express-rate-limit 6.11.0 → 6.11.1

package/changelog.md

@@ -6,6 +6,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.11.1](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v6.11.1)
+
+### Fixed
+
+- Check for prefixed keys when validating that the stores have single counted
+  keys (See
+  [#395](https://github.com/express-rate-limit/express-rate-limit/issues/395)).
+
 ## [6.11.0](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v6.11.0)
 
 ### Added

package/dist/index.cjs

@@ -211,6 +211,7 @@ var _Validations = class _Validations {
    */
   singleCount(request, store, key) {
     this.wrap(() => {
+      var _a;
       let storeKeys = _Validations.singleCountKeys.get(request);
       if (!storeKeys) {
         storeKeys = /* @__PURE__ */ new Map();
@@ -222,13 +223,14 @@ var _Validations = class _Validations {
         keys = [];
         storeKeys.set(storeKey, keys);
       }
-      if (keys.includes(key)) {
+      const prefixedKey = `${(_a = store.prefix) != null ? _a : ""}${key}`;
+      if (keys.includes(prefixedKey)) {
         throw new ValidationError(
           "ERR_ERL_DOUBLE_COUNT",
           `The hit count for ${key} was incremented more than once for a single request.`
         );
       }
-      keys.push(key);
+      keys.push(prefixedKey);
     });
   }
   /**

package/dist/index.d.cts

@@ -154,6 +154,12 @@ export type Store = {
 	 * Used to help detect double-counting misconfigurations.
 	 */
 	localKeys?: boolean;
+	/**
+	 * Optional value that the store prepends to keys
+	 *
+	 * Used by the double-count check to avoid false-positives when a key is counted twice, but with different prefixes
+	 */
+	prefix?: string;
 };
 export type DraftHeadersVersion = "draft-6" | "draft-7";
 /**

package/dist/index.d.mts

@@ -154,6 +154,12 @@ export type Store = {
 	 * Used to help detect double-counting misconfigurations.
 	 */
 	localKeys?: boolean;
+	/**
+	 * Optional value that the store prepends to keys
+	 *
+	 * Used by the double-count check to avoid false-positives when a key is counted twice, but with different prefixes
+	 */
+	prefix?: string;
 };
 export type DraftHeadersVersion = "draft-6" | "draft-7";
 /**

package/dist/index.d.ts

@@ -154,6 +154,12 @@ export type Store = {
 	 * Used to help detect double-counting misconfigurations.
 	 */
 	localKeys?: boolean;
+	/**
+	 * Optional value that the store prepends to keys
+	 *
+	 * Used by the double-count check to avoid false-positives when a key is counted twice, but with different prefixes
+	 */
+	prefix?: string;
 };
 export type DraftHeadersVersion = "draft-6" | "draft-7";
 /**

package/dist/index.mjs

@@ -185,6 +185,7 @@ var _Validations = class _Validations {
    */
   singleCount(request, store, key) {
     this.wrap(() => {
+      var _a;
       let storeKeys = _Validations.singleCountKeys.get(request);
       if (!storeKeys) {
         storeKeys = /* @__PURE__ */ new Map();
@@ -196,13 +197,14 @@ var _Validations = class _Validations {
         keys = [];
         storeKeys.set(storeKey, keys);
       }
-      if (keys.includes(key)) {
+      const prefixedKey = `${(_a = store.prefix) != null ? _a : ""}${key}`;
+      if (keys.includes(prefixedKey)) {
         throw new ValidationError(
           "ERR_ERL_DOUBLE_COUNT",
           `The hit count for ${key} was incremented more than once for a single request.`
         );
       }
-      keys.push(key);
+      keys.push(prefixedKey);
     });
   }
   /**

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "express-rate-limit",
-	"version": "6.11.0",
+	"version": "6.11.1",
 	"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
 	"author": {
 		"name": "Nathan Friedly",