express-rate-limit 7.1.5 → 7.2.0

package/dist/index.cjs

@@ -296,6 +296,20 @@ var validations = {
         );
       }
     }
+  },
+  /**
+   * Checks to see if the instance was created inside of a request handler, which would prevent it from working correctly.
+   */
+  creationStack() {
+    const { stack } = new Error(
+      "express-rate-limit validation check (set options.validate.creationStack=false to disable)"
+    );
+    if (stack?.includes("Layer.handle [as handle_request]")) {
+      throw new ValidationError(
+        "ERR_ERL_CREATED_IN_REQUEST_HANDLER",
+        `express-rate-limit instance should be created at app initialization, not when responding to a request.`
+      );
+    }
   }
 };
 var getValidations = (_enabled) => {
@@ -616,6 +630,7 @@ var handleAsyncErrors = (fn) => async (request, response, next) => {
 var rateLimit = (passedOptions) => {
   const config = parseOptions(passedOptions ?? {});
   const options = getOptionsFromConfig(config);
+  config.validations.creationStack();
   if (typeof config.store.init === "function")
     config.store.init(options);
   const middleware = handleAsyncErrors(

package/dist/index.d.cts

@@ -97,6 +97,10 @@ declare const validations: {
 	 * If any unrecognized values are found, an error is logged that includes the list of supported vaidations.
 	 */
 	validationsConfig(): void;
+	/**
+	 * Checks to see if the instance was created inside of a request handler, which would prevent it from working correctly.
+	 */
+	creationStack(): void;
 };
 export type Validations = typeof validations;
 /**

package/dist/index.d.mts

@@ -97,6 +97,10 @@ declare const validations: {
 	 * If any unrecognized values are found, an error is logged that includes the list of supported vaidations.
 	 */
 	validationsConfig(): void;
+	/**
+	 * Checks to see if the instance was created inside of a request handler, which would prevent it from working correctly.
+	 */
+	creationStack(): void;
 };
 export type Validations = typeof validations;
 /**

package/dist/index.d.ts

@@ -97,6 +97,10 @@ declare const validations: {
 	 * If any unrecognized values are found, an error is logged that includes the list of supported vaidations.
 	 */
 	validationsConfig(): void;
+	/**
+	 * Checks to see if the instance was created inside of a request handler, which would prevent it from working correctly.
+	 */
+	creationStack(): void;
 };
 export type Validations = typeof validations;
 /**

package/dist/index.mjs

@@ -268,6 +268,20 @@ var validations = {
         );
       }
     }
+  },
+  /**
+   * Checks to see if the instance was created inside of a request handler, which would prevent it from working correctly.
+   */
+  creationStack() {
+    const { stack } = new Error(
+      "express-rate-limit validation check (set options.validate.creationStack=false to disable)"
+    );
+    if (stack?.includes("Layer.handle [as handle_request]")) {
+      throw new ValidationError(
+        "ERR_ERL_CREATED_IN_REQUEST_HANDLER",
+        `express-rate-limit instance should be created at app initialization, not when responding to a request.`
+      );
+    }
   }
 };
 var getValidations = (_enabled) => {
@@ -588,6 +602,7 @@ var handleAsyncErrors = (fn) => async (request, response, next) => {
 var rateLimit = (passedOptions) => {
   const config = parseOptions(passedOptions ?? {});
   const options = getOptionsFromConfig(config);
+  config.validations.creationStack();
   if (typeof config.store.init === "function")
     config.store.init(options);
   const middleware = handleAsyncErrors(

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "express-rate-limit",
-	"version": "7.1.5",
+	"version": "7.2.0",
 	"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
 	"author": {
 		"name": "Nathan Friedly",

package/readme.md

@@ -9,16 +9,6 @@
 
 </div>
 
----
-
-Sponsored by [Zuplo](https://zuplo.link/express-rate-limit) a fully-managed API
-Gateway for developers. Add
-[dynamic rate-limiting](https://zuplo.link/dynamic-rate-limiting),
-authentication and more to any API in minutes. Learn more at
-[zuplo.com](https://zuplo.link/express-rate-limit)
-
----
-
 Basic rate-limiting middleware for [Express](http://expressjs.com/). Use to
 limit repeated requests to public APIs and/or endpoints such as password reset.
 Plays nice with
@@ -38,13 +28,49 @@ const limiter = rateLimit({
 	limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
 	standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
 	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
-	// store: ... , // Use an external store for consistency across multiple server instances.
+	// store: ... , // Redis, Memcached, etc. See below.
 })
 
 // Apply the rate limiting middleware to all requests.
 app.use(limiter)
 ```
 
+### Data Stores
+
+The rate limiter comes with a built-in memory store, and supports a variety of
+[external data stores](https://express-rate-limit.mintlify.app/reference/stores).
+
+### Configuration
+
+All function options may be async. Click the name for additional info and
+default values.
+
+| Option                                                                                                             | Type                             | Remarks                                                                                         |
+| ------------------------------------------------------------------------------------------------------------------ | -------------------------------- | ----------------------------------------------------------------------------------------------- |
+| [`windowMs`](https://express-rate-limit.mintlify.app/reference/configuration#windowms)                             | `number`                         | How long to remember requests for, in milliseconds.                                             |
+| [`limit`](https://express-rate-limit.mintlify.app/reference/configuration#limit)                                   | `number` \| `function`           | How many requests to allow.                                                                     |
+| [`message`](https://express-rate-limit.mintlify.app/reference/configuration#message)                               | `string` \| `json` \| `function` | Response to return after limit is reached.                                                      |
+| [`statusCode`](https://express-rate-limit.mintlify.app/reference/configuration#statuscode)                         | `number`                         | HTTP status code after limit is reached (default is 429).                                       |
+| [`legacyHeaders`](https://express-rate-limit.mintlify.app/reference/configuration#legacyheaders)                   | `boolean`                        | Enable the `X-Rate-Limit` header.                                                               |
+| [`standardHeaders`](https://express-rate-limit.mintlify.app/reference/configuration#standardheaders)               | `'draft-6'` \| `'draft-7'`       | Enable the `Ratelimit` header.                                                                  |
+| [`requestPropertyName`](https://express-rate-limit.mintlify.app/reference/configuration#requestpropertyname)       | `string`                         | Add rate limit info to the `req` object.                                                        |
+| [`skipFailedRequests`](https://express-rate-limit.mintlify.app/reference/configuration#skipfailedrequests)         | `boolean`                        | Uncount 4xx/5xx responses.                                                                      |
+| [`skipSuccessfulRequests`](https://express-rate-limit.mintlify.app/reference/configuration#skipsuccessfulrequests) | `boolean`                        | Uncount 1xx/2xx/3xx responses.                                                                  |
+| [`keyGenerator`](https://express-rate-limit.mintlify.app/reference/configuration#keygenerator)                     | `function`                       | Identify users (defaults to IP address).                                                        |
+| [`handler`](https://express-rate-limit.mintlify.app/reference/configuration#handler)                               | `function`                       | Function to run after limit is reached (overrides `message` and `statusCode` settings, if set). |
+| [`skip`](https://express-rate-limit.mintlify.app/reference/configuration#skip)                                     | `function`                       | Return `true` to bypass the limiter for the given request.                                      |
+| [`requestWasSuccessful`](https://express-rate-limit.mintlify.app/reference/configuration#requestwassuccessful)     | `function`                       | Used by `skipFailedRequests` and `skipSuccessfulRequests`.                                      |
+| [`validate`](https://express-rate-limit.mintlify.app/reference/configuration#validate)                             | `boolean` \| `object`            | Enable or disable built-in validation checks.                                                   |
+| [`store`](https://express-rate-limit.mintlify.app/reference/configuration#store)                                   | `Store`                          | Use a custom store to share hit counts across multiple nodes.                                   |
+
+## Thank You
+
+Sponsored by [Zuplo](https://zuplo.link/express-rate-limit) a fully-managed API
+Gateway for developers. Add
+[dynamic rate-limiting](https://zuplo.link/dynamic-rate-limiting),
+authentication and more to any API in minutes. Learn more at
+[zuplo.com](https://zuplo.link/express-rate-limit)
+
 ---
 
 Thanks to Mintlify for hosting the documentation at
@@ -58,6 +84,8 @@ Thanks to Mintlify for hosting the documentation at
 
 ---
 
+Finally, thank you to everyone who's contributed to this project in any way! 🫶
+
 ## Issues and Contributing
 
 If you encounter a bug or want to see something added/changed, please go ahead