express-rate-limit 6.0.2 → 6.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +4 -4
  2. package/readme.md +33 -17
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "express-rate-limit",
3
- "version": "6.0.2",
3
+ "version": "6.0.3",
4
4
  "description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
5
5
  "author": {
6
6
  "name": "Nathan Friedly",
@@ -44,12 +44,12 @@
44
44
  "changelog.md"
45
45
  ],
46
46
  "engines": {
47
- "node": ">= 12.9.0"
47
+ "node": ">= 14.5.0"
48
48
  },
49
49
  "scripts": {
50
50
  "clean": "del-cli dist/ coverage/ *.log *.tmp *.bak *.tgz",
51
- "build:cjs": "esbuild source/index.ts --bundle --format=cjs --outfile=dist/index.cjs --footer:js='module.exports = rateLimit;'",
52
- "build:esm": "esbuild source/index.ts --bundle --format=esm --outfile=dist/index.mjs",
51
+ "build:cjs": "esbuild --bundle --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports = rateLimit;\" source/index.ts",
52
+ "build:esm": "esbuild --bundle --format=esm --outfile=dist/index.mjs source/index.ts",
53
53
  "build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts",
54
54
  "compile": "run-s clean build:*",
55
55
  "lint:code": "xo --ignore test/external/",
package/readme.md CHANGED
@@ -12,7 +12,7 @@ public APIs and/or endpoints such as password reset. Plays nice with
12
12
 
13
13
  </div>
14
14
 
15
- ### Alternate Rate-limiters
15
+ ### Alternate Rate Limiters
16
16
 
17
17
  > This module does not share state with other processes/servers by default. If
18
18
  > you need a more robust solution, I recommend using an external store. See the
@@ -72,10 +72,6 @@ requests:
72
72
  ```ts
73
73
  import rateLimit from 'express-rate-limit'
74
74
 
75
- // Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
76
- // see https://expressjs.com/en/guide/behind-proxies.html
77
- // app.set('trust proxy', 1);
78
-
79
75
  const limiter = rateLimit({
80
76
  windowMs: 15 * 60 * 1000, // 15 minutes
81
77
  max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
@@ -94,10 +90,6 @@ requests:
94
90
  ```ts
95
91
  import rateLimit from 'express-rate-limit'
96
92
 
97
- // Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
98
- // see https://expressjs.com/en/guide/behind-proxies.html
99
- // app.set('trust proxy', 1);
100
-
101
93
  const apiLimiter = rateLimit({
102
94
  windowMs: 15 * 60 * 1000, // 15 minutes
103
95
  max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
@@ -114,10 +106,6 @@ To create multiple instances to apply different rules to different endpoints:
114
106
  ```ts
115
107
  import rateLimit from 'express-rate-limit'
116
108
 
117
- // Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
118
- // see https://expressjs.com/en/guide/behind-proxies.html
119
- // app.set('trust proxy', 1);
120
-
121
109
  const apiLimiter = rateLimit({
122
110
  windowMs: 15 * 60 * 1000, // 15 minutes
123
111
  max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
@@ -147,10 +135,6 @@ To use a custom store:
147
135
  import rateLimit from 'express-rate-limit'
148
136
  import MemoryStore from 'express-rate-limit/memory-store.js'
149
137
 
150
- // Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
151
- // see https://expressjs.com/en/guide/behind-proxies.html
152
- // app.set('trust proxy', 1);
153
-
154
138
  const apiLimiter = rateLimit({
155
139
  windowMs: 15 * 60 * 1000, // 15 minutes
156
140
  max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
@@ -166,6 +150,38 @@ app.use('/api', apiLimiter)
166
150
  > prefixes, when using multiple instances. The default built-in memory store is
167
151
  > an exception to this rule.
168
152
 
153
+ ### Troubleshooting Proxy Issues
154
+
155
+ If you are behind a proxy/load balancer (usually the case with most hosting
156
+ services, e.g. Heroku, Bluemix, AWS ELB, Nginx, Cloudflare, Akamai, Fastly,
157
+ Firebase Hosting, Rackspace LB, Riverbed Stingray, etc.), the IP address of the
158
+ request might be the IP of the load balancer/reverse proxy (making the rate
159
+ limiter effectively a global one and blocking all requests once the limit is
160
+ reached) or `undefined`. To solve this issue, add the following line to your
161
+ code (right after you create the express application):
162
+
163
+ ```ts
164
+ app.set('trust proxy', numberOfProxies)
165
+ ```
166
+
167
+ Where `numberOfProxies` is the number of proxies between the user and the
168
+ server. To find the correct number, create a test endpoint that returns the
169
+ client IP:
170
+
171
+ ```ts
172
+ app.set('trust proxy', 1)
173
+ app.get('/ip', (request, response) => response.send(request.ip))
174
+ ```
175
+
176
+ Go to `/ip` and see the IP address returned in the response. If it matches your
177
+ IP address (which you can get by going to http://ip.nfriedly.com/ or
178
+ https://api.ipify.org/), then the number of proxies is correct and the rate
179
+ limiter should now work correctly. If not, then keep increasing the number until
180
+ it does.
181
+
182
+ For more information about the `trust proxy` setting, take a look at the
183
+ [official Express documentation](https://expressjs.com/en/guide/behind-proxies.html).
184
+
169
185
  ## Request API
170
186
 
171
187
  A `request.rateLimit` property is added to all requests with the `limit`,