express-rate-limit 6.0.2 → 6.1.0

package/changelog.md

@@ -6,6 +6,45 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.1.0](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.1.0)
+
+### Added
+
+- Added a named export `rateLimit` in case the default import does not work.
+
+### Fixed
+
+- Added a named export `default`, so Typescript CommonJS developers can
+  default-import the library (`import rateLimit from 'express-rate-limit'`).
+
+## [6.0.5](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.0.5)
+
+### Fixed
+
+- Use named imports for ExpressJS types so users do not need to enable the
+  `esModuleInterop` flag in their Typescript compiler configuration.
+
+## [6.0.4](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.0.4)
+
+### Fixed
+
+- Upload the built package as a `.tgz` to GitHub releases.
+
+### Changed
+
+- Add ` main` and `module` fields to `package.json`. This helps tools such as
+  ESLint that do not yet support the `exports` field.
+- Bumped the minimum node.js version in `package-lock.json` to match
+  `package.json`
+
+## [6.0.3](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.0.3)
+
+### Changed
+
+- Bumped minimum Node version from 12.9 to 14.5 in `package.json` because the
+  transpiled output uses the nullish coalescing operator (`??`), which
+  [isn't supported in node.js prior to 14.x](https://node.green/#ES2020-features--nullish-coalescing-operator-----).
+
 ## [6.0.2](https://github.com/nfriedly/express-rate-limit/releases/v6.0.2)
 
 ### Fixed

package/dist/index.cjs

@@ -24,7 +24,8 @@ var __toCommonJS = /* @__PURE__ */ ((cache) => {
 // source/index.ts
 var source_exports = {};
 __export(source_exports, {
-  default: () => source_default
+  default: () => lib_default,
+  rateLimit: () => lib_default
 });
 
 // source/memory-store.ts
@@ -219,8 +220,5 @@ var rateLimit = (passedOptions) => {
   return middleware;
 };
 var lib_default = rateLimit;
-
-// source/index.ts
-var source_default = lib_default;
 module.exports = __toCommonJS(source_exports);
-module.exports = rateLimit;
+module.exports = rateLimit; module.exports.default = rateLimit; module.exports.rateLimit = rateLimit;

package/dist/index.d.ts

@@ -1,6 +1,6 @@
-// Generated by dts-bundle-generator v6.2.0
+// Generated by dts-bundle-generator v6.4.0
 
-import Express from 'express';
+import { NextFunction, Request, RequestHandler, Response } from 'express';
 
 /**
  * Callback that fires when a client's hit counter is incremented.
@@ -14,32 +14,32 @@ export declare type IncrementCallback = (error: Error | undefined, totalHits: nu
  * Method (in the form of middleware) to generate/retrieve a value based on the
  * incoming request
  *
- * @param request {Express.Request} - The Express request object
- * @param response {Express.Response} - The Express response object
+ * @param request {Request} - The Express request object
+ * @param response {Response} - The Express response object
  *
  * @returns {T} - The value needed
  */
-export declare type ValueDeterminingMiddleware<T> = (request: Express.Request, response: Express.Response) => T | Promise<T>;
+export declare type ValueDeterminingMiddleware<T> = (request: Request, response: Response) => T | Promise<T>;
 /**
  * Express request handler that sends back a response when a client is
  * rate-limited.
  *
- * @param request {Express.Request} - The Express request object
- * @param response {Express.Response} - The Express response object
- * @param next {Express.NextFunction} - The Express `next` function, can be called to skip responding
+ * @param request {Request} - The Express request object
+ * @param response {Response} - The Express response object
+ * @param next {NextFunction} - The Express `next` function, can be called to skip responding
  * @param optionsUsed {Options} - The options used to set up the middleware
  */
-export declare type RateLimitExceededEventHandler = (request: Express.Request, response: Express.Response, next: Express.NextFunction, optionsUsed: Options) => void;
+export declare type RateLimitExceededEventHandler = (request: Request, response: Response, next: NextFunction, optionsUsed: Options) => void;
 /**
  * Event callback that is triggered on a client's first request that exceeds the limit
  * but not for subsequent requests. May be used for logging, etc. Should *not*
  * send a response.
  *
- * @param request {Express.Request} - The Express request object
- * @param response {Express.Response} - The Express response object
+ * @param request {Request} - The Express request object
+ * @param response {Response} - The Express response object
  * @param optionsUsed {Options} - The options used to set up the middleware
  */
-export declare type RateLimitReachedEventHandler = (request: Express.Request, response: Express.Response, optionsUsed: Options) => void;
+export declare type RateLimitReachedEventHandler = (request: Request, response: Response, optionsUsed: Options) => void;
 /**
  * Data returned from the `Store` when a client's hit counter is incremented.
  *
@@ -53,7 +53,7 @@ export declare type IncrementResponse = {
 /**
  * A modified Express request handler with the rate limit functions.
  */
-export declare type RateLimitRequestHandler = Express.RequestHandler & {
+export declare type RateLimitRequestHandler = RequestHandler & {
 	/**
 	 * Method to reset a client's hit counter.
 	 *
@@ -227,7 +227,7 @@ export interface Options {
  * The extended request object that includes information about the client's
  * rate limit.
  */
-export declare type AugmentedRequest = Express.Request & {
+export declare type AugmentedRequest = Request & {
 	[key: string]: RateLimitInfo;
 };
 /**
@@ -240,9 +240,22 @@ export interface RateLimitInfo {
 	readonly remaining: number;
 	readonly resetTime: Date | undefined;
 }
-declare const rateLimit: (passedOptions?: (Omit<Partial<Options>, "store"> & {
+/**
+ *
+ * Create an instance of IP rate-limiting middleware for Express.
+ *
+ * @param passedOptions {Options} - Options to configure the rate limiter
+ *
+ * @returns {RateLimitRequestHandler} - The middleware that rate-limits clients based on your configuration
+ *
+ * @public
+ */
+export declare const rateLimit: (passedOptions?: (Omit<Partial<Options>, "store"> & {
 	store?: LegacyStore | Store | undefined;
 }) | undefined) => RateLimitRequestHandler;
-export default rateLimit;
+
+export {
+	rateLimit as default,
+};
 
 export {};

package/dist/index.mjs

@@ -190,9 +190,7 @@ var rateLimit = (passedOptions) => {
   return middleware;
 };
 var lib_default = rateLimit;
-
-// source/index.ts
-var source_default = lib_default;
 export {
-  source_default as default
+  lib_default as default,
+  lib_default as rateLimit
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "express-rate-limit",
-	"version": "6.0.2",
+	"version": "6.1.0",
 	"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
 	"author": {
 		"name": "Nathan Friedly",
@@ -28,13 +28,15 @@
 		"attack"
 	],
 	"type": "module",
-	"types": "./dist/index.d.ts",
 	"exports": {
 		".": {
 			"import": "./dist/index.mjs",
 			"require": "./dist/index.cjs"
 		}
 	},
+	"main": "./dist/index.cjs",
+	"module": "./dist/index.mjs",
+	"types": "./dist/index.d.ts",
 	"files": [
 		"dist/",
 		"tsconfig.json",
@@ -44,12 +46,12 @@
 		"changelog.md"
 	],
 	"engines": {
-		"node": ">= 12.9.0"
+		"node": ">= 14.5.0"
 	},
 	"scripts": {
 		"clean": "del-cli dist/ coverage/ *.log *.tmp *.bak *.tgz",
-		"build:cjs": "esbuild source/index.ts --bundle --format=cjs --outfile=dist/index.cjs --footer:js='module.exports = rateLimit;'",
-		"build:esm": "esbuild source/index.ts --bundle --format=esm --outfile=dist/index.mjs",
+		"build:cjs": "esbuild --bundle --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports = rateLimit; module.exports.default = rateLimit; module.exports.rateLimit = rateLimit;\" source/index.ts",
+		"build:esm": "esbuild --bundle --format=esm --outfile=dist/index.mjs source/index.ts",
 		"build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts",
 		"compile": "run-s clean build:*",
 		"lint:code": "xo --ignore test/external/",
@@ -60,7 +62,7 @@
 		"autofix": "run-s autofix:*",
 		"test:lib": "cross-env NODE_OPTIONS=--experimental-vm-modules jest",
 		"test:ext": "cd test/external/ && bash run-all-tests",
-		"test": "npm pack && run-s lint test:*",
+		"test": "run-s lint test:*",
 		"pre-commit": "lint-staged",
 		"prepare": "run-s compile && husky install config/husky"
 	},
@@ -68,21 +70,21 @@
 		"express": "^4"
 	},
 	"devDependencies": {
-		"@jest/globals": "^27.4.2",
+		"@jest/globals": "^27.4.6",
 		"@types/express": "^4.17.13",
-		"@types/jest": "^27.0.3",
-		"@types/node": "^16.11.17",
+		"@types/jest": "^27.4.0",
+		"@types/node": "^16.11.19",
 		"@types/supertest": "^2.0.11",
 		"cross-env": "^7.0.3",
 		"del-cli": "^4.0.1",
-		"dts-bundle-generator": "^6.2.0",
-		"esbuild": "^0.14.8",
+		"dts-bundle-generator": "^6.4.0",
+		"esbuild": "^0.14.11",
 		"express": "^4.17.1",
 		"husky": "^7.0.4",
-		"jest": "^27.4.3",
-		"lint-staged": "^12.1.2",
+		"jest": "^27.4.7",
+		"lint-staged": "^12.1.7",
 		"npm-run-all": "^4.1.5",
-		"supertest": "^6.1.6",
+		"supertest": "^6.2.1",
 		"ts-jest": "^27.1.1",
 		"ts-node": "^10.4.0",
 		"typescript": "^4.5.2",
@@ -97,9 +99,7 @@
 			"@typescript-eslint/consistent-indexed-object-style": [
 				"error",
 				"index-signature"
-			],
-			"import/no-named-as-default-member": 0,
-			"import/no-cycle": 0
+			]
 		}
 	},
 	"prettier": {

package/readme.md

@@ -12,7 +12,7 @@ public APIs and/or endpoints such as password reset. Plays nice with
 
 </div>
 
-### Alternate Rate-limiters
+### Alternate Rate Limiters
 
 > This module does not share state with other processes/servers by default. If
 > you need a more robust solution, I recommend using an external store. See the
@@ -26,7 +26,7 @@ software and may be more appropriate for some situations:
 - [express-brute](https://www.npmjs.com/package/express-brute)
 - [rate-limiter](https://www.npmjs.com/package/express-limiter)
 
-## Install
+## Installation
 
 From the npm registry:
 
@@ -51,14 +51,21 @@ Replace `{version}` with the version of the package that you want to your, e.g.:
 
 ## Usage
 
-This library is provided in ESM as well as CJS forms. To import it in a CJS
-project:
+### Importing
+
+This library is provided in ESM as well as CJS forms, and works with both
+Javascript and Typescript projects.
+
+**This package requires you to use Node 14 or above.**
+
+Import it in a CommonJS project (`type: commonjs` or no `type` field in
+`package.json`) as follows:
 
 ```ts
 const rateLimit = require('express-rate-limit')
 ```
 
-To import it in a Typescript/ESM project:
+Import it in a ESM project (`type: module` in `package.json`) as follows:
 
 ```ts
 import rateLimit from 'express-rate-limit'
@@ -72,10 +79,6 @@ requests:
 ```ts
 import rateLimit from 'express-rate-limit'
 
-// Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
-// see https://expressjs.com/en/guide/behind-proxies.html
-// app.set('trust proxy', 1);
-
 const limiter = rateLimit({
 	windowMs: 15 * 60 * 1000, // 15 minutes
 	max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
@@ -94,10 +97,6 @@ requests:
 ```ts
 import rateLimit from 'express-rate-limit'
 
-// Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
-// see https://expressjs.com/en/guide/behind-proxies.html
-// app.set('trust proxy', 1);
-
 const apiLimiter = rateLimit({
 	windowMs: 15 * 60 * 1000, // 15 minutes
 	max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
@@ -114,10 +113,6 @@ To create multiple instances to apply different rules to different endpoints:
 ```ts
 import rateLimit from 'express-rate-limit'
 
-// Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
-// see https://expressjs.com/en/guide/behind-proxies.html
-// app.set('trust proxy', 1);
-
 const apiLimiter = rateLimit({
 	windowMs: 15 * 60 * 1000, // 15 minutes
 	max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
@@ -147,10 +142,6 @@ To use a custom store:
 import rateLimit from 'express-rate-limit'
 import MemoryStore from 'express-rate-limit/memory-store.js'
 
-// Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
-// see https://expressjs.com/en/guide/behind-proxies.html
-// app.set('trust proxy', 1);
-
 const apiLimiter = rateLimit({
 	windowMs: 15 * 60 * 1000, // 15 minutes
 	max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
@@ -166,6 +157,38 @@ app.use('/api', apiLimiter)
 > prefixes, when using multiple instances. The default built-in memory store is
 > an exception to this rule.
 
+### Troubleshooting Proxy Issues
+
+If you are behind a proxy/load balancer (usually the case with most hosting
+services, e.g. Heroku, Bluemix, AWS ELB, Nginx, Cloudflare, Akamai, Fastly,
+Firebase Hosting, Rackspace LB, Riverbed Stingray, etc.), the IP address of the
+request might be the IP of the load balancer/reverse proxy (making the rate
+limiter effectively a global one and blocking all requests once the limit is
+reached) or `undefined`. To solve this issue, add the following line to your
+code (right after you create the express application):
+
+```ts
+app.set('trust proxy', numberOfProxies)
+```
+
+Where `numberOfProxies` is the number of proxies between the user and the
+server. To find the correct number, create a test endpoint that returns the
+client IP:
+
+```ts
+app.set('trust proxy', 1)
+app.get('/ip', (request, response) => response.send(request.ip))
+```
+
+Go to `/ip` and see the IP address returned in the response. If it matches your
+IP address (which you can get by going to http://ip.nfriedly.com/ or
+https://api.ipify.org/), then the number of proxies is correct and the rate
+limiter should now work correctly. If not, then keep increasing the number until
+it does.
+
+For more information about the `trust proxy` setting, take a look at the
+[official Express documentation](https://expressjs.com/en/guide/behind-proxies.html).
+
 ## Request API
 
 A `request.rateLimit` property is added to all requests with the `limit`,

package/tsconfig.json

@@ -1,15 +1,13 @@
 {
+	"include": ["source/"],
+	"exclude": ["node_modules/"],
 	"compilerOptions": {
 		"declaration": true,
-
 		"strict": true,
 		"noUnusedLocals": true,
 		"noImplicitReturns": true,
 		"noFallthroughCasesInSwitch": true,
-
-		"moduleResolution": "node",
-		"esModuleInterop": true
-	},
-	"include": ["./source/**/*.ts"],
-	"exclude": ["./node_modules"]
+		"esModuleInterop": true,
+		"moduleResolution": "node"
+	}
 }