express-rate-limit 5.5.0 → 6.0.2

package/dist/index.mjs

@@ -0,0 +1,198 @@
+// source/memory-store.ts
+var calculateNextResetTime = (windowMs) => {
+  const resetTime = new Date();
+  resetTime.setMilliseconds(resetTime.getMilliseconds() + windowMs);
+  return resetTime;
+};
+var MemoryStore = class {
+  init(options) {
+    this.windowMs = options.windowMs;
+    this.resetTime = calculateNextResetTime(this.windowMs);
+    this.hits = {};
+    const interval = setInterval(async () => {
+      await this.resetAll();
+    }, this.windowMs);
+    if (interval.unref) {
+      interval.unref();
+    }
+  }
+  async increment(key) {
+    const totalHits = (this.hits[key] ?? 0) + 1;
+    this.hits[key] = totalHits;
+    return {
+      totalHits,
+      resetTime: this.resetTime
+    };
+  }
+  async decrement(key) {
+    const current = this.hits[key];
+    if (current) {
+      this.hits[key] = current - 1;
+    }
+  }
+  async resetKey(key) {
+    delete this.hits[key];
+  }
+  async resetAll() {
+    this.hits = {};
+    this.resetTime = calculateNextResetTime(this.windowMs);
+  }
+};
+
+// source/lib.ts
+var isLegacyStore = (store) => typeof store.incr === "function" && typeof store.increment !== "function";
+var promisifyStore = (passedStore) => {
+  if (!isLegacyStore(passedStore)) {
+    return passedStore;
+  }
+  const legacyStore = passedStore;
+  class PromisifiedStore {
+    async increment(key) {
+      return new Promise((resolve, reject) => {
+        legacyStore.incr(key, (error, totalHits, resetTime) => {
+          if (error)
+            reject(error);
+          resolve({ totalHits, resetTime });
+        });
+      });
+    }
+    async decrement(key) {
+      return Promise.resolve(legacyStore.decrement(key));
+    }
+    async resetKey(key) {
+      return Promise.resolve(legacyStore.resetKey(key));
+    }
+    async resetAll() {
+      if (typeof legacyStore.resetAll === "function")
+        return Promise.resolve(legacyStore.resetAll());
+    }
+  }
+  return new PromisifiedStore();
+};
+var parseOptions = (passedOptions) => {
+  const options = {
+    windowMs: 60 * 1e3,
+    store: new MemoryStore(),
+    max: 5,
+    message: "Too many requests, please try again later.",
+    statusCode: 429,
+    legacyHeaders: passedOptions.headers ?? true,
+    standardHeaders: passedOptions.draft_polli_ratelimit_headers ?? false,
+    requestPropertyName: "rateLimit",
+    skipFailedRequests: false,
+    skipSuccessfulRequests: false,
+    requestWasSuccessful: (_request, response) => response.statusCode < 400,
+    skip: (_request, _response) => false,
+    keyGenerator: (request, _response) => {
+      if (!request.ip) {
+        console.error("WARN | `express-rate-limit` | `request.ip` is undefined. You can avoid this by providing a custom `keyGenerator` function, but it may be indicative of a larger issue.");
+      }
+      return request.ip;
+    },
+    handler: (_request, response, _next, _optionsUsed) => {
+      response.status(options.statusCode).send(options.message);
+    },
+    onLimitReached: (_request, _response, _optionsUsed) => {
+    },
+    ...passedOptions
+  };
+  if (typeof options.store.incr !== "function" && typeof options.store.increment !== "function" || typeof options.store.decrement !== "function" || typeof options.store.resetKey !== "function" || typeof options.store.resetAll !== "undefined" && typeof options.store.resetAll !== "function" || typeof options.store.init !== "undefined" && typeof options.store.init !== "function") {
+    throw new TypeError("An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface.");
+  }
+  options.store = promisifyStore(options.store);
+  return options;
+};
+var handleAsyncErrors = (fn) => async (request, response, next) => {
+  try {
+    await Promise.resolve(fn(request, response, next)).catch(next);
+  } catch (error) {
+    next(error);
+  }
+};
+var rateLimit = (passedOptions) => {
+  const options = parseOptions(passedOptions ?? {});
+  if (typeof options.store.init === "function")
+    options.store.init(options);
+  const middleware = handleAsyncErrors(async (request, response, next) => {
+    const skip = await options.skip(request, response);
+    if (skip) {
+      next();
+      return;
+    }
+    const augmentedRequest = request;
+    const key = await options.keyGenerator(request, response);
+    const { totalHits, resetTime } = await options.store.increment(key);
+    const retrieveQuota = typeof options.max === "function" ? options.max(request, response) : options.max;
+    const maxHits = await retrieveQuota;
+    augmentedRequest[options.requestPropertyName] = {
+      limit: maxHits,
+      current: totalHits,
+      remaining: Math.max(maxHits - totalHits, 0),
+      resetTime
+    };
+    if (options.legacyHeaders && !response.headersSent) {
+      response.setHeader("X-RateLimit-Limit", maxHits);
+      response.setHeader("X-RateLimit-Remaining", augmentedRequest[options.requestPropertyName].remaining);
+      if (resetTime instanceof Date) {
+        response.setHeader("Date", new Date().toUTCString());
+        response.setHeader("X-RateLimit-Reset", Math.ceil(resetTime.getTime() / 1e3));
+      }
+    }
+    if (options.standardHeaders && !response.headersSent) {
+      response.setHeader("RateLimit-Limit", maxHits);
+      response.setHeader("RateLimit-Remaining", augmentedRequest[options.requestPropertyName].remaining);
+      if (resetTime) {
+        const deltaSeconds = Math.ceil((resetTime.getTime() - Date.now()) / 1e3);
+        response.setHeader("RateLimit-Reset", Math.max(0, deltaSeconds));
+      }
+    }
+    if (options.skipFailedRequests || options.skipSuccessfulRequests) {
+      let decremented = false;
+      const decrementKey = async () => {
+        if (!decremented) {
+          await options.store.decrement(key);
+          decremented = true;
+        }
+      };
+      if (options.skipFailedRequests) {
+        response.on("finish", async () => {
+          if (!options.requestWasSuccessful(request, response))
+            await decrementKey();
+        });
+        response.on("close", async () => {
+          if (!response.writableEnded)
+            await decrementKey();
+        });
+        response.on("error", async () => {
+          await decrementKey();
+        });
+      }
+      if (options.skipSuccessfulRequests) {
+        response.on("finish", async () => {
+          if (options.requestWasSuccessful(request, response))
+            await decrementKey();
+        });
+      }
+    }
+    if (maxHits && totalHits === maxHits + 1) {
+      options.onLimitReached(request, response, options);
+    }
+    if (maxHits && totalHits > maxHits) {
+      if ((options.legacyHeaders || options.standardHeaders) && !response.headersSent) {
+        response.setHeader("Retry-After", Math.ceil(options.windowMs / 1e3));
+      }
+      options.handler(request, response, next, options);
+      return;
+    }
+    next();
+  });
+  middleware.resetKey = options.store.resetKey.bind(options.store);
+  return middleware;
+};
+var lib_default = rateLimit;
+
+// source/index.ts
+var source_default = lib_default;
+export {
+  source_default as default
+};

package/license.md

@@ -0,0 +1,20 @@
+# MIT License
+
+Copyright 2021 Nathan Friedly
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/package.json

@@ -1,53 +1,144 @@
 {
-  "name": "express-rate-limit",
-  "version": "5.5.0",
-  "description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
-  "homepage": "https://github.com/nfriedly/express-rate-limit",
-  "author": {
-    "name": "Nathan Friedly",
-    "url": "http://nfriedly.com/"
-  },
-  "repository": "nfriedly/express-rate-limit",
-  "license": "MIT",
-  "main": "lib/express-rate-limit.js",
-  "files": [
-    "lib/"
-  ],
-  "keywords": [
-    "express-rate-limit",
-    "express",
-    "rate",
-    "limit",
-    "ratelimit",
-    "rate-limit",
-    "middleware",
-    "ip",
-    "auth",
-    "authorization",
-    "security",
-    "brute",
-    "force",
-    "bruteforce",
-    "brute-force",
-    "attack"
-  ],
-  "devDependencies": {
-    "bluebird": "^3.7.2",
-    "eslint": "^7.32.0",
-    "eslint-config-prettier": "^8.3.0",
-    "eslint-plugin-prettier": "^4.0.0",
-    "express": "^4.17.1",
-    "husky": "^7.0.2",
-    "mocha": "^9.1.2",
-    "prettier": "^2.4.1",
-    "pretty-quick": "^3.1.1",
-    "sinon": "^11.1.2",
-    "supertest": "^6.1.6"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "autofix": "npm run lint -- --fix",
-    "test": "npm run lint && mocha",
-    "precommit": "pretty-quick --staged"
-  }
+	"name": "express-rate-limit",
+	"version": "6.0.2",
+	"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
+	"author": {
+		"name": "Nathan Friedly",
+		"url": "http://nfriedly.com/"
+	},
+	"license": "MIT",
+	"homepage": "https://github.com/nfriedly/express-rate-limit",
+	"repository": "https://github.com/nfriedly/express-rate-limit",
+	"keywords": [
+		"express-rate-limit",
+		"express",
+		"rate",
+		"limit",
+		"ratelimit",
+		"rate-limit",
+		"middleware",
+		"ip",
+		"auth",
+		"authorization",
+		"security",
+		"brute",
+		"force",
+		"bruteforce",
+		"brute-force",
+		"attack"
+	],
+	"type": "module",
+	"types": "./dist/index.d.ts",
+	"exports": {
+		".": {
+			"import": "./dist/index.mjs",
+			"require": "./dist/index.cjs"
+		}
+	},
+	"files": [
+		"dist/",
+		"tsconfig.json",
+		"package.json",
+		"readme.md",
+		"license.md",
+		"changelog.md"
+	],
+	"engines": {
+		"node": ">= 12.9.0"
+	},
+	"scripts": {
+		"clean": "del-cli dist/ coverage/ *.log *.tmp *.bak *.tgz",
+		"build:cjs": "esbuild source/index.ts --bundle --format=cjs --outfile=dist/index.cjs --footer:js='module.exports = rateLimit;'",
+		"build:esm": "esbuild source/index.ts --bundle --format=esm --outfile=dist/index.mjs",
+		"build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts",
+		"compile": "run-s clean build:*",
+		"lint:code": "xo --ignore test/external/",
+		"lint:rest": "prettier --ignore-path .gitignore --ignore-unknown --check .",
+		"lint": "run-s lint:*",
+		"autofix:code": "xo --ignore test/external/ --fix",
+		"autofix:rest": "prettier --ignore-path .gitignore --ignore-unknown --write .",
+		"autofix": "run-s autofix:*",
+		"test:lib": "cross-env NODE_OPTIONS=--experimental-vm-modules jest",
+		"test:ext": "cd test/external/ && bash run-all-tests",
+		"test": "npm pack && run-s lint test:*",
+		"pre-commit": "lint-staged",
+		"prepare": "run-s compile && husky install config/husky"
+	},
+	"peerDependencies": {
+		"express": "^4"
+	},
+	"devDependencies": {
+		"@jest/globals": "^27.4.2",
+		"@types/express": "^4.17.13",
+		"@types/jest": "^27.0.3",
+		"@types/node": "^16.11.17",
+		"@types/supertest": "^2.0.11",
+		"cross-env": "^7.0.3",
+		"del-cli": "^4.0.1",
+		"dts-bundle-generator": "^6.2.0",
+		"esbuild": "^0.14.8",
+		"express": "^4.17.1",
+		"husky": "^7.0.4",
+		"jest": "^27.4.3",
+		"lint-staged": "^12.1.2",
+		"npm-run-all": "^4.1.5",
+		"supertest": "^6.1.6",
+		"ts-jest": "^27.1.1",
+		"ts-node": "^10.4.0",
+		"typescript": "^4.5.2",
+		"xo": "^0.47.0"
+	},
+	"xo": {
+		"prettier": true,
+		"rules": {
+			"@typescript-eslint/no-empty-function": 0,
+			"@typescript-eslint/no-dynamic-delete": 0,
+			"@typescript-eslint/no-confusing-void-expression": 0,
+			"@typescript-eslint/consistent-indexed-object-style": [
+				"error",
+				"index-signature"
+			],
+			"import/no-named-as-default-member": 0,
+			"import/no-cycle": 0
+		}
+	},
+	"prettier": {
+		"semi": false,
+		"useTabs": true,
+		"singleQuote": true,
+		"bracketSpacing": true,
+		"trailingComma": "all",
+		"proseWrap": "always"
+	},
+	"jest": {
+		"preset": "ts-jest/presets/default-esm",
+		"globals": {
+			"ts-jest": {
+				"useESM": true
+			}
+		},
+		"verbose": true,
+		"collectCoverage": true,
+		"collectCoverageFrom": [
+			"source/**/*.ts"
+		],
+		"testTimeout": 30000,
+		"testMatch": [
+			"**/test/library/**/*-test.[jt]s?(x)"
+		],
+		"moduleFileExtensions": [
+			"js",
+			"jsx",
+			"json",
+			"ts",
+			"tsx"
+		],
+		"moduleNameMapper": {
+			"^(\\.{1,2}/.*)\\.js$": "$1"
+		}
+	},
+	"lint-staged": {
+		"{source,test}/**/*.ts": "xo --ignore test/external/ --fix",
+		"**/*.{json,yaml,md}": "prettier --ignore-path .gitignore --ignore-unknown --write "
+	}
 }