express-rate-limit 6.2.1 → 6.5.1

package/changelog.md

@@ -6,6 +6,40 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.5.0](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.5.0)
+
+## Changed
+
+- The message option can now be a (sync/asynx) function that returns a value
+  (#311)
+- Updated all dependencies
+
+## [6.4.0](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.3.0)
+
+### Added
+
+- Adds Express 5 (`5.0.0-beta.1`) as a supported peer dependency (#304)
+
+## Changed
+
+- Tests are now run on Node 12, 14, 16 and 18 on CI (#305)
+- Updated all development dependencies (#306)
+
+## [6.3.0](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.3.0)
+
+### Changed
+
+- Changes the build target to es2019 so that ESBuild outputs code that can run
+  with Node 12.
+- Changes the minimum required Node version to 12.9.0.
+
+## [6.2.1](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.2.1)
+
+### Fixed
+
+- Use the default value for an option when `undefined` is passed to the rate
+  limiter.
+
 ## [6.2.0](https://github.com/nfriedly/express-rate-limit/releases/tag/v6.2.0)
 
 ### Added

package/dist/index.cjs

@@ -1,25 +1,21 @@
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __markAsModule = (target) => __defProp(target, "__esModule", { value: true });
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
-var __reExport = (target, module2, copyDefault, desc) => {
-  if (module2 && typeof module2 === "object" || typeof module2 === "function") {
-    for (let key of __getOwnPropNames(module2))
-      if (!__hasOwnProp.call(target, key) && (copyDefault || key !== "default"))
-        __defProp(target, key, { get: () => module2[key], enumerable: !(desc = __getOwnPropDesc(module2, key)) || desc.enumerable });
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
   }
-  return target;
+  return to;
 };
-var __toCommonJS = /* @__PURE__ */ ((cache) => {
-  return (module2, temp) => {
-    return cache && cache.get(module2) || (temp = __reExport(__markAsModule({}), module2, 1), cache && cache.set(module2, temp), temp);
-  };
-})(typeof WeakMap !== "undefined" ? /* @__PURE__ */ new WeakMap() : 0);
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // source/index.ts
 var source_exports = {};
@@ -28,6 +24,7 @@ __export(source_exports, {
   default: () => lib_default,
   rateLimit: () => lib_default
 });
+module.exports = __toCommonJS(source_exports);
 
 // source/memory-store.ts
 var calculateNextResetTime = (windowMs) => {
@@ -48,7 +45,8 @@ var MemoryStore = class {
     }
   }
   async increment(key) {
-    const totalHits = (this.hits[key] ?? 0) + 1;
+    var _a;
+    const totalHits = ((_a = this.hits[key]) != null ? _a : 0) + 1;
     this.hits[key] = totalHits;
     return {
       totalHits,
@@ -88,45 +86,50 @@ var promisifyStore = (passedStore) => {
       });
     }
     async decrement(key) {
-      return Promise.resolve(legacyStore.decrement(key));
+      return legacyStore.decrement(key);
     }
     async resetKey(key) {
-      return Promise.resolve(legacyStore.resetKey(key));
+      return legacyStore.resetKey(key);
     }
     async resetAll() {
       if (typeof legacyStore.resetAll === "function")
-        return Promise.resolve(legacyStore.resetAll());
+        return legacyStore.resetAll();
     }
   }
   return new PromisifiedStore();
 };
 var parseOptions = (passedOptions) => {
+  var _a, _b, _c;
   const notUndefinedOptions = omitUndefinedOptions(passedOptions);
   const config = {
     windowMs: 60 * 1e3,
     max: 5,
     message: "Too many requests, please try again later.",
     statusCode: 429,
-    legacyHeaders: passedOptions.headers ?? true,
-    standardHeaders: passedOptions.draft_polli_ratelimit_headers ?? false,
+    legacyHeaders: (_a = passedOptions.headers) != null ? _a : true,
+    standardHeaders: (_b = passedOptions.draft_polli_ratelimit_headers) != null ? _b : false,
     requestPropertyName: "rateLimit",
     skipFailedRequests: false,
     skipSuccessfulRequests: false,
     requestWasSuccessful: (_request, response) => response.statusCode < 400,
     skip: (_request, _response) => false,
-    keyGenerator: (request, _response) => {
+    keyGenerator(request, _response) {
       if (!request.ip) {
         console.error("WARN | `express-rate-limit` | `request.ip` is undefined. You can avoid this by providing a custom `keyGenerator` function, but it may be indicative of a larger issue.");
       }
       return request.ip;
     },
-    handler: (_request, response, _next, _optionsUsed) => {
-      response.status(config.statusCode).send(config.message);
+    async handler(request, response, _next, _optionsUsed) {
+      response.status(config.statusCode);
+      const message = typeof config.message === "function" ? await config.message(request, response) : config.message;
+      if (!response.writableEnded) {
+        response.send(message != null ? message : "Too many requests, please try again later.");
+      }
     },
-    onLimitReached: (_request, _response, _optionsUsed) => {
+    onLimitReached(_request, _response, _optionsUsed) {
     },
     ...notUndefinedOptions,
-    store: promisifyStore(notUndefinedOptions.store ?? new MemoryStore())
+    store: promisifyStore((_c = notUndefinedOptions.store) != null ? _c : new MemoryStore())
   };
   if (typeof config.store.increment !== "function" || typeof config.store.decrement !== "function" || typeof config.store.resetKey !== "function" || typeof config.store.resetAll !== "undefined" && typeof config.store.resetAll !== "function" || typeof config.store.init !== "undefined" && typeof config.store.init !== "function") {
     throw new TypeError("An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface.");
@@ -141,7 +144,7 @@ var handleAsyncErrors = (fn) => async (request, response, next) => {
   }
 };
 var rateLimit = (passedOptions) => {
-  const options = parseOptions(passedOptions ?? {});
+  const options = parseOptions(passedOptions != null ? passedOptions : {});
   if (typeof options.store.init === "function")
     options.store.init(options);
   const middleware = handleAsyncErrors(async (request, response, next) => {
@@ -231,5 +234,4 @@ var omitUndefinedOptions = (passedOptions) => {
   return omittedOptions;
 };
 var lib_default = rateLimit;
-module.exports = __toCommonJS(source_exports);
 module.exports = rateLimit; module.exports.default = rateLimit; module.exports.rateLimit = rateLimit; module.exports.MemoryStore = MemoryStore;

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-// Generated by dts-bundle-generator v6.4.0
+// Generated by dts-bundle-generator v6.12.0
 
 import { NextFunction, Request, RequestHandler, Response } from 'express';
 
@@ -152,7 +152,7 @@ export interface Options {
 	 *
 	 * Defaults to `'Too many requests, please try again later.'`
 	 */
-	readonly message: any;
+	readonly message: any | ValueDeterminingMiddleware<any>;
 	/**
 	 * The HTTP status code to send back when a client is rate limited.
 	 *
@@ -276,7 +276,7 @@ export interface RateLimitInfo {
  *
  * @public
  */
-export declare const rateLimit: (passedOptions?: Partial<Options> | undefined) => RateLimitRequestHandler;
+export declare const rateLimit: (passedOptions?: Partial<Options>) => RateLimitRequestHandler;
 /**
  * A `Store` that stores the hit count for each client in memory.
  *

package/dist/index.mjs

@@ -17,7 +17,8 @@ var MemoryStore = class {
     }
   }
   async increment(key) {
-    const totalHits = (this.hits[key] ?? 0) + 1;
+    var _a;
+    const totalHits = ((_a = this.hits[key]) != null ? _a : 0) + 1;
     this.hits[key] = totalHits;
     return {
       totalHits,
@@ -57,45 +58,50 @@ var promisifyStore = (passedStore) => {
       });
     }
     async decrement(key) {
-      return Promise.resolve(legacyStore.decrement(key));
+      return legacyStore.decrement(key);
     }
     async resetKey(key) {
-      return Promise.resolve(legacyStore.resetKey(key));
+      return legacyStore.resetKey(key);
     }
     async resetAll() {
       if (typeof legacyStore.resetAll === "function")
-        return Promise.resolve(legacyStore.resetAll());
+        return legacyStore.resetAll();
     }
   }
   return new PromisifiedStore();
 };
 var parseOptions = (passedOptions) => {
+  var _a, _b, _c;
   const notUndefinedOptions = omitUndefinedOptions(passedOptions);
   const config = {
     windowMs: 60 * 1e3,
     max: 5,
     message: "Too many requests, please try again later.",
     statusCode: 429,
-    legacyHeaders: passedOptions.headers ?? true,
-    standardHeaders: passedOptions.draft_polli_ratelimit_headers ?? false,
+    legacyHeaders: (_a = passedOptions.headers) != null ? _a : true,
+    standardHeaders: (_b = passedOptions.draft_polli_ratelimit_headers) != null ? _b : false,
     requestPropertyName: "rateLimit",
     skipFailedRequests: false,
     skipSuccessfulRequests: false,
     requestWasSuccessful: (_request, response) => response.statusCode < 400,
     skip: (_request, _response) => false,
-    keyGenerator: (request, _response) => {
+    keyGenerator(request, _response) {
       if (!request.ip) {
         console.error("WARN | `express-rate-limit` | `request.ip` is undefined. You can avoid this by providing a custom `keyGenerator` function, but it may be indicative of a larger issue.");
       }
       return request.ip;
     },
-    handler: (_request, response, _next, _optionsUsed) => {
-      response.status(config.statusCode).send(config.message);
+    async handler(request, response, _next, _optionsUsed) {
+      response.status(config.statusCode);
+      const message = typeof config.message === "function" ? await config.message(request, response) : config.message;
+      if (!response.writableEnded) {
+        response.send(message != null ? message : "Too many requests, please try again later.");
+      }
     },
-    onLimitReached: (_request, _response, _optionsUsed) => {
+    onLimitReached(_request, _response, _optionsUsed) {
     },
     ...notUndefinedOptions,
-    store: promisifyStore(notUndefinedOptions.store ?? new MemoryStore())
+    store: promisifyStore((_c = notUndefinedOptions.store) != null ? _c : new MemoryStore())
   };
   if (typeof config.store.increment !== "function" || typeof config.store.decrement !== "function" || typeof config.store.resetKey !== "function" || typeof config.store.resetAll !== "undefined" && typeof config.store.resetAll !== "function" || typeof config.store.init !== "undefined" && typeof config.store.init !== "function") {
     throw new TypeError("An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface.");
@@ -110,7 +116,7 @@ var handleAsyncErrors = (fn) => async (request, response, next) => {
   }
 };
 var rateLimit = (passedOptions) => {
-  const options = parseOptions(passedOptions ?? {});
+  const options = parseOptions(passedOptions != null ? passedOptions : {});
   if (typeof options.store.init === "function")
     options.store.init(options);
   const middleware = handleAsyncErrors(async (request, response, next) => {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "express-rate-limit",
-	"version": "6.2.1",
+	"version": "6.5.1",
 	"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
 	"author": {
 		"name": "Nathan Friedly",
@@ -46,12 +46,12 @@
 		"changelog.md"
 	],
 	"engines": {
-		"node": ">= 14.5.0"
+		"node": ">= 12.9.0"
 	},
 	"scripts": {
 		"clean": "del-cli dist/ coverage/ *.log *.tmp *.bak *.tgz",
-		"build:cjs": "esbuild --bundle --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports = rateLimit; module.exports.default = rateLimit; module.exports.rateLimit = rateLimit; module.exports.MemoryStore = MemoryStore;\" source/index.ts",
-		"build:esm": "esbuild --bundle --format=esm --outfile=dist/index.mjs source/index.ts",
+		"build:cjs": "esbuild --bundle --target=es2019 --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports = rateLimit; module.exports.default = rateLimit; module.exports.rateLimit = rateLimit; module.exports.MemoryStore = MemoryStore;\" source/index.ts",
+		"build:esm": "esbuild --bundle --target=es2019 --format=esm --outfile=dist/index.mjs source/index.ts",
 		"build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts",
 		"compile": "run-s clean build:*",
 		"lint:code": "xo --ignore test/external/",
@@ -67,28 +67,28 @@
 		"prepare": "run-s compile && husky install config/husky"
 	},
 	"peerDependencies": {
-		"express": "^4"
+		"express": "^4 || ^5"
 	},
 	"devDependencies": {
-		"@jest/globals": "^27.4.6",
-		"@types/express": "^4.17.13",
-		"@types/jest": "^27.4.0",
-		"@types/node": "^16.11.21",
-		"@types/supertest": "^2.0.11",
-		"cross-env": "^7.0.3",
-		"del-cli": "^4.0.1",
-		"dts-bundle-generator": "^6.4.0",
-		"esbuild": "^0.14.12",
-		"express": "^4.17.1",
-		"husky": "^7.0.4",
-		"jest": "^27.4.7",
-		"lint-staged": "^12.2.2",
-		"npm-run-all": "^4.1.5",
-		"supertest": "^6.2.2",
-		"ts-jest": "^27.1.3",
-		"ts-node": "^10.4.0",
-		"typescript": "^4.5.5",
-		"xo": "^0.47.0"
+		"@jest/globals": "28.1.3",
+		"@types/express": "4.17.13",
+		"@types/jest": "28.1.6",
+		"@types/node": "18.0.6",
+		"@types/supertest": "2.0.12",
+		"cross-env": "7.0.3",
+		"del-cli": "4.0.1",
+		"dts-bundle-generator": "6.12.0",
+		"esbuild": "0.14.49",
+		"express": "4.18.1",
+		"husky": "8.0.1",
+		"jest": "28.1.3",
+		"lint-staged": "13.0.3",
+		"npm-run-all": "4.1.5",
+		"supertest": "6.2.4",
+		"ts-jest": "28.0.7",
+		"ts-node": "10.9.1",
+		"typescript": "4.7.4",
+		"xo": "0.49.0"
 	},
 	"xo": {
 		"prettier": true,

package/readme.md

@@ -239,11 +239,30 @@ const limiter = rateLimit({
 The response body to send back when a client is rate limited.
 
 May be a `string`, JSON object, or any other value that Express's
-[response.send](https://expressjs.com/en/4x/api.html#response.send) method
-supports.
+[`response.send`](https://expressjs.com/en/4x/api.html#res.send) method
+supports. It can also be a (sync/async) function that accepts the Express
+request and response objects and then returns a `string`, JSON object or any
+other value the Express `response.send` function accepts.
 
 Defaults to `'Too many requests, please try again later.'`
 
+An example of using a function:
+
+```ts
+const isPremium = async (user) => {
+	// ...
+}
+
+const limiter = rateLimit({
+	// ...
+	message: async (request, response) => {
+		if (await isPremium(request.user))
+			return 'You can only make 10 requests every hour.'
+		else return 'You can only make 5 requests every hour.'
+	},
+})
+```
+
 ### `statusCode`
 
 > `number`
@@ -348,7 +367,8 @@ const limiter = rateLimit({
 Express request handler that sends back a response when a client is
 rate-limited.
 
-By default, sends back the `statusCode` and `message` set via the options:
+By default, sends back the `statusCode` and `message` set via the `options`,
+similar to this:
 
 ```ts
 const limiter = rateLimit({