAM,cAAY,EAAE,EAAA;;4CAApB,SAAoB,CAAA;;;;iCACpB,CAAC,CAAA;yBACF;wBAED,IAAI,OAAO,CAAC,sBAAsB,EAAE;4BACnC,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE;;;;iDACjB,OAAO,CAAC,oBAAoB,CAAC,OAAO,EAAE,QAAQ,CAAC,EAA/C,wBAA+C;4CAClD,qBAAM,cAAY,EAAE,EAAA;;4CAApB,SAAoB,CAAA;;;;;iCACrB,CAAC,CAAA;yBACF;qBACD;oBAED,sDAAsD;oBACtD,2DAA2D;oBAC3D,IAAI,OAAO,IAAI,SAAS,KAAK,OAAO,GAAG,CAAC,EAAE;wBACzC,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAA;qBAClD;oBAED,mEAAmE;oBACnE,uDAAuD;oBACvD,IAAI,OAAO,IAAI,SAAS,GAAG,OAAO,EAAE;wBACnC,IACC,CAAC,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC;4BAClD,CAAC,QAAQ,CAAC,WAAW,EACpB;4BACD,QAAQ,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAA;yBACrE;wBAED,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;wBACjD,sBAAM;qBACN;oBAED,IAAI,EAAE,CAAA;;;;SACN,CACD,CAIA;IAAC,UAAsC,CAAC,QAAQ;QAChD,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;IAE3C,OAAO,UAAqC,CAAA;AAC7C,CAAC,CAAA;AAED,0BAA0B;AAC1B,qBAAe,SAAS,CAAA","sourcesContent":["// /source/lib.ts\n// The option parser and rate limiting middleware\n\nimport Express from 'express'\n\nimport {\n\tOptions,\n\tAugmentedRequest,\n\tRateLimitRequestHandler,\n\tLegacyStore,\n\tStore,\n\tIncrementResponse,\n} from './types.js'\nimport MemoryStore from './memory-store.js'\n\n/**\n * Type guard to check if a store is legacy store.\n *\n * @param store {LegacyStore | Store} - The store to check\n *\n * @return {boolean} - Whether the store is a legacy store\n */\nconst isLegacyStore = (store: LegacyStore | Store): store is LegacyStore =>\n\t// Check that `incr` exists but `increment` does not - store authors might want\n\t// to keep both around for backwards compatibility.\n\ttypeof (store as any).incr === 'function' &&\n\ttypeof (store as any).increment !== 'function'\n\n/**\n * Converts a legacy store to the promisified version.\n *\n * @param store {LegacyStore | Store} - The legacy store or even a modern store\n *\n * @returns {Store} - The promisified version of the store\n */\nconst promisifyStore = (passedStore: LegacyStore | Store): Store => {\n\tif (!isLegacyStore(passedStore)) {\n\t\t// It's not an old store, return as is\n\t\treturn passedStore\n\t}\n\n\t// Why can't Typescript understand this?\n\tconst legacyStore = passedStore\n\n\t// A promisified version of the store\n\tclass PromisifiedStore implements Store {\n\t\tasync increment(key: string): Promise<IncrementResponse> {\n\t\t\treturn new Promise((resolve, reject) => {\n\t\t\t\tlegacyStore.incr(\n\t\t\t\t\tkey,\n\t\t\t\t\t(\n\t\t\t\t\t\terror: Error | undefined,\n\t\t\t\t\t\ttotalHits: number,\n\t\t\t\t\t\tresetTime: Date | undefined,\n\t\t\t\t\t) => {\n\t\t\t\t\t\tif (error) reject(error)\n\t\t\t\t\t\tresolve({ totalHits, resetTime })\n\t\t\t\t\t},\n\t\t\t\t)\n\t\t\t})\n\t\t}\n\n\t\tasync decrement(key: string): Promise<void> {\n\t\t\treturn Promise.resolve(legacyStore.decrement(key))\n\t\t}\n\n\t\tasync resetKey(key: string): Promise<void> {\n\t\t\treturn Promise.resolve(legacyStore.resetKey(key))\n\t\t}\n\n\t\tasync resetAll(): Promise<void> {\n\t\t\tif (typeof legacyStore.resetAll === 'function')\n\t\t\t\treturn Promise.resolve(legacyStore.resetAll())\n\t\t}\n\t}\n\n\treturn new PromisifiedStore()\n}\n\n/**\n * Adds the defaults for options the user has not specified.\n *\n * @param options {Options} - The options the user specifies\n *\n * @returns {Options} - A complete configuration object\n */\nconst parseOptions = (\n\tpassedOptions: Omit<Partial<Options>, 'store'> & {\n\t\tstore?: Store | LegacyStore\n\t},\n): Options => {\n\t// Now add the defaults for the other options\n\n\tconst options = {\n\t\twindowMs: 60 * 1000,\n\t\tstore: new MemoryStore(),\n\t\tmax: 5,\n\t\tmessage: 'Too many requests, please try again later.',\n\t\tstatusCode: 429,\n\t\tlegacyHeaders: passedOptions.headers ?? true,\n\t\tstandardHeaders: passedOptions.draft_polli_ratelimit_headers ?? false,\n\t\trequestPropertyName: 'rateLimit',\n\t\tskipFailedRequests: false,\n\t\tskipSuccessfulRequests: false,\n\t\trequestWasSuccessful: (\n\t\t\t_request: Express.Request,\n\t\t\tresponse: Express.Response,\n\t\t): boolean => response.statusCode < 400,\n\t\tskip: (_request: Express.Request, _response: Express.Response): boolean =>\n\t\t\tfalse,\n\t\tkeyGenerator: (\n\t\t\trequest: Express.Request,\n\t\t\t_response: Express.Response,\n\t\t): string => {\n\t\t\tif (!request.ip) {\n\t\t\t\tconsole.error(\n\t\t\t\t\t'WARN | `express-rate-limit` | `request.ip` is undefined. You can avoid this by providing a custom `keyGenerator` function, but it may be indicative of a larger issue.',\n\t\t\t\t)\n\t\t\t}\n\n\t\t\treturn request.ip\n\t\t},\n\t\thandler: (\n\t\t\t_request: Express.Request,\n\t\t\tresponse: Express.Response,\n\t\t\t_next: Express.NextFunction,\n\t\t\t_optionsUsed: Options,\n\t\t): void => {\n\t\t\tresponse.status(options.statusCode).send(options.message)\n\t\t},\n\t\tonLimitReached: (\n\t\t\t_request: Express.Request,\n\t\t\t_response: Express.Response,\n\t\t\t_optionsUsed: Options,\n\t\t): void => {},\n\t\t...passedOptions,\n\t}\n\n\t// Ensure that the store passed implements the either the `Store` or `LegacyStore`\n\t// interface\n\tif (\n\t\t(typeof (options.store as LegacyStore).incr !== 'function' &&\n\t\t\ttypeof (options.store as Store).increment !== 'function') ||\n\t\ttypeof options.store.decrement !== 'function' ||\n\t\ttypeof options.store.resetKey !== 'function' ||\n\t\t(typeof options.store.resetAll !== 'undefined' &&\n\t\t\ttypeof options.store.resetAll !== 'function') ||\n\t\t(typeof (options.store as Store).init !== 'undefined' &&\n\t\t\ttypeof (options.store as Store).init !== 'function')\n\t) {\n\t\tthrow new TypeError(\n\t\t\t'An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface.',\n\t\t)\n\t}\n\n\t// Promisify the store, if it is not already\n\toptions.store = promisifyStore(options.store)\n\n\t// Return the 'clean' options\n\treturn options as Options\n}\n\n/**\n * Just pass on any errors for the developer to handle, usually as a HTTP 500\n * Internal Server Error.\n *\n * @param fn {Express.RequestHandler} - The request handler for which to handle errors\n *\n * @returns {Express.RequestHandler} - The request handler wrapped with a `.catch` clause\n *\n * @private\n */\nconst handleAsyncErrors =\n\t(fn: Express.RequestHandler): Express.RequestHandler =>\n\tasync (\n\t\trequest: Express.Request,\n\t\tresponse: Express.Response,\n\t\tnext: Express.NextFunction,\n\t) => {\n\t\ttry {\n\t\t\tawait Promise.resolve(fn(request, response, next)).catch(next)\n\t\t} catch (error: unknown) {\n\t\t\tnext(error)\n\t\t}\n\t}\n\n/**\n *\n * Create an instance of IP rate-limiting middleware for Express.\n *\n * @param passedOptions {Options} - Options to configure the rate limiter\n *\n * @returns {RateLimitRequestHandler} - The middleware that rate-limits clients based on your configuration\n *\n * @public\n */\nconst rateLimit = (\n\tpassedOptions?: Omit<Partial<Options>, 'store'> & {\n\t\tstore?: Store | LegacyStore\n\t},\n): RateLimitRequestHandler => {\n\t// Parse the options and add the default values for unspecified options\n\tconst options = parseOptions(passedOptions ?? {})\n\t// Call the `init` method on the store, if it exists\n\tif (typeof options.store.init === 'function') options.store.init(options)\n\n\t// Then return the actual middleware\n\tconst middleware = handleAsyncErrors(\n\t\tasync (\n\t\t\trequest: Express.Request,\n\t\t\tresponse: Express.Response,\n\t\t\tnext: Express.NextFunction,\n\t\t) => {\n\t\t\t// First check if we should skip the request\n\t\t\tconst skip = await options.skip(request, response)\n\t\t\tif (skip) {\n\t\t\t\tnext()\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\t// Create an augmented request\n\t\t\tconst augmentedRequest = request as AugmentedRequest\n\n\t\t\t// Get a unique key for the client\n\t\t\tconst key = await options.keyGenerator(request, response)\n\t\t\t// Increment the client's hit counter by one\n\t\t\tconst { totalHits, resetTime } = await options.store.increment(key)\n\n\t\t\t// Get the quota (max number of hits) for each client\n\t\t\tconst retrieveQuota =\n\t\t\t\ttypeof options.max === 'function'\n\t\t\t\t\t? options.max(request, response)\n\t\t\t\t\t: options.max\n\n\t\t\tconst maxHits = await retrieveQuota\n\t\t\t// Set the rate limit information on the augmented request object\n\t\t\taugmentedRequest[options.requestPropertyName] = {\n\t\t\t\tlimit: maxHits,\n\t\t\t\tcurrent: totalHits,\n\t\t\t\tremaining: Math.max(maxHits - totalHits, 0),\n\t\t\t\tresetTime,\n\t\t\t}\n\n\t\t\t// Set the X-RateLimit headers on the response object if enabled\n\t\t\tif (options.legacyHeaders && !response.headersSent) {\n\t\t\t\tresponse.setHeader('X-RateLimit-Limit', maxHits)\n\t\t\t\tresponse.setHeader(\n\t\t\t\t\t'X-RateLimit-Remaining',\n\t\t\t\t\taugmentedRequest[options.requestPropertyName].remaining,\n\t\t\t\t)\n\n\t\t\t\t// If we have a resetTime, also provide the current date to help avoid issues with incorrect clocks\n\t\t\t\tif (resetTime instanceof Date) {\n\t\t\t\t\tresponse.setHeader('Date', new Date().toUTCString())\n\t\t\t\t\tresponse.setHeader(\n\t\t\t\t\t\t'X-RateLimit-Reset',\n\t\t\t\t\t\tMath.ceil(resetTime.getTime() / 1000),\n\t\t\t\t\t)\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Set the standardized RateLimit headers on the response object\n\t\t\t// if enabled\n\t\t\tif (options.standardHeaders && !response.headersSent) {\n\t\t\t\tresponse.setHeader('RateLimit-Limit', maxHits)\n\t\t\t\tresponse.setHeader(\n\t\t\t\t\t'RateLimit-Remaining',\n\t\t\t\t\taugmentedRequest[options.requestPropertyName].remaining,\n\t\t\t\t)\n\n\t\t\t\tif (resetTime) {\n\t\t\t\t\tconst deltaSeconds = Math.ceil(\n\t\t\t\t\t\t(resetTime.getTime() - Date.now()) / 1000,\n\t\t\t\t\t)\n\t\t\t\t\tresponse.setHeader('RateLimit-Reset', Math.max(0, deltaSeconds))\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// If we are to skip failed/successfull requests, decrement the\n\t\t\t// counter accordingly once we know the status code of the request\n\t\t\tif (options.skipFailedRequests || options.skipSuccessfulRequests) {\n\t\t\t\tlet decremented = false\n\t\t\t\tconst decrementKey = async () => {\n\t\t\t\t\tif (!decremented) {\n\t\t\t\t\t\tawait options.store.decrement(key)\n\t\t\t\t\t\tdecremented = true\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\tif (options.skipFailedRequests) {\n\t\t\t\t\tresponse.on('finish', async () => {\n\t\t\t\t\t\tif (!options.requestWasSuccessful(request, response))\n\t\t\t\t\t\t\tawait decrementKey()\n\t\t\t\t\t})\n\t\t\t\t\tresponse.on('close', async () => {\n\t\t\t\t\t\tif (!response.writableEnded) await decrementKey()\n\t\t\t\t\t})\n\t\t\t\t\tresponse.on('error', async () => {\n\t\t\t\t\t\tawait decrementKey()\n\t\t\t\t\t})\n\t\t\t\t}\n\n\t\t\t\tif (options.skipSuccessfulRequests) {\n\t\t\t\t\tresponse.on('finish', async () => {\n\t\t\t\t\t\tif (options.requestWasSuccessful(request, response))\n\t\t\t\t\t\t\tawait decrementKey()\n\t\t\t\t\t})\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Call the {@link Options.onLimitReached} callback on\n\t\t\t// the first request where client exceeds their rate limit.\n\t\t\tif (maxHits && totalHits === maxHits + 1) {\n\t\t\t\toptions.onLimitReached(request, response, options)\n\t\t\t}\n\n\t\t\t// If the client has exceeded their rate limit, set the Retry-After\n\t\t\t// header and call the {@link Options.handler} function\n\t\t\tif (maxHits && totalHits > maxHits) {\n\t\t\t\tif (\n\t\t\t\t\t(options.legacyHeaders || options.standardHeaders) &&\n\t\t\t\t\t!response.headersSent\n\t\t\t\t) {\n\t\t\t\t\tresponse.setHeader('Retry-After', Math.ceil(options.windowMs / 1000))\n\t\t\t\t}\n\n\t\t\t\toptions.handler(request, response, next, options)\n\t\t\t\treturn\n\t\t\t}\n\n\t\t\tnext()\n\t\t},\n\t)\n\n\t// Export the store's function to reset the hit counter for a particular\n\t// client based on their identifier\n\t;(middleware as RateLimitRequestHandler).resetKey =\n\t\toptions.store.resetKey.bind(options.store)\n\n\treturn middleware as RateLimitRequestHandler\n}\n\n// Export it to the world!\nexport default rateLimit\n"]}

package/dist/cjs/memory-store.d.ts

@@ -0,0 +1,61 @@
+import { Store, Options, IncrementResponse } from './types.js';
+/**
+ * A {@link Store} that stores the hit count for each client in
+ * memory.
+ *
+ * @public
+ */
+export default class MemoryStore implements Store {
+    /**
+     * The duration of time before which all hit counts are reset (in milliseconds).
+     */
+    windowMs: number;
+    /**
+     * The map that stores the number of hits for each client in memory.
+     */
+    hits: {
+        [key: string]: number | undefined;
+    };
+    /**
+     * The time at which all hit counts will be reset.
+     */
+    resetTime: Date;
+    /**
+     * Method that initializes the store.
+     *
+     * @param options {Options} - The options used to setup the middleware
+     */
+    init(options: Options): void;
+    /**
+     * Method to increment a client's hit counter.
+     *
+     * @param key {string} - The identifier for a client
+     *
+     * @returns {IncrementResponse} - The number of hits and reset time for that client
+     *
+     * @public
+     */
+    increment(key: string): Promise<IncrementResponse>;
+    /**
+     * Method to decrement a client's hit counter.
+     *
+     * @param key {string} - The identifier for a client
+     *
+     * @public
+     */
+    decrement(key: string): Promise<void>;
+    /**
+     * Method to reset a client's hit counter.
+     *
+     * @param key {string} - The identifier for a client
+     *
+     * @public
+     */
+    resetKey(key: string): Promise<void>;
+    /**
+     * Method to reset everyone's hit counter.
+     *
+     * @public
+     */
+    resetAll(): Promise<void>;
+}