express-rate-limit 6.7.0 → 6.7.2

package/changelog.md

@@ -6,15 +6,31 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to
 [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.7.1](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v6.7.1)
+
+### Fixed
+
+- Fixed compatibility with TypeScript's TypeScript new `node16` module
+  resolution strategy (See
+  [#355](https://github.com/express-rate-limit/express-rate-limit/issues/355))
+
+### Changed
+
+- Bumped development dependencies.
+- Added `node` 20 to list of versions the CI jobs run on.
+
+No functional changes.
+
 ## [6.7.0](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v6.7.0)
 
 ### Changed
 
-- Updated links to point to new express-rate-limit organization on GitHub.
-- Added advertisement to Readme for project sponsor
+- Updated links to point to the new `express-rate-limit` organization on GitHub.
+- Added advertisement to `readme.md` for project sponsor
   [Zuplo](https://zuplo.link/express-rate-limit).
-- Updated TypeScript version and other dev dependencies
-- Changed CI test suite: dropped node.js 12, added node.js 19
+- Updated to `typescript` version 5 and bumped other dependencies.
+- Dropped `node` 12, and added `node` 19 to the list of versions the CI jobs run
+  on.
 
 No functional changes.
 

package/dist/index.cjs

@@ -3,6 +3,7 @@ var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -16,6 +17,10 @@ var __copyProps = (to, from, except, desc) => {
   return to;
 };
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => {
+  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+  return value;
+};
 
 // source/index.ts
 var source_exports = {};
@@ -28,11 +33,34 @@ module.exports = __toCommonJS(source_exports);
 
 // source/memory-store.ts
 var calculateNextResetTime = (windowMs) => {
-  const resetTime = new Date();
+  const resetTime = /* @__PURE__ */ new Date();
   resetTime.setMilliseconds(resetTime.getMilliseconds() + windowMs);
   return resetTime;
 };
 var MemoryStore = class {
+  constructor() {
+    /**
+     * The duration of time before which all hit counts are reset (in milliseconds).
+     */
+    __publicField(this, "windowMs");
+    /**
+     * The map that stores the number of hits for each client in memory.
+     */
+    __publicField(this, "hits");
+    /**
+     * The time at which all hit counts will be reset.
+     */
+    __publicField(this, "resetTime");
+    /**
+     * Reference to the active timer.
+     */
+    __publicField(this, "interval");
+  }
+  /**
+   * Method that initializes the store.
+   *
+   * @param options {Options} - The options used to setup the middleware.
+   */
   init(options) {
     this.windowMs = options.windowMs;
     this.resetTime = calculateNextResetTime(this.windowMs);
@@ -43,6 +71,15 @@ var MemoryStore = class {
     if (this.interval.unref)
       this.interval.unref();
   }
+  /**
+   * Method to increment a client's hit counter.
+   *
+   * @param key {string} - The identifier for a client.
+   *
+   * @returns {IncrementResponse} - The number of hits and reset time for that client.
+   *
+   * @public
+   */
   async increment(key) {
     var _a;
     const totalHits = ((_a = this.hits[key]) != null ? _a : 0) + 1;
@@ -52,25 +89,54 @@ var MemoryStore = class {
       resetTime: this.resetTime
     };
   }
+  /**
+   * Method to decrement a client's hit counter.
+   *
+   * @param key {string} - The identifier for a client.
+   *
+   * @public
+   */
   async decrement(key) {
     const current = this.hits[key];
     if (current)
       this.hits[key] = current - 1;
   }
+  /**
+   * Method to reset a client's hit counter.
+   *
+   * @param key {string} - The identifier for a client.
+   *
+   * @public
+   */
   async resetKey(key) {
     delete this.hits[key];
   }
+  /**
+   * Method to reset everyone's hit counter.
+   *
+   * @public
+   */
   async resetAll() {
     this.hits = {};
     this.resetTime = calculateNextResetTime(this.windowMs);
   }
+  /**
+   * Method to stop the timer (if currently running) and prevent any memory
+   * leaks.
+   *
+   * @public
+   */
   shutdown() {
     clearInterval(this.interval);
   }
 };
 
 // source/lib.ts
-var isLegacyStore = (store) => typeof store.incr === "function" && typeof store.increment !== "function";
+var isLegacyStore = (store) => (
+  // Check that `incr` exists but `increment` does not - store authors might want
+  // to keep both around for backwards compatibility.
+  typeof store.incr === "function" && typeof store.increment !== "function"
+);
 var promisifyStore = (passedStore) => {
   if (!isLegacyStore(passedStore)) {
     return passedStore;
@@ -137,10 +203,13 @@ var parseOptions = (passedOptions) => {
     },
     onLimitReached(_request, _response, _optionsUsed) {
     },
+    // Allow the options object to be overriden by the options passed to the middleware.
     ...notUndefinedOptions,
+    // Note that this field is declared after the user's options are spread in,
+    // so that this field doesn't get overriden with an un-promisified store!
     store: promisifyStore((_c = notUndefinedOptions.store) != null ? _c : new MemoryStore())
   };
-  if (typeof config.store.increment !== "function" || typeof config.store.decrement !== "function" || typeof config.store.resetKey !== "function" || typeof config.store.resetAll !== "undefined" && typeof config.store.resetAll !== "function" || typeof config.store.init !== "undefined" && typeof config.store.init !== "function") {
+  if (typeof config.store.increment !== "function" || typeof config.store.decrement !== "function" || typeof config.store.resetKey !== "function" || config.store.resetAll !== void 0 && typeof config.store.resetAll !== "function" || config.store.init !== void 0 && typeof config.store.init !== "function") {
     throw new TypeError(
       "An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface."
     );
@@ -183,7 +252,7 @@ var rateLimit = (passedOptions) => {
           augmentedRequest[options.requestPropertyName].remaining
         );
         if (resetTime instanceof Date) {
-          response.setHeader("Date", new Date().toUTCString());
+          response.setHeader("Date", (/* @__PURE__ */ new Date()).toUTCString());
           response.setHeader(
             "X-RateLimit-Reset",
             Math.ceil(resetTime.getTime() / 1e3)

package/dist/index.d.cts

@@ -0,0 +1,359 @@
+// Generated by dts-bundle-generator v7.0.0
+
+import { NextFunction, Request, RequestHandler, Response } from 'express';
+
+/**
+ * Callback that fires when a client's hit counter is incremented.
+ *
+ * @param error {Error | undefined} - The error that occurred, if any.
+ * @param totalHits {number} - The number of hits for that client so far.
+ * @param resetTime {Date | undefined} - The time when the counter resets.
+ */
+export type IncrementCallback = (error: Error | undefined, totalHits: number, resetTime: Date | undefined) => void;
+/**
+ * Method (in the form of middleware) to generate/retrieve a value based on the
+ * incoming request.
+ *
+ * @param request {Request} - The Express request object.
+ * @param response {Response} - The Express response object.
+ *
+ * @returns {T} - The value needed.
+ */
+export type ValueDeterminingMiddleware<T> = (request: Request, response: Response) => T | Promise<T>;
+/**
+ * Express request handler that sends back a response when a client is
+ * rate-limited.
+ *
+ * @param request {Request} - The Express request object.
+ * @param response {Response} - The Express response object.
+ * @param next {NextFunction} - The Express `next` function, can be called to skip responding.
+ * @param optionsUsed {Options} - The options used to set up the middleware.
+ */
+export type RateLimitExceededEventHandler = (request: Request, response: Response, next: NextFunction, optionsUsed: Options) => void;
+/**
+ * Event callback that is triggered on a client's first request that exceeds the limit
+ * but not for subsequent requests. May be used for logging, etc. Should *not*
+ * send a response.
+ *
+ * @param request {Request} - The Express request object.
+ * @param response {Response} - The Express response object.
+ * @param optionsUsed {Options} - The options used to set up the middleware.
+ */
+export type RateLimitReachedEventHandler = (request: Request, response: Response, optionsUsed: Options) => void;
+/**
+ * Data returned from the `Store` when a client's hit counter is incremented.
+ *
+ * @property totalHits {number} - The number of hits for that client so far.
+ * @property resetTime {Date | undefined} - The time when the counter resets.
+ */
+export type IncrementResponse = {
+	totalHits: number;
+	resetTime: Date | undefined;
+};
+/**
+ * A modified Express request handler with the rate limit functions.
+ */
+export type RateLimitRequestHandler = RequestHandler & {
+	/**
+	 * Method to reset a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	resetKey: (key: string) => void;
+};
+/**
+ * An interface that all hit counter stores must implement.
+ *
+ * @deprecated 6.x - Implement the `Store` interface instead.
+ */
+export type LegacyStore = {
+	/**
+	 * Method to increment a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 * @param callback {IncrementCallback} - The callback to call once the counter is incremented.
+	 */
+	incr: (key: string, callback: IncrementCallback) => void;
+	/**
+	 * Method to decrement a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	decrement: (key: string) => void;
+	/**
+	 * Method to reset a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	resetKey: (key: string) => void;
+	/**
+	 * Method to reset everyone's hit counter.
+	 */
+	resetAll?: () => void;
+};
+/**
+ * An interface that all hit counter stores must implement.
+ */
+export type Store = {
+	/**
+	 * Method that initializes the store, and has access to the options passed to
+	 * the middleware too.
+	 *
+	 * @param options {Options} - The options used to setup the middleware.
+	 */
+	init?: (options: Options) => void;
+	/**
+	 * Method to increment a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 *
+	 * @returns {IncrementResponse} - The number of hits and reset time for that client.
+	 */
+	increment: (key: string) => Promise<IncrementResponse> | IncrementResponse;
+	/**
+	 * Method to decrement a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	decrement: (key: string) => Promise<void> | void;
+	/**
+	 * Method to reset a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	resetKey: (key: string) => Promise<void> | void;
+	/**
+	 * Method to reset everyone's hit counter.
+	 */
+	resetAll?: () => Promise<void> | void;
+	/**
+	 * Method to shutdown the store, stop timers, and release all resources.
+	 */
+	shutdown?: () => Promise<void> | void;
+};
+/**
+ * The configuration options for the rate limiter.
+ */
+export type Options = {
+	/**
+	 * How long we should remember the requests.
+	 *
+	 * Defaults to `60000` ms (= 1 minute).
+	 */
+	readonly windowMs: number;
+	/**
+	 * The maximum number of connections to allow during the `window` before
+	 * rate limiting the client.
+	 *
+	 * Can be the limit itself as a number or express middleware that parses
+	 * the request and then figures out the limit.
+	 *
+	 * Defaults to `5`.
+	 */
+	readonly max: number | ValueDeterminingMiddleware<number>;
+	/**
+	 * The response body to send back when a client is rate limited.
+	 *
+	 * Defaults to `'Too many requests, please try again later.'`
+	 */
+	readonly message: any | ValueDeterminingMiddleware<any>;
+	/**
+	 * The HTTP status code to send back when a client is rate limited.
+	 *
+	 * Defaults to `HTTP 429 Too Many Requests` (RFC 6585).
+	 */
+	readonly statusCode: number;
+	/**
+	 * Whether to send `X-RateLimit-*` headers with the rate limit and the number
+	 * of requests.
+	 *
+	 * Defaults to `true` (for backward compatibility).
+	 */
+	readonly legacyHeaders: boolean;
+	/**
+	 * Whether to enable support for the standardized rate limit headers (`RateLimit-*`).
+	 *
+	 * Defaults to `false` (for backward compatibility, but its use is recommended).
+	 */
+	readonly standardHeaders: boolean;
+	/**
+	 * The name of the property on the request object to store the rate limit info.
+	 *
+	 * Defaults to `rateLimit`.
+	 */
+	readonly requestPropertyName: string;
+	/**
+	 * If `true`, the library will (by default) skip all requests that have a 4XX
+	 * or 5XX status.
+	 *
+	 * Defaults to `false`.
+	 */
+	readonly skipFailedRequests: boolean;
+	/**
+	 * If `true`, the library will (by default) skip all requests that have a
+	 * status code less than 400.
+	 *
+	 * Defaults to `false`.
+	 */
+	readonly skipSuccessfulRequests: boolean;
+	/**
+	 * Method to generate custom identifiers for clients.
+	 *
+	 * By default, the client's IP address is used.
+	 */
+	readonly keyGenerator: ValueDeterminingMiddleware<string>;
+	/**
+	 * Express request handler that sends back a response when a client is
+	 * rate-limited.
+	 *
+	 * By default, sends back the `statusCode` and `message` set via the options.
+	 */
+	readonly handler: RateLimitExceededEventHandler;
+	/**
+	 * Express request handler that sends back a response when a client has
+	 * reached their rate limit, and will be rate limited on their next request.
+	 *
+	 * @deprecated 6.x - Please use a custom `handler` that checks the number of
+	 * hits instead.
+	 */
+	readonly onLimitReached: RateLimitReachedEventHandler;
+	/**
+	 * Method (in the form of middleware) to determine whether or not this request
+	 * counts towards a client's quota.
+	 *
+	 * By default, skips no requests.
+	 */
+	readonly skip: ValueDeterminingMiddleware<boolean>;
+	/**
+	 * Method to determine whether or not the request counts as 'succesful'. Used
+	 * when either `skipSuccessfulRequests` or `skipFailedRequests` is set to true.
+	 *
+	 * By default, requests with a response status code less than 400 are considered
+	 * successful.
+	 */
+	readonly requestWasSuccessful: ValueDeterminingMiddleware<boolean>;
+	/**
+	 * The `Store` to use to store the hit count for each client.
+	 *
+	 * By default, the built-in `MemoryStore` will be used.
+	 */
+	store: Store | LegacyStore;
+	/**
+	 * Whether to send `X-RateLimit-*` headers with the rate limit and the number
+	 * of requests.
+	 *
+	 * @deprecated 6.x - This option was renamed to `legacyHeaders`.
+	 */
+	headers?: boolean;
+	/**
+	 * Whether to send `RateLimit-*` headers with the rate limit and the number
+	 * of requests.
+	 *
+	 * @deprecated 6.x - This option was renamed to `standardHeaders`.
+	 */
+	draft_polli_ratelimit_headers?: boolean;
+};
+/**
+ * The extended request object that includes information about the client's
+ * rate limit.
+ */
+export type AugmentedRequest = Request & {
+	[key: string]: RateLimitInfo;
+};
+/**
+ * The rate limit related information for each client included in the
+ * Express request object.
+ */
+export type RateLimitInfo = {
+	readonly limit: number;
+	readonly current: number;
+	readonly remaining: number;
+	readonly resetTime: Date | undefined;
+};
+/**
+ *
+ * Create an instance of IP rate-limiting middleware for Express.
+ *
+ * @param passedOptions {Options} - Options to configure the rate limiter.
+ *
+ * @returns {RateLimitRequestHandler} - The middleware that rate-limits clients based on your configuration.
+ *
+ * @public
+ */
+export declare const rateLimit: (passedOptions?: Partial<Options>) => RateLimitRequestHandler;
+/**
+ * A `Store` that stores the hit count for each client in memory.
+ *
+ * @public
+ */
+export declare class MemoryStore implements Store {
+	/**
+	 * The duration of time before which all hit counts are reset (in milliseconds).
+	 */
+	windowMs: number;
+	/**
+	 * The map that stores the number of hits for each client in memory.
+	 */
+	hits: {
+		[key: string]: number | undefined;
+	};
+	/**
+	 * The time at which all hit counts will be reset.
+	 */
+	resetTime: Date;
+	/**
+	 * Reference to the active timer.
+	 */
+	interval?: NodeJS.Timer;
+	/**
+	 * Method that initializes the store.
+	 *
+	 * @param options {Options} - The options used to setup the middleware.
+	 */
+	init(options: Options): void;
+	/**
+	 * Method to increment a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 *
+	 * @returns {IncrementResponse} - The number of hits and reset time for that client.
+	 *
+	 * @public
+	 */
+	increment(key: string): Promise<IncrementResponse>;
+	/**
+	 * Method to decrement a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 *
+	 * @public
+	 */
+	decrement(key: string): Promise<void>;
+	/**
+	 * Method to reset a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 *
+	 * @public
+	 */
+	resetKey(key: string): Promise<void>;
+	/**
+	 * Method to reset everyone's hit counter.
+	 *
+	 * @public
+	 */
+	resetAll(): Promise<void>;
+	/**
+	 * Method to stop the timer (if currently running) and prevent any memory
+	 * leaks.
+	 *
+	 * @public
+	 */
+	shutdown(): void;
+}
+
+export {
+	rateLimit as default,
+};
+
+export {};

package/dist/index.d.mts

@@ -0,0 +1,359 @@
+// Generated by dts-bundle-generator v7.0.0
+
+import { NextFunction, Request, RequestHandler, Response } from 'express';
+
+/**
+ * Callback that fires when a client's hit counter is incremented.
+ *
+ * @param error {Error | undefined} - The error that occurred, if any.
+ * @param totalHits {number} - The number of hits for that client so far.
+ * @param resetTime {Date | undefined} - The time when the counter resets.
+ */
+export type IncrementCallback = (error: Error | undefined, totalHits: number, resetTime: Date | undefined) => void;
+/**
+ * Method (in the form of middleware) to generate/retrieve a value based on the
+ * incoming request.
+ *
+ * @param request {Request} - The Express request object.
+ * @param response {Response} - The Express response object.
+ *
+ * @returns {T} - The value needed.
+ */
+export type ValueDeterminingMiddleware<T> = (request: Request, response: Response) => T | Promise<T>;
+/**
+ * Express request handler that sends back a response when a client is
+ * rate-limited.
+ *
+ * @param request {Request} - The Express request object.
+ * @param response {Response} - The Express response object.
+ * @param next {NextFunction} - The Express `next` function, can be called to skip responding.
+ * @param optionsUsed {Options} - The options used to set up the middleware.
+ */
+export type RateLimitExceededEventHandler = (request: Request, response: Response, next: NextFunction, optionsUsed: Options) => void;
+/**
+ * Event callback that is triggered on a client's first request that exceeds the limit
+ * but not for subsequent requests. May be used for logging, etc. Should *not*
+ * send a response.
+ *
+ * @param request {Request} - The Express request object.
+ * @param response {Response} - The Express response object.
+ * @param optionsUsed {Options} - The options used to set up the middleware.
+ */
+export type RateLimitReachedEventHandler = (request: Request, response: Response, optionsUsed: Options) => void;
+/**
+ * Data returned from the `Store` when a client's hit counter is incremented.
+ *
+ * @property totalHits {number} - The number of hits for that client so far.
+ * @property resetTime {Date | undefined} - The time when the counter resets.
+ */
+export type IncrementResponse = {
+	totalHits: number;
+	resetTime: Date | undefined;
+};
+/**
+ * A modified Express request handler with the rate limit functions.
+ */
+export type RateLimitRequestHandler = RequestHandler & {
+	/**
+	 * Method to reset a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	resetKey: (key: string) => void;
+};
+/**
+ * An interface that all hit counter stores must implement.
+ *
+ * @deprecated 6.x - Implement the `Store` interface instead.
+ */
+export type LegacyStore = {
+	/**
+	 * Method to increment a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 * @param callback {IncrementCallback} - The callback to call once the counter is incremented.
+	 */
+	incr: (key: string, callback: IncrementCallback) => void;
+	/**
+	 * Method to decrement a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	decrement: (key: string) => void;
+	/**
+	 * Method to reset a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	resetKey: (key: string) => void;
+	/**
+	 * Method to reset everyone's hit counter.
+	 */
+	resetAll?: () => void;
+};
+/**
+ * An interface that all hit counter stores must implement.
+ */
+export type Store = {
+	/**
+	 * Method that initializes the store, and has access to the options passed to
+	 * the middleware too.
+	 *
+	 * @param options {Options} - The options used to setup the middleware.
+	 */
+	init?: (options: Options) => void;
+	/**
+	 * Method to increment a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 *
+	 * @returns {IncrementResponse} - The number of hits and reset time for that client.
+	 */
+	increment: (key: string) => Promise<IncrementResponse> | IncrementResponse;
+	/**
+	 * Method to decrement a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	decrement: (key: string) => Promise<void> | void;
+	/**
+	 * Method to reset a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 */
+	resetKey: (key: string) => Promise<void> | void;
+	/**
+	 * Method to reset everyone's hit counter.
+	 */
+	resetAll?: () => Promise<void> | void;
+	/**
+	 * Method to shutdown the store, stop timers, and release all resources.
+	 */
+	shutdown?: () => Promise<void> | void;
+};
+/**
+ * The configuration options for the rate limiter.
+ */
+export type Options = {
+	/**
+	 * How long we should remember the requests.
+	 *
+	 * Defaults to `60000` ms (= 1 minute).
+	 */
+	readonly windowMs: number;
+	/**
+	 * The maximum number of connections to allow during the `window` before
+	 * rate limiting the client.
+	 *
+	 * Can be the limit itself as a number or express middleware that parses
+	 * the request and then figures out the limit.
+	 *
+	 * Defaults to `5`.
+	 */
+	readonly max: number | ValueDeterminingMiddleware<number>;
+	/**
+	 * The response body to send back when a client is rate limited.
+	 *
+	 * Defaults to `'Too many requests, please try again later.'`
+	 */
+	readonly message: any | ValueDeterminingMiddleware<any>;
+	/**
+	 * The HTTP status code to send back when a client is rate limited.
+	 *
+	 * Defaults to `HTTP 429 Too Many Requests` (RFC 6585).
+	 */
+	readonly statusCode: number;
+	/**
+	 * Whether to send `X-RateLimit-*` headers with the rate limit and the number
+	 * of requests.
+	 *
+	 * Defaults to `true` (for backward compatibility).
+	 */
+	readonly legacyHeaders: boolean;
+	/**
+	 * Whether to enable support for the standardized rate limit headers (`RateLimit-*`).
+	 *
+	 * Defaults to `false` (for backward compatibility, but its use is recommended).
+	 */
+	readonly standardHeaders: boolean;
+	/**
+	 * The name of the property on the request object to store the rate limit info.
+	 *
+	 * Defaults to `rateLimit`.
+	 */
+	readonly requestPropertyName: string;
+	/**
+	 * If `true`, the library will (by default) skip all requests that have a 4XX
+	 * or 5XX status.
+	 *
+	 * Defaults to `false`.
+	 */
+	readonly skipFailedRequests: boolean;
+	/**
+	 * If `true`, the library will (by default) skip all requests that have a
+	 * status code less than 400.
+	 *
+	 * Defaults to `false`.
+	 */
+	readonly skipSuccessfulRequests: boolean;
+	/**
+	 * Method to generate custom identifiers for clients.
+	 *
+	 * By default, the client's IP address is used.
+	 */
+	readonly keyGenerator: ValueDeterminingMiddleware<string>;
+	/**
+	 * Express request handler that sends back a response when a client is
+	 * rate-limited.
+	 *
+	 * By default, sends back the `statusCode` and `message` set via the options.
+	 */
+	readonly handler: RateLimitExceededEventHandler;
+	/**
+	 * Express request handler that sends back a response when a client has
+	 * reached their rate limit, and will be rate limited on their next request.
+	 *
+	 * @deprecated 6.x - Please use a custom `handler` that checks the number of
+	 * hits instead.
+	 */
+	readonly onLimitReached: RateLimitReachedEventHandler;
+	/**
+	 * Method (in the form of middleware) to determine whether or not this request
+	 * counts towards a client's quota.
+	 *
+	 * By default, skips no requests.
+	 */
+	readonly skip: ValueDeterminingMiddleware<boolean>;
+	/**
+	 * Method to determine whether or not the request counts as 'succesful'. Used
+	 * when either `skipSuccessfulRequests` or `skipFailedRequests` is set to true.
+	 *
+	 * By default, requests with a response status code less than 400 are considered
+	 * successful.
+	 */
+	readonly requestWasSuccessful: ValueDeterminingMiddleware<boolean>;
+	/**
+	 * The `Store` to use to store the hit count for each client.
+	 *
+	 * By default, the built-in `MemoryStore` will be used.
+	 */
+	store: Store | LegacyStore;
+	/**
+	 * Whether to send `X-RateLimit-*` headers with the rate limit and the number
+	 * of requests.
+	 *
+	 * @deprecated 6.x - This option was renamed to `legacyHeaders`.
+	 */
+	headers?: boolean;
+	/**
+	 * Whether to send `RateLimit-*` headers with the rate limit and the number
+	 * of requests.
+	 *
+	 * @deprecated 6.x - This option was renamed to `standardHeaders`.
+	 */
+	draft_polli_ratelimit_headers?: boolean;
+};
+/**
+ * The extended request object that includes information about the client's
+ * rate limit.
+ */
+export type AugmentedRequest = Request & {
+	[key: string]: RateLimitInfo;
+};
+/**
+ * The rate limit related information for each client included in the
+ * Express request object.
+ */
+export type RateLimitInfo = {
+	readonly limit: number;
+	readonly current: number;
+	readonly remaining: number;
+	readonly resetTime: Date | undefined;
+};
+/**
+ *
+ * Create an instance of IP rate-limiting middleware for Express.
+ *
+ * @param passedOptions {Options} - Options to configure the rate limiter.
+ *
+ * @returns {RateLimitRequestHandler} - The middleware that rate-limits clients based on your configuration.
+ *
+ * @public
+ */
+export declare const rateLimit: (passedOptions?: Partial<Options>) => RateLimitRequestHandler;
+/**
+ * A `Store` that stores the hit count for each client in memory.
+ *
+ * @public
+ */
+export declare class MemoryStore implements Store {
+	/**
+	 * The duration of time before which all hit counts are reset (in milliseconds).
+	 */
+	windowMs: number;
+	/**
+	 * The map that stores the number of hits for each client in memory.
+	 */
+	hits: {
+		[key: string]: number | undefined;
+	};
+	/**
+	 * The time at which all hit counts will be reset.
+	 */
+	resetTime: Date;
+	/**
+	 * Reference to the active timer.
+	 */
+	interval?: NodeJS.Timer;
+	/**
+	 * Method that initializes the store.
+	 *
+	 * @param options {Options} - The options used to setup the middleware.
+	 */
+	init(options: Options): void;
+	/**
+	 * Method to increment a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 *
+	 * @returns {IncrementResponse} - The number of hits and reset time for that client.
+	 *
+	 * @public
+	 */
+	increment(key: string): Promise<IncrementResponse>;
+	/**
+	 * Method to decrement a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 *
+	 * @public
+	 */
+	decrement(key: string): Promise<void>;
+	/**
+	 * Method to reset a client's hit counter.
+	 *
+	 * @param key {string} - The identifier for a client.
+	 *
+	 * @public
+	 */
+	resetKey(key: string): Promise<void>;
+	/**
+	 * Method to reset everyone's hit counter.
+	 *
+	 * @public
+	 */
+	resetAll(): Promise<void>;
+	/**
+	 * Method to stop the timer (if currently running) and prevent any memory
+	 * leaks.
+	 *
+	 * @public
+	 */
+	shutdown(): void;
+}
+
+export {
+	rateLimit as default,
+};
+
+export {};

package/dist/index.d.ts

@@ -9,7 +9,7 @@ import { NextFunction, Request, RequestHandler, Response } from 'express';
  * @param totalHits {number} - The number of hits for that client so far.
  * @param resetTime {Date | undefined} - The time when the counter resets.
  */
-export declare type IncrementCallback = (error: Error | undefined, totalHits: number, resetTime: Date | undefined) => void;
+export type IncrementCallback = (error: Error | undefined, totalHits: number, resetTime: Date | undefined) => void;
 /**
  * Method (in the form of middleware) to generate/retrieve a value based on the
  * incoming request.
@@ -19,7 +19,7 @@ export declare type IncrementCallback = (error: Error | undefined, totalHits: nu
  *
  * @returns {T} - The value needed.
  */
-export declare type ValueDeterminingMiddleware<T> = (request: Request, response: Response) => T | Promise<T>;
+export type ValueDeterminingMiddleware<T> = (request: Request, response: Response) => T | Promise<T>;
 /**
  * Express request handler that sends back a response when a client is
  * rate-limited.
@@ -29,7 +29,7 @@ export declare type ValueDeterminingMiddleware<T> = (request: Request, response:
  * @param next {NextFunction} - The Express `next` function, can be called to skip responding.
  * @param optionsUsed {Options} - The options used to set up the middleware.
  */
-export declare type RateLimitExceededEventHandler = (request: Request, response: Response, next: NextFunction, optionsUsed: Options) => void;
+export type RateLimitExceededEventHandler = (request: Request, response: Response, next: NextFunction, optionsUsed: Options) => void;
 /**
  * Event callback that is triggered on a client's first request that exceeds the limit
  * but not for subsequent requests. May be used for logging, etc. Should *not*
@@ -39,21 +39,21 @@ export declare type RateLimitExceededEventHandler = (request: Request, response:
  * @param response {Response} - The Express response object.
  * @param optionsUsed {Options} - The options used to set up the middleware.
  */
-export declare type RateLimitReachedEventHandler = (request: Request, response: Response, optionsUsed: Options) => void;
+export type RateLimitReachedEventHandler = (request: Request, response: Response, optionsUsed: Options) => void;
 /**
  * Data returned from the `Store` when a client's hit counter is incremented.
  *
  * @property totalHits {number} - The number of hits for that client so far.
  * @property resetTime {Date | undefined} - The time when the counter resets.
  */
-export declare type IncrementResponse = {
+export type IncrementResponse = {
 	totalHits: number;
 	resetTime: Date | undefined;
 };
 /**
  * A modified Express request handler with the rate limit functions.
  */
-export declare type RateLimitRequestHandler = RequestHandler & {
+export type RateLimitRequestHandler = RequestHandler & {
 	/**
 	 * Method to reset a client's hit counter.
 	 *
@@ -66,7 +66,7 @@ export declare type RateLimitRequestHandler = RequestHandler & {
  *
  * @deprecated 6.x - Implement the `Store` interface instead.
  */
-export declare type LegacyStore = {
+export type LegacyStore = {
 	/**
 	 * Method to increment a client's hit counter.
 	 *
@@ -94,7 +94,7 @@ export declare type LegacyStore = {
 /**
  * An interface that all hit counter stores must implement.
  */
-export declare type Store = {
+export type Store = {
 	/**
 	 * Method that initializes the store, and has access to the options passed to
 	 * the middleware too.
@@ -134,7 +134,7 @@ export declare type Store = {
 /**
  * The configuration options for the rate limiter.
  */
-export declare type Options = {
+export type Options = {
 	/**
 	 * How long we should remember the requests.
 	 *
@@ -257,14 +257,14 @@ export declare type Options = {
  * The extended request object that includes information about the client's
  * rate limit.
  */
-export declare type AugmentedRequest = Request & {
+export type AugmentedRequest = Request & {
 	[key: string]: RateLimitInfo;
 };
 /**
  * The rate limit related information for each client included in the
  * Express request object.
  */
-export declare type RateLimitInfo = {
+export type RateLimitInfo = {
 	readonly limit: number;
 	readonly current: number;
 	readonly remaining: number;

package/dist/index.mjs

@@ -1,10 +1,40 @@
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => {
+  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+  return value;
+};
+
 // source/memory-store.ts
 var calculateNextResetTime = (windowMs) => {
-  const resetTime = new Date();
+  const resetTime = /* @__PURE__ */ new Date();
   resetTime.setMilliseconds(resetTime.getMilliseconds() + windowMs);
   return resetTime;
 };
 var MemoryStore = class {
+  constructor() {
+    /**
+     * The duration of time before which all hit counts are reset (in milliseconds).
+     */
+    __publicField(this, "windowMs");
+    /**
+     * The map that stores the number of hits for each client in memory.
+     */
+    __publicField(this, "hits");
+    /**
+     * The time at which all hit counts will be reset.
+     */
+    __publicField(this, "resetTime");
+    /**
+     * Reference to the active timer.
+     */
+    __publicField(this, "interval");
+  }
+  /**
+   * Method that initializes the store.
+   *
+   * @param options {Options} - The options used to setup the middleware.
+   */
   init(options) {
     this.windowMs = options.windowMs;
     this.resetTime = calculateNextResetTime(this.windowMs);
@@ -15,6 +45,15 @@ var MemoryStore = class {
     if (this.interval.unref)
       this.interval.unref();
   }
+  /**
+   * Method to increment a client's hit counter.
+   *
+   * @param key {string} - The identifier for a client.
+   *
+   * @returns {IncrementResponse} - The number of hits and reset time for that client.
+   *
+   * @public
+   */
   async increment(key) {
     var _a;
     const totalHits = ((_a = this.hits[key]) != null ? _a : 0) + 1;
@@ -24,25 +63,54 @@ var MemoryStore = class {
       resetTime: this.resetTime
     };
   }
+  /**
+   * Method to decrement a client's hit counter.
+   *
+   * @param key {string} - The identifier for a client.
+   *
+   * @public
+   */
   async decrement(key) {
     const current = this.hits[key];
     if (current)
       this.hits[key] = current - 1;
   }
+  /**
+   * Method to reset a client's hit counter.
+   *
+   * @param key {string} - The identifier for a client.
+   *
+   * @public
+   */
   async resetKey(key) {
     delete this.hits[key];
   }
+  /**
+   * Method to reset everyone's hit counter.
+   *
+   * @public
+   */
   async resetAll() {
     this.hits = {};
     this.resetTime = calculateNextResetTime(this.windowMs);
   }
+  /**
+   * Method to stop the timer (if currently running) and prevent any memory
+   * leaks.
+   *
+   * @public
+   */
   shutdown() {
     clearInterval(this.interval);
   }
 };
 
 // source/lib.ts
-var isLegacyStore = (store) => typeof store.incr === "function" && typeof store.increment !== "function";
+var isLegacyStore = (store) => (
+  // Check that `incr` exists but `increment` does not - store authors might want
+  // to keep both around for backwards compatibility.
+  typeof store.incr === "function" && typeof store.increment !== "function"
+);
 var promisifyStore = (passedStore) => {
   if (!isLegacyStore(passedStore)) {
     return passedStore;
@@ -109,10 +177,13 @@ var parseOptions = (passedOptions) => {
     },
     onLimitReached(_request, _response, _optionsUsed) {
     },
+    // Allow the options object to be overriden by the options passed to the middleware.
     ...notUndefinedOptions,
+    // Note that this field is declared after the user's options are spread in,
+    // so that this field doesn't get overriden with an un-promisified store!
     store: promisifyStore((_c = notUndefinedOptions.store) != null ? _c : new MemoryStore())
   };
-  if (typeof config.store.increment !== "function" || typeof config.store.decrement !== "function" || typeof config.store.resetKey !== "function" || typeof config.store.resetAll !== "undefined" && typeof config.store.resetAll !== "function" || typeof config.store.init !== "undefined" && typeof config.store.init !== "function") {
+  if (typeof config.store.increment !== "function" || typeof config.store.decrement !== "function" || typeof config.store.resetKey !== "function" || config.store.resetAll !== void 0 && typeof config.store.resetAll !== "function" || config.store.init !== void 0 && typeof config.store.init !== "function") {
     throw new TypeError(
       "An invalid store was passed. Please ensure that the store is a class that implements the `Store` interface."
     );
@@ -155,7 +226,7 @@ var rateLimit = (passedOptions) => {
           augmentedRequest[options.requestPropertyName].remaining
         );
         if (resetTime instanceof Date) {
-          response.setHeader("Date", new Date().toUTCString());
+          response.setHeader("Date", (/* @__PURE__ */ new Date()).toUTCString());
           response.setHeader(
             "X-RateLimit-Reset",
             Math.ceil(resetTime.getTime() / 1e3)

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "express-rate-limit",
-	"version": "6.7.0",
+	"version": "6.7.2",
 	"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
 	"author": {
 		"name": "Nathan Friedly",
@@ -30,9 +30,14 @@
 	"type": "module",
 	"exports": {
 		".": {
-			"types": "./dist/index.d.ts",
-			"import": "./dist/index.mjs",
-			"require": "./dist/index.cjs"
+			"import": {
+				"types": "./dist/index.d.mts",
+				"default": "./dist/index.mjs"
+			},
+			"require": {
+				"types": "./dist/index.d.cts",
+				"default": "./dist/index.cjs"
+			}
 		}
 	},
 	"main": "./dist/index.cjs",
@@ -47,19 +52,19 @@
 		"changelog.md"
 	],
 	"engines": {
-		"node": ">= 12.9.0"
+		"node": ">= 14.0.0"
 	},
 	"scripts": {
 		"clean": "del-cli dist/ coverage/ *.log *.tmp *.bak *.tgz",
 		"build:cjs": "esbuild --bundle --target=es2019 --format=cjs --outfile=dist/index.cjs --footer:js=\"module.exports = rateLimit; module.exports.default = rateLimit; module.exports.rateLimit = rateLimit; module.exports.MemoryStore = MemoryStore;\" source/index.ts",
 		"build:esm": "esbuild --bundle --target=es2019 --format=esm --outfile=dist/index.mjs source/index.ts",
-		"build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts",
+		"build:types": "dts-bundle-generator --out-file=dist/index.d.ts source/index.ts && cp dist/index.d.ts dist/index.d.cts && cp dist/index.d.ts dist/index.d.mts",
 		"compile": "run-s clean build:*",
 		"lint:code": "xo --ignore test/external/",
 		"lint:rest": "prettier --ignore-path .gitignore --ignore-unknown --check .",
 		"lint": "run-s lint:*",
-		"autofix:code": "xo --ignore test/external/ --fix",
-		"autofix:rest": "prettier --ignore-path .gitignore --ignore-unknown --write .",
+		"autofix:code": "run-s lint:code --fix",
+		"autofix:rest": "run-s lint:rest --write .",
 		"autofix": "run-s autofix:*",
 		"test:lib": "cross-env NODE_OPTIONS=--experimental-vm-modules jest",
 		"test:ext": "cd test/external/ && bash run-all-tests",
@@ -71,25 +76,25 @@
 		"express": "^4 || ^5"
 	},
 	"devDependencies": {
-		"@jest/globals": "29.3.1",
-		"@types/express": "4.17.14",
-		"@types/jest": "29.2.3",
-		"@types/node": "18.11.9",
+		"@jest/globals": "29.6.1",
+		"@types/express": "4.17.17",
+		"@types/jest": "29.5.2",
+		"@types/node": "20.4.0",
 		"@types/supertest": "2.0.12",
 		"cross-env": "7.0.3",
 		"del-cli": "5.0.0",
 		"dts-bundle-generator": "7.0.0",
-		"esbuild": "0.15.14",
+		"esbuild": "0.18.11",
 		"express": "4.18.2",
-		"husky": "8.0.2",
-		"jest": "29.3.1",
-		"lint-staged": "13.0.3",
+		"husky": "8.0.3",
+		"jest": "29.6.1",
+		"lint-staged": "13.2.3",
 		"npm-run-all": "4.1.5",
-		"supertest": "6.3.1",
-		"ts-jest": "29.0.3",
+		"supertest": "6.3.3",
+		"ts-jest": "29.1.1",
 		"ts-node": "10.9.1",
-		"typescript": "4.8.4",
-		"xo": "0.49.0"
+		"typescript": "4.9.5",
+		"xo": "0.54.2"
 	},
 	"xo": {
 		"prettier": true,

package/readme.md

@@ -355,7 +355,8 @@ Defaults to `false`.
 
 > `function`
 
-Method to generate custom identifiers for clients.
+Method to retrieve custom identifiers for clients, such as their IP address,
+username, or API Key.
 
 Should be a (sync/async) function that accepts the Express `request` and
 `response` objects and then returns a string.
@@ -369,6 +370,10 @@ const limiter = rateLimit({
 })
 ```
 
+> **Note** If a `keyGenerator` returns the same value for every user, it becomes
+> a global rate limiter. This could be combined with a second instance of
+> `express-rate-limit` to have both global and per-user limits.
+
 ### `handler`
 
 > `function`