express-rate-limit 7.4.1 → 7.5.1

package/dist/index.cjs

@@ -18,15 +18,22 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // source/index.ts
-var source_exports = {};
-__export(source_exports, {
+var index_exports = {};
+__export(index_exports, {
   MemoryStore: () => MemoryStore,
   default: () => lib_default,
   rateLimit: () => lib_default
 });
-module.exports = __toCommonJS(source_exports);
+module.exports = __toCommonJS(index_exports);
 
 // source/headers.ts
+var import_node_buffer = require("node:buffer");
+var import_node_crypto = require("node:crypto");
+var SUPPORTED_DRAFT_VERSIONS = [
+  "draft-6",
+  "draft-7",
+  "draft-8"
+];
 var getResetSeconds = (resetTime, windowMs) => {
   let resetSeconds = void 0;
   if (resetTime) {
@@ -37,9 +44,14 @@ var getResetSeconds = (resetTime, windowMs) => {
   }
   return resetSeconds;
 };
+var getPartitionKey = (key) => {
+  const hash = (0, import_node_crypto.createHash)("sha256");
+  hash.update(key);
+  const partitionKey = hash.digest("hex").slice(0, 12);
+  return import_node_buffer.Buffer.from(partitionKey).toString("base64");
+};
 var setLegacyHeaders = (response, info) => {
-  if (response.headersSent)
-    return;
+  if (response.headersSent) return;
   response.setHeader("X-RateLimit-Limit", info.limit.toString());
   response.setHeader("X-RateLimit-Remaining", info.remaining.toString());
   if (info.resetTime instanceof Date) {
@@ -51,8 +63,7 @@ var setLegacyHeaders = (response, info) => {
   }
 };
 var setDraft6Headers = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
+  if (response.headersSent) return;
   const windowSeconds = Math.ceil(windowMs / 1e3);
   const resetSeconds = getResetSeconds(info.resetTime);
   response.setHeader("RateLimit-Policy", `${info.limit};w=${windowSeconds}`);
@@ -62,8 +73,7 @@ var setDraft6Headers = (response, info, windowMs) => {
     response.setHeader("RateLimit-Reset", resetSeconds.toString());
 };
 var setDraft7Headers = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
+  if (response.headersSent) return;
   const windowSeconds = Math.ceil(windowMs / 1e3);
   const resetSeconds = getResetSeconds(info.resetTime, windowMs);
   response.setHeader("RateLimit-Policy", `${info.limit};w=${windowSeconds}`);
@@ -72,15 +82,24 @@ var setDraft7Headers = (response, info, windowMs) => {
     `limit=${info.limit}, remaining=${info.remaining}, reset=${resetSeconds}`
   );
 };
+var setDraft8Headers = (response, info, windowMs, name, key) => {
+  if (response.headersSent) return;
+  const windowSeconds = Math.ceil(windowMs / 1e3);
+  const resetSeconds = getResetSeconds(info.resetTime, windowMs);
+  const partitionKey = getPartitionKey(key);
+  const policy = `q=${info.limit}; w=${windowSeconds}; pk=:${partitionKey}:`;
+  const header = `r=${info.remaining}; t=${resetSeconds}`;
+  response.append("RateLimit-Policy", `"${name}"; ${policy}`);
+  response.append("RateLimit", `"${name}"; ${header}`);
+};
 var setRetryAfterHeader = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
+  if (response.headersSent) return;
   const resetSeconds = getResetSeconds(info.resetTime, windowMs);
   response.setHeader("Retry-After", resetSeconds.toString());
 };
 
 // source/validations.ts
-var import_node_net = require("net");
+var import_node_net = require("node:net");
 var ValidationError = class extends Error {
   /**
    * The code must be a string, in snake case and all capital, that starts with
@@ -108,8 +127,7 @@ var validations = {
   },
   // Should be EnabledValidations type, but that's a circular reference
   disable() {
-    for (const k of Object.keys(this.enabled))
-      this.enabled[k] = false;
+    for (const k of Object.keys(this.enabled)) this.enabled[k] = false;
   },
   /**
    * Checks whether the IP address is valid, and that it does not have a port
@@ -274,6 +292,23 @@ var validations = {
       );
     }
   },
+  /**
+   * Warns the user when an invalid/unsupported version of the draft spec is passed.
+   *
+   * @param version {any | undefined} - The version passed by the user.
+   *
+   * @returns {void}
+   */
+  headersDraftVersion(version) {
+    if (typeof version !== "string" || // @ts-expect-error This is fine. If version is not in the array, it will just return false.
+    !SUPPORTED_DRAFT_VERSIONS.includes(version)) {
+      const versionString = SUPPORTED_DRAFT_VERSIONS.join(", ");
+      throw new ValidationError(
+        "ERR_ERL_HEADERS_UNSUPPORTED_DRAFT_VERSION",
+        `standardHeaders: only the following versions of the IETF draft specification are supported: ${versionString}.`
+      );
+    }
+  },
   /**
    * Warns the user when the selected headers option requires a reset time but
    * the store does not provide one.
@@ -364,10 +399,8 @@ var getValidations = (_enabled) => {
             args
           );
         } catch (error) {
-          if (error instanceof ChangeWarning)
-            console.warn(error);
-          else
-            console.error(error);
+          if (error instanceof ChangeWarning) console.warn(error);
+          else console.error(error);
         }
       };
   }
@@ -402,13 +435,11 @@ var MemoryStore = class {
    */
   init(options) {
     this.windowMs = options.windowMs;
-    if (this.interval)
-      clearInterval(this.interval);
+    if (this.interval) clearInterval(this.interval);
     this.interval = setInterval(() => {
       this.clearExpired();
     }, this.windowMs);
-    if (this.interval.unref)
-      this.interval.unref();
+    if (this.interval.unref) this.interval.unref();
   }
   /**
    * Method to fetch a client's hit count and reset time.
@@ -449,8 +480,7 @@ var MemoryStore = class {
    */
   async decrement(key) {
     const client = this.getClient(key);
-    if (client.totalHits > 0)
-      client.totalHits--;
+    if (client.totalHits > 0) client.totalHits--;
   }
   /**
    * Method to reset a client's hit counter.
@@ -508,8 +538,7 @@ var MemoryStore = class {
    * @returns {Client} - The requested client.
    */
   getClient(key) {
-    if (this.current.has(key))
-      return this.current.get(key);
+    if (this.current.has(key)) return this.current.get(key);
     let client;
     if (this.previous.has(key)) {
       client = this.previous.get(key);
@@ -549,8 +578,7 @@ var promisifyStore = (passedStore) => {
         legacyStore.incr(
           key,
           (error, totalHits, resetTime) => {
-            if (error)
-              reject(error);
+            if (error) reject(error);
             resolve({ totalHits, resetTime });
           }
         );
@@ -597,8 +625,7 @@ var parseOptions = (passedOptions) => {
   );
   validations2.onLimitReached(notUndefinedOptions.onLimitReached);
   let standardHeaders = notUndefinedOptions.standardHeaders ?? false;
-  if (standardHeaders === true)
-    standardHeaders = "draft-6";
+  if (standardHeaders === true) standardHeaders = "draft-6";
   const config = {
     windowMs: 60 * 1e3,
     limit: passedOptions.max ?? 5,
@@ -606,6 +633,20 @@ var parseOptions = (passedOptions) => {
     message: "Too many requests, please try again later.",
     statusCode: 429,
     legacyHeaders: passedOptions.headers ?? true,
+    identifier(request, _response) {
+      let duration = "";
+      const property = config.requestPropertyName;
+      const { limit } = request[property];
+      const seconds = config.windowMs / 1e3;
+      const minutes = config.windowMs / (1e3 * 60);
+      const hours = config.windowMs / (1e3 * 60 * 60);
+      const days = config.windowMs / (1e3 * 60 * 60 * 24);
+      if (seconds < 60) duration = `${seconds}sec`;
+      else if (minutes < 60) duration = `${minutes}min`;
+      else if (hours < 24) duration = `${hours}hr${hours > 1 ? "s" : ""}`;
+      else duration = `${days}day${days > 1 ? "s" : ""}`;
+      return `${limit}-in-${duration}`;
+    },
     requestPropertyName: "rateLimit",
     skipFailedRequests: false,
     skipSuccessfulRequests: false,
@@ -628,12 +669,12 @@ var parseOptions = (passedOptions) => {
       }
     },
     passOnStoreError: false,
-    // Allow the default options to be overriden by the options passed to the middleware.
+    // Allow the default options to be overridden by the passed options.
     ...notUndefinedOptions,
     // `standardHeaders` is resolved into a draft version above, use that.
     standardHeaders,
     // Note that this field is declared after the user's options are spread in,
-    // so that this field doesn't get overriden with an un-promisified store!
+    // so that this field doesn't get overridden with an un-promisified store!
     store: promisifyStore(notUndefinedOptions.store ?? new MemoryStore()),
     // Print an error to the console if a few known misconfigurations are detected.
     validations: validations2
@@ -657,8 +698,7 @@ var rateLimit = (passedOptions) => {
   const options = getOptionsFromConfig(config);
   config.validations.creationStack(config.store);
   config.validations.unsharedStore(config.store);
-  if (typeof config.store.init === "function")
-    config.store.init(options);
+  if (typeof config.store.init === "function") config.store.init(options);
   const middleware = handleAsyncErrors(
     async (request, response, next) => {
       const skip = await config.skip(request, response);
@@ -706,11 +746,27 @@ var rateLimit = (passedOptions) => {
         setLegacyHeaders(response, info);
       }
       if (config.standardHeaders && !response.headersSent) {
-        if (config.standardHeaders === "draft-6") {
-          setDraft6Headers(response, info, config.windowMs);
-        } else if (config.standardHeaders === "draft-7") {
-          config.validations.headersResetTime(info.resetTime);
-          setDraft7Headers(response, info, config.windowMs);
+        switch (config.standardHeaders) {
+          case "draft-6": {
+            setDraft6Headers(response, info, config.windowMs);
+            break;
+          }
+          case "draft-7": {
+            config.validations.headersResetTime(info.resetTime);
+            setDraft7Headers(response, info, config.windowMs);
+            break;
+          }
+          case "draft-8": {
+            const retrieveName = typeof config.identifier === "function" ? config.identifier(request, response) : config.identifier;
+            const name = await retrieveName;
+            config.validations.headersResetTime(info.resetTime);
+            setDraft8Headers(response, info, config.windowMs, name, key);
+            break;
+          }
+          default: {
+            config.validations.headersDraftVersion(config.standardHeaders);
+            break;
+          }
         }
       }
       if (config.skipFailedRequests || config.skipSuccessfulRequests) {
@@ -727,8 +783,7 @@ var rateLimit = (passedOptions) => {
               await decrementKey();
           });
           response.on("close", async () => {
-            if (!response.writableEnded)
-              await decrementKey();
+            if (!response.writableEnded) await decrementKey();
           });
           response.on("error", async () => {
             await decrementKey();

package/dist/index.d.cts

@@ -86,6 +86,14 @@ declare const validations: {
 	 * @returns {void}
 	 */
 	onLimitReached(onLimitReached?: any): void;
+	/**
+	 * Warns the user when an invalid/unsupported version of the draft spec is passed.
+	 *
+	 * @param version {any | undefined} - The version passed by the user.
+	 *
+	 * @returns {void}
+	 */
+	headersDraftVersion(version?: any): void;
 	/**
 	 * Warns the user when the selected headers option requires a reset time but
 	 * the store does not provide one.
@@ -111,6 +119,11 @@ declare const validations: {
 	creationStack(store: Store): void;
 };
 export type Validations = typeof validations;
+declare const SUPPORTED_DRAFT_VERSIONS: readonly [
+	"draft-6",
+	"draft-7",
+	"draft-8"
+];
 /**
  * Callback that fires when a client's hit counter is incremented.
  *
@@ -271,7 +284,7 @@ export type Store = {
 	 */
 	prefix?: string;
 };
-export type DraftHeadersVersion = "draft-6" | "draft-7";
+export type DraftHeadersVersion = (typeof SUPPORTED_DRAFT_VERSIONS)[number];
 /**
  * Validate configuration object for enabling or disabling specific validations.
  *
@@ -326,6 +339,13 @@ export type Options = {
 	 * Defaults to `false` (for backward compatibility, but its use is recommended).
 	 */
 	standardHeaders: boolean | DraftHeadersVersion;
+	/**
+	 * The name used to identify the quota policy in the `RateLimit` headers as per
+	 * the 8th draft of the IETF specification.
+	 *
+	 * Defaults to `{limit}-in-{window}`.
+	 */
+	identifier: string | ValueDeterminingMiddleware<string>;
 	/**
 	 * The name of the property on the request object to store the rate limit info.
 	 *

package/dist/index.d.mts

@@ -86,6 +86,14 @@ declare const validations: {
 	 * @returns {void}
 	 */
 	onLimitReached(onLimitReached?: any): void;
+	/**
+	 * Warns the user when an invalid/unsupported version of the draft spec is passed.
+	 *
+	 * @param version {any | undefined} - The version passed by the user.
+	 *
+	 * @returns {void}
+	 */
+	headersDraftVersion(version?: any): void;
 	/**
 	 * Warns the user when the selected headers option requires a reset time but
 	 * the store does not provide one.
@@ -111,6 +119,11 @@ declare const validations: {
 	creationStack(store: Store): void;
 };
 export type Validations = typeof validations;
+declare const SUPPORTED_DRAFT_VERSIONS: readonly [
+	"draft-6",
+	"draft-7",
+	"draft-8"
+];
 /**
  * Callback that fires when a client's hit counter is incremented.
  *
@@ -271,7 +284,7 @@ export type Store = {
 	 */
 	prefix?: string;
 };
-export type DraftHeadersVersion = "draft-6" | "draft-7";
+export type DraftHeadersVersion = (typeof SUPPORTED_DRAFT_VERSIONS)[number];
 /**
  * Validate configuration object for enabling or disabling specific validations.
  *
@@ -326,6 +339,13 @@ export type Options = {
 	 * Defaults to `false` (for backward compatibility, but its use is recommended).
 	 */
 	standardHeaders: boolean | DraftHeadersVersion;
+	/**
+	 * The name used to identify the quota policy in the `RateLimit` headers as per
+	 * the 8th draft of the IETF specification.
+	 *
+	 * Defaults to `{limit}-in-{window}`.
+	 */
+	identifier: string | ValueDeterminingMiddleware<string>;
 	/**
 	 * The name of the property on the request object to store the rate limit info.
 	 *

package/dist/index.d.ts

@@ -86,6 +86,14 @@ declare const validations: {
 	 * @returns {void}
 	 */
 	onLimitReached(onLimitReached?: any): void;
+	/**
+	 * Warns the user when an invalid/unsupported version of the draft spec is passed.
+	 *
+	 * @param version {any | undefined} - The version passed by the user.
+	 *
+	 * @returns {void}
+	 */
+	headersDraftVersion(version?: any): void;
 	/**
 	 * Warns the user when the selected headers option requires a reset time but
 	 * the store does not provide one.
@@ -111,6 +119,11 @@ declare const validations: {
 	creationStack(store: Store): void;
 };
 export type Validations = typeof validations;
+declare const SUPPORTED_DRAFT_VERSIONS: readonly [
+	"draft-6",
+	"draft-7",
+	"draft-8"
+];
 /**
  * Callback that fires when a client's hit counter is incremented.
  *
@@ -271,7 +284,7 @@ export type Store = {
 	 */
 	prefix?: string;
 };
-export type DraftHeadersVersion = "draft-6" | "draft-7";
+export type DraftHeadersVersion = (typeof SUPPORTED_DRAFT_VERSIONS)[number];
 /**
  * Validate configuration object for enabling or disabling specific validations.
  *
@@ -326,6 +339,13 @@ export type Options = {
 	 * Defaults to `false` (for backward compatibility, but its use is recommended).
 	 */
 	standardHeaders: boolean | DraftHeadersVersion;
+	/**
+	 * The name used to identify the quota policy in the `RateLimit` headers as per
+	 * the 8th draft of the IETF specification.
+	 *
+	 * Defaults to `{limit}-in-{window}`.
+	 */
+	identifier: string | ValueDeterminingMiddleware<string>;
 	/**
 	 * The name of the property on the request object to store the rate limit info.
 	 *

package/dist/index.mjs

@@ -1,4 +1,11 @@
 // source/headers.ts
+import { Buffer } from "node:buffer";
+import { createHash } from "node:crypto";
+var SUPPORTED_DRAFT_VERSIONS = [
+  "draft-6",
+  "draft-7",
+  "draft-8"
+];
 var getResetSeconds = (resetTime, windowMs) => {
   let resetSeconds = void 0;
   if (resetTime) {
@@ -9,9 +16,14 @@ var getResetSeconds = (resetTime, windowMs) => {
   }
   return resetSeconds;
 };
+var getPartitionKey = (key) => {
+  const hash = createHash("sha256");
+  hash.update(key);
+  const partitionKey = hash.digest("hex").slice(0, 12);
+  return Buffer.from(partitionKey).toString("base64");
+};
 var setLegacyHeaders = (response, info) => {
-  if (response.headersSent)
-    return;
+  if (response.headersSent) return;
   response.setHeader("X-RateLimit-Limit", info.limit.toString());
   response.setHeader("X-RateLimit-Remaining", info.remaining.toString());
   if (info.resetTime instanceof Date) {
@@ -23,8 +35,7 @@ var setLegacyHeaders = (response, info) => {
   }
 };
 var setDraft6Headers = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
+  if (response.headersSent) return;
   const windowSeconds = Math.ceil(windowMs / 1e3);
   const resetSeconds = getResetSeconds(info.resetTime);
   response.setHeader("RateLimit-Policy", `${info.limit};w=${windowSeconds}`);
@@ -34,8 +45,7 @@ var setDraft6Headers = (response, info, windowMs) => {
     response.setHeader("RateLimit-Reset", resetSeconds.toString());
 };
 var setDraft7Headers = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
+  if (response.headersSent) return;
   const windowSeconds = Math.ceil(windowMs / 1e3);
   const resetSeconds = getResetSeconds(info.resetTime, windowMs);
   response.setHeader("RateLimit-Policy", `${info.limit};w=${windowSeconds}`);
@@ -44,15 +54,24 @@ var setDraft7Headers = (response, info, windowMs) => {
     `limit=${info.limit}, remaining=${info.remaining}, reset=${resetSeconds}`
   );
 };
+var setDraft8Headers = (response, info, windowMs, name, key) => {
+  if (response.headersSent) return;
+  const windowSeconds = Math.ceil(windowMs / 1e3);
+  const resetSeconds = getResetSeconds(info.resetTime, windowMs);
+  const partitionKey = getPartitionKey(key);
+  const policy = `q=${info.limit}; w=${windowSeconds}; pk=:${partitionKey}:`;
+  const header = `r=${info.remaining}; t=${resetSeconds}`;
+  response.append("RateLimit-Policy", `"${name}"; ${policy}`);
+  response.append("RateLimit", `"${name}"; ${header}`);
+};
 var setRetryAfterHeader = (response, info, windowMs) => {
-  if (response.headersSent)
-    return;
+  if (response.headersSent) return;
   const resetSeconds = getResetSeconds(info.resetTime, windowMs);
   response.setHeader("Retry-After", resetSeconds.toString());
 };
 
 // source/validations.ts
-import { isIP } from "net";
+import { isIP } from "node:net";
 var ValidationError = class extends Error {
   /**
    * The code must be a string, in snake case and all capital, that starts with
@@ -80,8 +99,7 @@ var validations = {
   },
   // Should be EnabledValidations type, but that's a circular reference
   disable() {
-    for (const k of Object.keys(this.enabled))
-      this.enabled[k] = false;
+    for (const k of Object.keys(this.enabled)) this.enabled[k] = false;
   },
   /**
    * Checks whether the IP address is valid, and that it does not have a port
@@ -246,6 +264,23 @@ var validations = {
       );
     }
   },
+  /**
+   * Warns the user when an invalid/unsupported version of the draft spec is passed.
+   *
+   * @param version {any | undefined} - The version passed by the user.
+   *
+   * @returns {void}
+   */
+  headersDraftVersion(version) {
+    if (typeof version !== "string" || // @ts-expect-error This is fine. If version is not in the array, it will just return false.
+    !SUPPORTED_DRAFT_VERSIONS.includes(version)) {
+      const versionString = SUPPORTED_DRAFT_VERSIONS.join(", ");
+      throw new ValidationError(
+        "ERR_ERL_HEADERS_UNSUPPORTED_DRAFT_VERSION",
+        `standardHeaders: only the following versions of the IETF draft specification are supported: ${versionString}.`
+      );
+    }
+  },
   /**
    * Warns the user when the selected headers option requires a reset time but
    * the store does not provide one.
@@ -336,10 +371,8 @@ var getValidations = (_enabled) => {
             args
           );
         } catch (error) {
-          if (error instanceof ChangeWarning)
-            console.warn(error);
-          else
-            console.error(error);
+          if (error instanceof ChangeWarning) console.warn(error);
+          else console.error(error);
         }
       };
   }
@@ -374,13 +407,11 @@ var MemoryStore = class {
    */
   init(options) {
     this.windowMs = options.windowMs;
-    if (this.interval)
-      clearInterval(this.interval);
+    if (this.interval) clearInterval(this.interval);
     this.interval = setInterval(() => {
       this.clearExpired();
     }, this.windowMs);
-    if (this.interval.unref)
-      this.interval.unref();
+    if (this.interval.unref) this.interval.unref();
   }
   /**
    * Method to fetch a client's hit count and reset time.
@@ -421,8 +452,7 @@ var MemoryStore = class {
    */
   async decrement(key) {
     const client = this.getClient(key);
-    if (client.totalHits > 0)
-      client.totalHits--;
+    if (client.totalHits > 0) client.totalHits--;
   }
   /**
    * Method to reset a client's hit counter.
@@ -480,8 +510,7 @@ var MemoryStore = class {
    * @returns {Client} - The requested client.
    */
   getClient(key) {
-    if (this.current.has(key))
-      return this.current.get(key);
+    if (this.current.has(key)) return this.current.get(key);
     let client;
     if (this.previous.has(key)) {
       client = this.previous.get(key);
@@ -521,8 +550,7 @@ var promisifyStore = (passedStore) => {
         legacyStore.incr(
           key,
           (error, totalHits, resetTime) => {
-            if (error)
-              reject(error);
+            if (error) reject(error);
             resolve({ totalHits, resetTime });
           }
         );
@@ -569,8 +597,7 @@ var parseOptions = (passedOptions) => {
   );
   validations2.onLimitReached(notUndefinedOptions.onLimitReached);
   let standardHeaders = notUndefinedOptions.standardHeaders ?? false;
-  if (standardHeaders === true)
-    standardHeaders = "draft-6";
+  if (standardHeaders === true) standardHeaders = "draft-6";
   const config = {
     windowMs: 60 * 1e3,
     limit: passedOptions.max ?? 5,
@@ -578,6 +605,20 @@ var parseOptions = (passedOptions) => {
     message: "Too many requests, please try again later.",
     statusCode: 429,
     legacyHeaders: passedOptions.headers ?? true,
+    identifier(request, _response) {
+      let duration = "";
+      const property = config.requestPropertyName;
+      const { limit } = request[property];
+      const seconds = config.windowMs / 1e3;
+      const minutes = config.windowMs / (1e3 * 60);
+      const hours = config.windowMs / (1e3 * 60 * 60);
+      const days = config.windowMs / (1e3 * 60 * 60 * 24);
+      if (seconds < 60) duration = `${seconds}sec`;
+      else if (minutes < 60) duration = `${minutes}min`;
+      else if (hours < 24) duration = `${hours}hr${hours > 1 ? "s" : ""}`;
+      else duration = `${days}day${days > 1 ? "s" : ""}`;
+      return `${limit}-in-${duration}`;
+    },
     requestPropertyName: "rateLimit",
     skipFailedRequests: false,
     skipSuccessfulRequests: false,
@@ -600,12 +641,12 @@ var parseOptions = (passedOptions) => {
       }
     },
     passOnStoreError: false,
-    // Allow the default options to be overriden by the options passed to the middleware.
+    // Allow the default options to be overridden by the passed options.
     ...notUndefinedOptions,
     // `standardHeaders` is resolved into a draft version above, use that.
     standardHeaders,
     // Note that this field is declared after the user's options are spread in,
-    // so that this field doesn't get overriden with an un-promisified store!
+    // so that this field doesn't get overridden with an un-promisified store!
     store: promisifyStore(notUndefinedOptions.store ?? new MemoryStore()),
     // Print an error to the console if a few known misconfigurations are detected.
     validations: validations2
@@ -629,8 +670,7 @@ var rateLimit = (passedOptions) => {
   const options = getOptionsFromConfig(config);
   config.validations.creationStack(config.store);
   config.validations.unsharedStore(config.store);
-  if (typeof config.store.init === "function")
-    config.store.init(options);
+  if (typeof config.store.init === "function") config.store.init(options);
   const middleware = handleAsyncErrors(
     async (request, response, next) => {
       const skip = await config.skip(request, response);
@@ -678,11 +718,27 @@ var rateLimit = (passedOptions) => {
         setLegacyHeaders(response, info);
       }
       if (config.standardHeaders && !response.headersSent) {
-        if (config.standardHeaders === "draft-6") {
-          setDraft6Headers(response, info, config.windowMs);
-        } else if (config.standardHeaders === "draft-7") {
-          config.validations.headersResetTime(info.resetTime);
-          setDraft7Headers(response, info, config.windowMs);
+        switch (config.standardHeaders) {
+          case "draft-6": {
+            setDraft6Headers(response, info, config.windowMs);
+            break;
+          }
+          case "draft-7": {
+            config.validations.headersResetTime(info.resetTime);
+            setDraft7Headers(response, info, config.windowMs);
+            break;
+          }
+          case "draft-8": {
+            const retrieveName = typeof config.identifier === "function" ? config.identifier(request, response) : config.identifier;
+            const name = await retrieveName;
+            config.validations.headersResetTime(info.resetTime);
+            setDraft8Headers(response, info, config.windowMs, name, key);
+            break;
+          }
+          default: {
+            config.validations.headersDraftVersion(config.standardHeaders);
+            break;
+          }
         }
       }
       if (config.skipFailedRequests || config.skipSuccessfulRequests) {
@@ -699,8 +755,7 @@ var rateLimit = (passedOptions) => {
               await decrementKey();
           });
           response.on("close", async () => {
-            if (!response.writableEnded)
-              await decrementKey();
+            if (!response.writableEnded) await decrementKey();
           });
           response.on("error", async () => {
             await decrementKey();

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "express-rate-limit",
-	"version": "7.4.1",
+	"version": "7.5.1",
 	"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.",
 	"author": {
 		"name": "Nathan Friedly",
@@ -74,7 +74,7 @@
 		"prepare": "run-s compile && husky install config/husky"
 	},
 	"peerDependencies": {
-		"express": "4 || 5 || ^5.0.0-beta.1"
+		"express": ">= 4.11"
 	},
 	"devDependencies": {
 		"@express-rate-limit/prettier": "1.1.1",
@@ -86,8 +86,8 @@
 		"@types/supertest": "2.0.15",
 		"del-cli": "5.1.0",
 		"dts-bundle-generator": "8.0.1",
-		"esbuild": "0.19.5",
-		"express": "4.21.0",
+		"esbuild": "0.25.0",
+		"express": "4.21.1",
 		"husky": "8.0.3",
 		"jest": "29.7.0",
 		"lint-staged": "15.0.2",

package/readme.md

@@ -26,7 +26,7 @@ import { rateLimit } from 'express-rate-limit'
 const limiter = rateLimit({
 	windowMs: 15 * 60 * 1000, // 15 minutes
 	limit: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes).
-	standardHeaders: 'draft-7', // draft-6: `RateLimit-*` headers; draft-7: combined `RateLimit` header
+	standardHeaders: 'draft-8', // draft-6: `RateLimit-*` headers; draft-7 & draft-8: combined `RateLimit` header
 	legacyHeaders: false, // Disable the `X-RateLimit-*` headers.
 	// store: ... , // Redis, Memcached, etc. See below.
 })
@@ -45,24 +45,25 @@ The rate limiter comes with a built-in memory store, and supports a variety of
 All function options may be async. Click the name for additional info and
 default values.
 
-| Option                     | Type                             | Remarks                                                                                         |
-| -------------------------- | -------------------------------- | ----------------------------------------------------------------------------------------------- |
-| [`windowMs`]               | `number`                         | How long to remember requests for, in milliseconds.                                             |
-| [`limit`]                  | `number` \| `function`           | How many requests to allow.                                                                     |
-| [`message`]                | `string` \| `json` \| `function` | Response to return after limit is reached.                                                      |
-| [`statusCode`]             | `number`                         | HTTP status code after limit is reached (default is 429).                                       |
-| [`handler`]                | `function`                       | Function to run after limit is reached (overrides `message` and `statusCode` settings, if set). |
-| [`legacyHeaders`]          | `boolean`                        | Enable the `X-Rate-Limit` header.                                                               |
-| [`standardHeaders`]        | `'draft-6'` \| `'draft-7'`       | Enable the `Ratelimit` header.                                                                  |
-| [`store`]                  | `Store`                          | Use a custom store to share hit counts across multiple nodes.                                   |
-| [`passOnStoreError`]       | `boolean`                        | Allow (`true`) or block (`false`, default) traffic if the store becomes unavailable.            |
-| [`keyGenerator`]           | `function`                       | Identify users (defaults to IP address).                                                        |
-| [`requestPropertyName`]    | `string`                         | Add rate limit info to the `req` object.                                                        |
-| [`skip`]                   | `function`                       | Return `true` to bypass the limiter for the given request.                                      |
-| [`skipSuccessfulRequests`] | `boolean`                        | Uncount 1xx/2xx/3xx responses.                                                                  |
-| [`skipFailedRequests`]     | `boolean`                        | Uncount 4xx/5xx responses.                                                                      |
-| [`requestWasSuccessful`]   | `function`                       | Used by `skipSuccessfulRequests` and `skipFailedRequests`.                                      |
-| [`validate`]               | `boolean` \| `object`            | Enable or disable built-in validation checks.                                                   |
+| Option                     | Type                                      | Remarks                                                                                         |
+| -------------------------- | ----------------------------------------- | ----------------------------------------------------------------------------------------------- |
+| [`windowMs`]               | `number`                                  | How long to remember requests for, in milliseconds.                                             |
+| [`limit`]                  | `number` \| `function`                    | How many requests to allow.                                                                     |
+| [`message`]                | `string` \| `json` \| `function`          | Response to return after limit is reached.                                                      |
+| [`statusCode`]             | `number`                                  | HTTP status code after limit is reached (default is 429).                                       |
+| [`handler`]                | `function`                                | Function to run after limit is reached (overrides `message` and `statusCode` settings, if set). |
+| [`legacyHeaders`]          | `boolean`                                 | Enable the `X-Rate-Limit` header.                                                               |
+| [`standardHeaders`]        | `'draft-6'` \| `'draft-7'` \| `'draft-8'` | Enable the `Ratelimit` header.                                                                  |
+| [`identifier`]             | `string` \| `function`                    | Name associated with the quota policy enforced by this rate limiter.                            |
+| [`store`]                  | `Store`                                   | Use a custom store to share hit counts across multiple nodes.                                   |
+| [`passOnStoreError`]       | `boolean`                                 | Allow (`true`) or block (`false`, default) traffic if the store becomes unavailable.            |
+| [`keyGenerator`]           | `function`                                | Identify users (defaults to IP address).                                                        |
+| [`requestPropertyName`]    | `string`                                  | Add rate limit info to the `req` object.                                                        |
+| [`skip`]                   | `function`                                | Return `true` to bypass the limiter for the given request.                                      |
+| [`skipSuccessfulRequests`] | `boolean`                                 | Uncount 1xx/2xx/3xx responses.                                                                  |
+| [`skipFailedRequests`]     | `boolean`                                 | Uncount 4xx/5xx responses.                                                                      |
+| [`requestWasSuccessful`]   | `function`                                | Used by `skipSuccessfulRequests` and `skipFailedRequests`.                                      |
+| [`validate`]               | `boolean` \| `object`                     | Enable or disable built-in validation checks.                                                   |
 
 ## Thank You
 
@@ -126,6 +127,8 @@ MIT © [Nathan Friedly](http://nfriedly.com/),
 	https://express-rate-limit.mintlify.app/reference/configuration#legacyheaders
 [`standardHeaders`]:
 	https://express-rate-limit.mintlify.app/reference/configuration#standardheaders
+[`identifier`]:
+	https://express-rate-limit.mintlify.app/reference/configuration#identifier
 [`store`]: https://express-rate-limit.mintlify.app/reference/configuration#store
 [`passOnStoreError`]:
 	https://express-rate-limit.mintlify.app/reference/configuration#passOnStoreError