express-rate-limit 7.0.1 → 7.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/changelog.md +15 -0
- package/dist/index.cjs +4 -7
- package/dist/index.d.cts +1 -1
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.mjs +4 -7
- package/package.json +1 -2
- package/readme.md +25 -16
package/changelog.md
CHANGED
|
@@ -6,6 +6,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
|
6
6
|
and this project adheres to
|
|
7
7
|
[Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
8
8
|
|
|
9
|
+
## [7.1.0](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v7.1.0)
|
|
10
|
+
|
|
11
|
+
### Changed
|
|
12
|
+
|
|
13
|
+
- The `getKey` method is now always defined. If the store does not have the
|
|
14
|
+
required `get` method, `getKey` will throw an error explaining this.
|
|
15
|
+
|
|
16
|
+
## [7.0.2](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v7.0.2)
|
|
17
|
+
|
|
18
|
+
### Added
|
|
19
|
+
|
|
20
|
+
- Added `cluster-memory-store` to the readme and made a couple of other minor
|
|
21
|
+
clarifications.
|
|
22
|
+
|
|
9
23
|
## [7.0.1](https://github.com/express-rate-limit/express-rate-limit/releases/tag/v7.0.1)
|
|
10
24
|
|
|
11
25
|
### Added
|
|
@@ -362,6 +376,7 @@ Note: 6.5.0 was not released due to CI automation issues.
|
|
|
362
376
|
|
|
363
377
|
### Added
|
|
364
378
|
|
|
379
|
+
- Support external stores (from version 2.3.0) onwards.
|
|
365
380
|
- A `limiter.resetKey()` method to reset the hit counter for a particular client
|
|
366
381
|
|
|
367
382
|
### Changes
|
package/dist/index.cjs
CHANGED
|
@@ -506,10 +506,6 @@ var promisifyStore = (passedStore) => {
|
|
|
506
506
|
}
|
|
507
507
|
const legacyStore = passedStore;
|
|
508
508
|
class PromisifiedStore {
|
|
509
|
-
/* istanbul ignore next */
|
|
510
|
-
async get(key) {
|
|
511
|
-
return void 0;
|
|
512
|
-
}
|
|
513
509
|
async increment(key) {
|
|
514
510
|
return new Promise((resolve, reject) => {
|
|
515
511
|
legacyStore.incr(
|
|
@@ -699,10 +695,11 @@ var rateLimit = (passedOptions) => {
|
|
|
699
695
|
next();
|
|
700
696
|
}
|
|
701
697
|
);
|
|
698
|
+
const getThrowFn = () => {
|
|
699
|
+
throw new Error("The current store does not support the get/getKey method");
|
|
700
|
+
};
|
|
702
701
|
middleware.resetKey = config.store.resetKey.bind(config.store);
|
|
703
|
-
middleware.getKey = config.store.get
|
|
704
|
-
config.store
|
|
705
|
-
);
|
|
702
|
+
middleware.getKey = typeof config.store.get === "function" ? config.store.get.bind(config.store) : getThrowFn;
|
|
706
703
|
return middleware;
|
|
707
704
|
};
|
|
708
705
|
var lib_default = rateLimit;
|
package/dist/index.d.cts
CHANGED
|
@@ -165,7 +165,7 @@ export type RateLimitRequestHandler = RequestHandler & {
|
|
|
165
165
|
*
|
|
166
166
|
* @returns {ClientRateLimitInfo} - The number of hits and reset time for that client.
|
|
167
167
|
*/
|
|
168
|
-
getKey
|
|
168
|
+
getKey: (key: string) => Promise<ClientRateLimitInfo | undefined> | ClientRateLimitInfo | undefined;
|
|
169
169
|
};
|
|
170
170
|
/**
|
|
171
171
|
* An interface that all hit counter stores must implement.
|
package/dist/index.d.mts
CHANGED
|
@@ -165,7 +165,7 @@ export type RateLimitRequestHandler = RequestHandler & {
|
|
|
165
165
|
*
|
|
166
166
|
* @returns {ClientRateLimitInfo} - The number of hits and reset time for that client.
|
|
167
167
|
*/
|
|
168
|
-
getKey
|
|
168
|
+
getKey: (key: string) => Promise<ClientRateLimitInfo | undefined> | ClientRateLimitInfo | undefined;
|
|
169
169
|
};
|
|
170
170
|
/**
|
|
171
171
|
* An interface that all hit counter stores must implement.
|
package/dist/index.d.ts
CHANGED
|
@@ -165,7 +165,7 @@ export type RateLimitRequestHandler = RequestHandler & {
|
|
|
165
165
|
*
|
|
166
166
|
* @returns {ClientRateLimitInfo} - The number of hits and reset time for that client.
|
|
167
167
|
*/
|
|
168
|
-
getKey
|
|
168
|
+
getKey: (key: string) => Promise<ClientRateLimitInfo | undefined> | ClientRateLimitInfo | undefined;
|
|
169
169
|
};
|
|
170
170
|
/**
|
|
171
171
|
* An interface that all hit counter stores must implement.
|
package/dist/index.mjs
CHANGED
|
@@ -478,10 +478,6 @@ var promisifyStore = (passedStore) => {
|
|
|
478
478
|
}
|
|
479
479
|
const legacyStore = passedStore;
|
|
480
480
|
class PromisifiedStore {
|
|
481
|
-
/* istanbul ignore next */
|
|
482
|
-
async get(key) {
|
|
483
|
-
return void 0;
|
|
484
|
-
}
|
|
485
481
|
async increment(key) {
|
|
486
482
|
return new Promise((resolve, reject) => {
|
|
487
483
|
legacyStore.incr(
|
|
@@ -671,10 +667,11 @@ var rateLimit = (passedOptions) => {
|
|
|
671
667
|
next();
|
|
672
668
|
}
|
|
673
669
|
);
|
|
670
|
+
const getThrowFn = () => {
|
|
671
|
+
throw new Error("The current store does not support the get/getKey method");
|
|
672
|
+
};
|
|
674
673
|
middleware.resetKey = config.store.resetKey.bind(config.store);
|
|
675
|
-
middleware.getKey = config.store.get
|
|
676
|
-
config.store
|
|
677
|
-
);
|
|
674
|
+
middleware.getKey = typeof config.store.get === "function" ? config.store.get.bind(config.store) : getThrowFn;
|
|
678
675
|
return middleware;
|
|
679
676
|
};
|
|
680
677
|
var lib_default = rateLimit;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "express-rate-limit",
|
|
3
|
-
"version": "7.0
|
|
3
|
+
"version": "7.1.0",
|
|
4
4
|
"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Nathan Friedly",
|
|
@@ -83,7 +83,6 @@
|
|
|
83
83
|
"@types/jest": "29.5.4",
|
|
84
84
|
"@types/node": "20.5.9",
|
|
85
85
|
"@types/supertest": "2.0.12",
|
|
86
|
-
"cross-env": "7.0.3",
|
|
87
86
|
"del-cli": "5.1.0",
|
|
88
87
|
"dts-bundle-generator": "8.0.1",
|
|
89
88
|
"esbuild": "0.19.2",
|
package/readme.md
CHANGED
|
@@ -34,14 +34,18 @@ The default `MemoryStore` is probably fine.
|
|
|
34
34
|
|
|
35
35
|
### API Rate Limit Enforcement
|
|
36
36
|
|
|
37
|
-
|
|
38
|
-
multiple servers or processes
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
[
|
|
43
|
-
|
|
44
|
-
|
|
37
|
+
The default `MemoryStore` stores the hit counts for clients in memory, and is
|
|
38
|
+
thus unsuitable for use when running multiple servers or processes.
|
|
39
|
+
|
|
40
|
+
If you have multiple processes on a single server (via the
|
|
41
|
+
[node:cluster](https://nodejs.org/api/cluster.html) module), the
|
|
42
|
+
[`cluster-memory-store`](https://npmjs.com/package/@express-rate-limit/cluster-memory-store)
|
|
43
|
+
will keep them all in sync without needing an external data store.
|
|
44
|
+
|
|
45
|
+
If you have multiple servers, or want to maintain state across app restarts, use
|
|
46
|
+
an external data store such as
|
|
47
|
+
[redis](https://npmjs.com/package/rate-limit-redis),
|
|
48
|
+
[memcached](https://npmjs.org/package/rate-limit-memcached), [etc.](#store).
|
|
45
49
|
|
|
46
50
|
### Alternate Rate Limiters
|
|
47
51
|
|
|
@@ -513,14 +517,15 @@ By default, the [`memory-store`](source/memory-store.ts) is used.
|
|
|
513
517
|
|
|
514
518
|
Here is a list of external stores:
|
|
515
519
|
|
|
516
|
-
| Name
|
|
517
|
-
|
|
|
518
|
-
| [`memory-store`](source/memory-store.ts)
|
|
519
|
-
| [`
|
|
520
|
-
| [`rate-limit-
|
|
521
|
-
| [`rate-limit-
|
|
522
|
-
| [`
|
|
523
|
-
| [`rate-limit
|
|
520
|
+
| Name | Description | Legacy/Modern |
|
|
521
|
+
| -------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
|
|
522
|
+
| [`memory-store`](source/memory-store.ts) | _(default)_ Simple in-memory option. Does not share state when app has multiple processes or servers. | Modern as of v6.0.0 |
|
|
523
|
+
| [`cluster-memory-store`](https://npmjs.com/package/@express-rate-limit/cluster-memory-store) | A memory-store wrapper that shares state across all processes on a server via the [node:cluster](https://nodejs.org/api/cluster.html) module. | Modern |
|
|
524
|
+
| [`rate-limit-redis`](https://npmjs.com/package/rate-limit-redis) | A [Redis](http://redis.io/)-backed store, more suitable for large or demanding deployments. | Modern as of v3.0.0 |
|
|
525
|
+
| [`rate-limit-memcached`](https://npmjs.org/package/rate-limit-memcached) | A [Memcached](https://memcached.org/)-backed store. | Modern as of v1.0.0 |
|
|
526
|
+
| [`rate-limit-mongo`](https://www.npmjs.com/package/rate-limit-mongo) | A [MongoDB](https://www.mongodb.com/)-backed store. | Legacy |
|
|
527
|
+
| [`precise-memory-rate-limit`](https://www.npmjs.com/package/precise-memory-rate-limit) | A memory store similar to the built-in one, except that it stores a distinct timestamp for each key. | Modern as of v2.0.0 |
|
|
528
|
+
| [`rate-limit-postgresql`](https://www.npmjs.com/package/@acpr/rate-limit-postgresql) | A [PostgreSQL](https://www.postgresql.org/)-backed store. | Modern as of v1.1.0 |
|
|
524
529
|
|
|
525
530
|
Take a look at
|
|
526
531
|
[this guide](https://github.com/express-rate-limit/express-rate-limit/wiki/Creating-Your-Own-Store)
|
|
@@ -549,6 +554,10 @@ to complete a captcha to reset their rate limit, then call this function.
|
|
|
549
554
|
|
|
550
555
|
Retrieves the hit count and reset time from the store for a given key.
|
|
551
556
|
|
|
557
|
+
Note: `getKey` depends on store support. It works with the MemoryStore, but may
|
|
558
|
+
not work with other stores. Calling it will throw an error if the store does not
|
|
559
|
+
have a `get` method.
|
|
560
|
+
|
|
552
561
|
## Issues and Contributing
|
|
553
562
|
|
|
554
563
|
If you encounter a bug or want to see something added/changed, please go ahead
|