express-rate-limit 7.3.1 → 7.4.1

package/dist/index.cjs

@@ -627,6 +627,7 @@ var parseOptions = (passedOptions) => {
         response.send(message);
       }
     },
+    passOnStoreError: false,
     // Allow the default options to be overriden by the options passed to the middleware.
     ...notUndefinedOptions,
     // `standardHeaders` is resolved into a draft version above, use that.
@@ -667,7 +668,23 @@ var rateLimit = (passedOptions) => {
       }
       const augmentedRequest = request;
       const key = await config.keyGenerator(request, response);
-      const { totalHits, resetTime } = await config.store.increment(key);
+      let totalHits = 0;
+      let resetTime;
+      try {
+        const incrementResult = await config.store.increment(key);
+        totalHits = incrementResult.totalHits;
+        resetTime = incrementResult.resetTime;
+      } catch (error) {
+        if (config.passOnStoreError) {
+          console.error(
+            "express-rate-limit: error from store, allowing request without rate-limiting.",
+            error
+          );
+          next();
+          return;
+        }
+        throw error;
+      }
       config.validations.positiveHits(totalHits);
       config.validations.singleCount(request, config.store, key);
       const retrieveLimit = typeof config.limit === "function" ? config.limit(request, response) : config.limit;

package/dist/index.d.cts

@@ -402,6 +402,10 @@ export type Options = {
 	 * be removed from the library in the foreseeable future.
 	 */
 	max?: number | ValueDeterminingMiddleware<number>;
+	/**
+	 * If the Store generates an error, allow the request to pass.
+	 */
+	passOnStoreError: boolean;
 };
 /**
  * The extended request object that includes information about the client's

package/dist/index.d.mts

@@ -402,6 +402,10 @@ export type Options = {
 	 * be removed from the library in the foreseeable future.
 	 */
 	max?: number | ValueDeterminingMiddleware<number>;
+	/**
+	 * If the Store generates an error, allow the request to pass.
+	 */
+	passOnStoreError: boolean;
 };
 /**
  * The extended request object that includes information about the client's

package/dist/index.d.ts

@@ -402,6 +402,10 @@ export type Options = {
 	 * be removed from the library in the foreseeable future.
 	 */
 	max?: number | ValueDeterminingMiddleware<number>;
+	/**
+	 * If the Store generates an error, allow the request to pass.
+	 */
+	passOnStoreError: boolean;
 };
 /**
  * The extended request object that includes information about the client's

package/dist/index.mjs

@@ -599,6 +599,7 @@ var parseOptions = (passedOptions) => {
         response.send(message);
       }
     },
+    passOnStoreError: false,
     // Allow the default options to be overriden by the options passed to the middleware.
     ...notUndefinedOptions,
     // `standardHeaders` is resolved into a draft version above, use that.
@@ -639,7 +640,23 @@ var rateLimit = (passedOptions) => {
       }
       const augmentedRequest = request;
       const key = await config.keyGenerator(request, response);
-      const { totalHits, resetTime } = await config.store.increment(key);
+      let totalHits = 0;
+      let resetTime;
+      try {
+        const incrementResult = await config.store.increment(key);
+        totalHits = incrementResult.totalHits;
+        resetTime = incrementResult.resetTime;
+      } catch (error) {
+        if (config.passOnStoreError) {
+          console.error(
+            "express-rate-limit: error from store, allowing request without rate-limiting.",
+            error
+          );
+          next();
+          return;
+        }
+        throw error;
+      }
       config.validations.positiveHits(totalHits);
       config.validations.singleCount(request, config.store, key);
       const retrieveLimit = typeof config.limit === "function" ? config.limit(request, response) : config.limit;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "express-rate-limit",
-	"version": "7.3.1",
+	"version": "7.4.1",
 	"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
 	"author": {
 		"name": "Nathan Friedly",
@@ -87,7 +87,7 @@
 		"del-cli": "5.1.0",
 		"dts-bundle-generator": "8.0.1",
 		"esbuild": "0.19.5",
-		"express": "4.19.2",
+		"express": "4.21.0",
 		"husky": "8.0.3",
 		"jest": "29.7.0",
 		"lint-staged": "15.0.2",

package/readme.md

@@ -55,6 +55,7 @@ default values.
 | [`legacyHeaders`]          | `boolean`                        | Enable the `X-Rate-Limit` header.                                                               |
 | [`standardHeaders`]        | `'draft-6'` \| `'draft-7'`       | Enable the `Ratelimit` header.                                                                  |
 | [`store`]                  | `Store`                          | Use a custom store to share hit counts across multiple nodes.                                   |
+| [`passOnStoreError`]       | `boolean`                        | Allow (`true`) or block (`false`, default) traffic if the store becomes unavailable.            |
 | [`keyGenerator`]           | `function`                       | Identify users (defaults to IP address).                                                        |
 | [`requestPropertyName`]    | `string`                         | Add rate limit info to the `req` object.                                                        |
 | [`skip`]                   | `function`                       | Return `true` to bypass the limiter for the given request.                                      |
@@ -126,6 +127,8 @@ MIT © [Nathan Friedly](http://nfriedly.com/),
 [`standardHeaders`]:
 	https://express-rate-limit.mintlify.app/reference/configuration#standardheaders
 [`store`]: https://express-rate-limit.mintlify.app/reference/configuration#store
+[`passOnStoreError`]:
+	https://express-rate-limit.mintlify.app/reference/configuration#passOnStoreError
 [`keyGenerator`]:
 	https://express-rate-limit.mintlify.app/reference/configuration#keygenerator
 [`requestPropertyName`]: