mielk-api 1.3.10 → 1.5.0

package/dist/http/httpResponseStatus/HttpResponseStatus.d.ts

@@ -2,10 +2,14 @@ import { HttpStatus } from "../types/HttpStatus.js";
 export declare const HttpResponseStatus: {
     OK: HttpStatus;
     CREATED: HttpStatus;
+    ACCEPTED: HttpStatus;
+    NO_CONTENT: HttpStatus;
     BAD_REQUEST: HttpStatus;
     UNAUTHORIZED: HttpStatus;
     FORBIDDEN: HttpStatus;
     NOT_FOUND: HttpStatus;
     CONFLICT: HttpStatus;
+    LOCKED: HttpStatus;
+    TOO_MANY_REQUESTS: HttpStatus;
     SERVER_ERROR: HttpStatus;
 };

package/dist/http/httpResponseStatus/HttpResponseStatus.js

@@ -4,10 +4,14 @@ const msg = Msg.apiStatus;
 export const HttpResponseStatus = {
     OK: createApiStatus(true, 200, msg.ok),
     CREATED: createApiStatus(true, 201, msg.created),
+    ACCEPTED: createApiStatus(true, 202, msg.created),
+    NO_CONTENT: createApiStatus(true, 204, msg.noContent),
     BAD_REQUEST: createApiStatus(false, 400, msg.badRequest),
     UNAUTHORIZED: createApiStatus(false, 401, msg.unauthorized),
     FORBIDDEN: createApiStatus(false, 403, msg.forbidden),
     NOT_FOUND: createApiStatus(false, 404, msg.notFound),
     CONFLICT: createApiStatus(false, 409, msg.conflict),
+    LOCKED: createApiStatus(false, 423, msg.locked),
+    TOO_MANY_REQUESTS: createApiStatus(false, 429, msg.tooManyRequests),
     SERVER_ERROR: createApiStatus(false, 500, msg.serverError),
 };

package/dist/internal/messaging/messageTags.d.ts

@@ -2,17 +2,20 @@ export declare const Msg: {
     apiStatus: {
         ok: string;
         created: string;
+        accepted: string;
+        noContent: string;
         badRequest: string;
         unauthorized: string;
         forbidden: string;
         notFound: string;
         conflict: string;
+        locked: string;
+        tooManyRequests: string;
         serverError: string;
     };
     connection: {
         corsBlocked: string;
         notInitialized: string;
-        rateLimitExceededMessage: string;
         sshOptionsNotSpecified: string;
         sshTunnelFailed: string;
         postgreConnectionError: string;

package/dist/internal/messaging/messageTags.js

@@ -5,17 +5,20 @@ export const Msg = {
     apiStatus: {
         ok: `${___HTTP_STATUS___}:ok`,
         created: `${___HTTP_STATUS___}:created`,
+        accepted: `${___HTTP_STATUS___}:accepted`,
+        noContent: `${___HTTP_STATUS___}:noContent`,
         badRequest: `${___HTTP_STATUS___}:badRequest`,
         unauthorized: `${___HTTP_STATUS___}:unauthorized`,
         forbidden: `${___HTTP_STATUS___}:forbidden`,
         notFound: `${___HTTP_STATUS___}:notFound`,
         conflict: `${___HTTP_STATUS___}:conflict`,
+        locked: `${___HTTP_STATUS___}:locked`, // Account is temporarily locked. Try again later or reset your password. OR Your account has been temporarily locked due to multiple failed login attempts. Please reset your password to regain access.
+        tooManyRequests: `${___HTTP_STATUS___}:tooManyRequests`,
         serverError: `${___HTTP_STATUS___}:serverError`,
     },
     connection: {
         corsBlocked: `${___CONNECTION___}:corsBlocked`,
         notInitialized: `${___CONNECTION___}:notInitialized`,
-        rateLimitExceededMessage: `${___CONNECTION___}:rateLimitExceededMessage`,
         sshOptionsNotSpecified: `${___CONNECTION___}:sshOptionsNotSpecified`,
         sshTunnelFailed: `${___CONNECTION___}:sshTunnelFailed`, // ❌ SSH tunnel failed
         postgreConnectionError: `${___CONNECTION___}:postgreConnectionError`, // Unexpected PostgreSQL error

package/dist/middlewares/cors/privateCors.js

@@ -15,4 +15,5 @@ export const privateCors = cors({
     },
     methods: ['GET', 'POST', 'PUT', 'DELETE'],
     allowedHeaders: ['Content-Type', 'Authorization'],
+    credentials: true
 });

package/dist/middlewares/cors/publicCors.js

@@ -7,4 +7,5 @@ export const publicCors = cors({
     },
     methods: ['GET'],
     allowedHeaders: ['Content-Type', 'Authorization'],
+    credentials: true
 });

package/dist/middlewares/index.d.ts

@@ -1,10 +1,14 @@
 import { CorsConfig, initCors } from './cors/cors.js';
 import { privateCors } from './cors/privateCors.js';
 import { publicCors } from './cors/publicCors.js';
-import { RateLimitConfig, setAppRateLimit, getRateLimit } from './rateLimit/rateLimit.js';
 import { apiKeyAuthorization } from './requestAuth/auth.middleware.js';
 import { validateQueryParams, validateBodyJson } from './zod/validate.js';
+import { createRedisLocker, setRedisLock, removeRedisLock, checkIfLockedInRedis } from './redisLocks/redisLocker.js';
+import { RedisLockerConfigFactory } from './redisLocks/redisLockerConfigFactory.js';
+import { RedisLocker, RedisLockerConfig, RedisLockerConfigParams } from './redisLocks/types.js';
 export { CorsConfig, initCors, privateCors, publicCors };
-export { RateLimitConfig, setAppRateLimit, getRateLimit };
 export { apiKeyAuthorization };
 export { validateQueryParams, validateBodyJson };
+export { createRedisLocker, setRedisLock, removeRedisLock as removeLock, checkIfLockedInRedis as isLocked };
+export { RedisLockerConfigFactory };
+export { RedisLocker, RedisLockerConfig, RedisLockerConfigParams };

package/dist/middlewares/index.js

@@ -1,10 +1,12 @@
 import { initCors } from './cors/cors.js';
 import { privateCors } from './cors/privateCors.js';
 import { publicCors } from './cors/publicCors.js';
-import { setAppRateLimit, getRateLimit } from './rateLimit/rateLimit.js';
 import { apiKeyAuthorization } from './requestAuth/auth.middleware.js';
 import { validateQueryParams, validateBodyJson } from './zod/validate.js';
+import { createRedisLocker, setRedisLock, removeRedisLock, checkIfLockedInRedis } from './redisLocks/redisLocker.js';
+import { RedisLockerConfigFactory } from './redisLocks/redisLockerConfigFactory.js';
 export { initCors, privateCors, publicCors };
-export { setAppRateLimit, getRateLimit };
 export { apiKeyAuthorization };
 export { validateQueryParams, validateBodyJson };
+export { createRedisLocker, setRedisLock, removeRedisLock as removeLock, checkIfLockedInRedis as isLocked };
+export { RedisLockerConfigFactory };

package/dist/middlewares/redisLocks/redisLocker.d.ts

@@ -0,0 +1,7 @@
+import { RedisLocker, RedisLockerConfig } from "./types.js";
+import { Request } from "express";
+export declare const createRedisLocker: (config: RedisLockerConfig) => RedisLocker;
+export declare const generateRedisLockKey: (config: RedisLockerConfig, req: Request) => string;
+export declare const setRedisLock: (key: string, ttlSeconds: number) => Promise<void>;
+export declare const removeRedisLock: (key: string) => Promise<void>;
+export declare const checkIfLockedInRedis: (key: string) => Promise<boolean>;

package/dist/middlewares/redisLocks/redisLocker.js

@@ -0,0 +1,46 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { getRedisClient } from "mielk-fn/redis";
+import { failure, HttpResponseStatus } from "../../http/index.js";
+import { Msg } from "../../internal/messaging/messageTags.js";
+export const createRedisLocker = (config) => {
+    return (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
+        const { message } = config;
+        const key = generateRedisLockKey(config, req);
+        const isLocked = yield checkIfLockedInRedis(key);
+        if (isLocked) {
+            return failure(res, HttpResponseStatus.LOCKED, message || Msg.apiStatus.locked);
+        }
+        return next();
+    });
+};
+export const generateRedisLockKey = (config, req) => {
+    const { keyPrefix, keySuffixes } = config;
+    return `${keyPrefix}:${keySuffixes(req).join(':')}`;
+};
+export const setRedisLock = (key, ttlSeconds) => __awaiter(void 0, void 0, void 0, function* () {
+    const redisClient = yield getRedisClient();
+    yield redisClient.set(key, JSON.stringify({ locked: true }), {
+        expiration: {
+            type: 'EX',
+            value: ttlSeconds
+        }
+    });
+    console.log('RL key:', key, ttlSeconds);
+});
+export const removeRedisLock = (key) => __awaiter(void 0, void 0, void 0, function* () {
+    const redisClient = yield getRedisClient();
+    yield redisClient.del(key);
+});
+export const checkIfLockedInRedis = (key) => __awaiter(void 0, void 0, void 0, function* () {
+    const redisClient = yield getRedisClient();
+    const value = yield redisClient.get(key);
+    return value !== null;
+});

package/dist/middlewares/redisLocks/redisLockerConfigFactory.d.ts

@@ -0,0 +1,4 @@
+import { RedisLockerConfig, RedisLockerConfigParams } from "./types.js";
+export declare const RedisLockerConfigFactory: {
+    mail: (params?: RedisLockerConfigParams) => RedisLockerConfig;
+};

package/dist/middlewares/redisLocks/redisLockerConfigFactory.js

@@ -0,0 +1,17 @@
+import { RedisKeyFactory } from "../../rateLimit/redisKeysFactory.js";
+import { Msg } from "../../internal/messaging/messageTags.js";
+const defaultRedisLockerConfig = {
+    keyPrefix: RedisKeyFactory.prefixes.lockEmail,
+    keySuffixes: RedisKeyFactory.suffixes.mail,
+    ttlSeconds: 3 * 60,
+    message: Msg.apiStatus.locked,
+};
+const createRedisLockerConfig = (params) => {
+    return Object.assign(Object.assign({}, defaultRedisLockerConfig), params);
+};
+const mail = (params) => {
+    return createRedisLockerConfig(Object.assign({}, (params || {})));
+};
+export const RedisLockerConfigFactory = {
+    mail,
+};

package/dist/middlewares/redisLocks/types.d.ts

@@ -0,0 +1,14 @@
+import { NextFunction, Request, Response } from "express";
+export type RedisLocker = (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;
+export interface RedisLockerConfigParams {
+    keyPrefix?: string;
+    keySuffixes?: (req: Request) => string[];
+    ttlSeconds?: number;
+    message?: string;
+}
+export interface RedisLockerConfig {
+    keyPrefix: string;
+    keySuffixes: (req: Request) => string[];
+    ttlSeconds: number;
+    message: string;
+}

package/dist/middlewares/redisLocks/types.js

@@ -0,0 +1 @@
+export {};

package/dist/rateLimit/checkRateLimit.d.ts

@@ -0,0 +1,2 @@
+import { RateLimitCheck, RateLimit } from './types.js';
+export declare const checkRateLimit: (rateLimit: RateLimit) => Promise<RateLimitCheck>;

package/dist/rateLimit/checkRateLimit.js

@@ -0,0 +1,33 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { getRedisClient } from 'mielk-fn/redis';
+import { setRedisLock } from '../middlewares/redisLocks/redisLocker.js';
+export const checkRateLimit = (rateLimit) => __awaiter(void 0, void 0, void 0, function* () {
+    const { key, limit, windowSec, redisLock } = rateLimit;
+    const client = yield getRedisClient();
+    const currentCounter = yield client.incr(key);
+    if (currentCounter === 1) {
+        yield client.expire(key, windowSec);
+    }
+    const ttl = yield client.ttl(key);
+    const allowed = currentCounter <= limit;
+    if (!allowed && redisLock) {
+        const { key, ttlSeconds } = redisLock;
+        console.log(`Setting Redis lock for ${key} | ${ttlSeconds} seconds`);
+        setRedisLock(key, ttlSeconds);
+    }
+    console.log('RL key:', key, 'current:', currentCounter, 'ttl:', ttl);
+    return {
+        currentCounter,
+        limit,
+        ttl,
+        allowed
+    };
+});

package/dist/rateLimit/createRateLimiter.d.ts

@@ -0,0 +1,4 @@
+import { Request, Response, NextFunction } from 'express';
+import { RateLimitConfig, RateLimitConfigParams } from './types.js';
+export declare const createGlobalRateLimiter: (config?: RateLimitConfigParams) => (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;
+export declare const createRateLimiter: (config: RateLimitConfig) => (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;

package/dist/rateLimit/createRateLimiter.js

@@ -0,0 +1,49 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { checkRateLimit } from './checkRateLimit.js';
+import { failure, HttpResponseStatus } from '../http/index.js';
+import { Msg } from '../internal/messaging/messageTags.js';
+import { RateLimitConfigFactory } from './rateLimitConfigFactory.js';
+import { generateRedisLockKey } from '../middlewares/redisLocks/redisLocker.js';
+export const createGlobalRateLimiter = (config) => {
+    return createRateLimiter(RateLimitConfigFactory.globalIp(config));
+};
+export const createRateLimiter = (config) => {
+    return (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
+        const { message } = config;
+        const rateLimit = createRateLimitFromConfig(config, req);
+        const { limit, currentCounter, ttl, allowed } = yield checkRateLimit(rateLimit);
+        res.setHeader('X-RateLimit-Limit', limit);
+        res.setHeader('X-RateLimit-Remaining', Math.max(0, limit - currentCounter));
+        res.setHeader('X-RateLimit-Reset', ttl);
+        console.log('IP:', req.ip);
+        console.log('Forwarded:', req.headers['x-forwarded-for']);
+        if (!allowed) {
+            return failure(res, HttpResponseStatus.TOO_MANY_REQUESTS, message || Msg.apiStatus.tooManyRequests);
+        }
+        return next();
+    });
+};
+const createRateLimitFromConfig = (config, req) => {
+    const { limit, windowSec, message, redisLockerConfig } = config;
+    const key = generateKeyFromConfig(config, req);
+    const rateLimit = { key, limit, windowSec, message };
+    if (redisLockerConfig) {
+        const { ttlSeconds } = redisLockerConfig;
+        const key = generateRedisLockKey(redisLockerConfig, req);
+        const redisLock = { key, ttlSeconds };
+        rateLimit.redisLock = redisLock;
+    }
+    return rateLimit;
+};
+const generateKeyFromConfig = (config, req) => {
+    const { keyPrefix, keySuffixes } = config;
+    return `${keyPrefix}:${keySuffixes(req).join(':')}`;
+};

package/dist/rateLimit/index.d.ts

@@ -0,0 +1,8 @@
+import { checkRateLimit } from './checkRateLimit.js';
+import { createRateLimiter } from './createRateLimiter.js';
+import { RateLimitConfigFactory } from './rateLimitConfigFactory.js';
+import { RedisKeyFactory } from './redisKeysFactory.js';
+import { type RateLimiter, RateLimitConfig, RateLimit, RateLimitCheck } from './types.js';
+export { checkRateLimit, createRateLimiter, RateLimitConfigFactory, RedisKeyFactory };
+export { RateLimitConfig, RateLimit, RateLimitCheck };
+export type { RateLimiter };

package/dist/rateLimit/index.js

@@ -0,0 +1,5 @@
+import { checkRateLimit } from './checkRateLimit.js';
+import { createRateLimiter } from './createRateLimiter.js';
+import { RateLimitConfigFactory } from './rateLimitConfigFactory.js';
+import { RedisKeyFactory } from './redisKeysFactory.js';
+export { checkRateLimit, createRateLimiter, RateLimitConfigFactory, RedisKeyFactory };

package/dist/rateLimit/rateLimitConfigFactory.d.ts

@@ -0,0 +1,7 @@
+import { RateLimitConfig, RateLimitConfigParams } from "./types.js";
+export declare const RateLimitConfigFactory: {
+    globalIp: (params?: RateLimitConfigParams) => RateLimitConfig;
+    loginIp: (params?: RateLimitConfigParams) => RateLimitConfig;
+    loginIpMail: (params?: RateLimitConfigParams) => RateLimitConfig;
+    loginMail: (params?: RateLimitConfigParams) => RateLimitConfig;
+};

package/dist/rateLimit/rateLimitConfigFactory.js

@@ -0,0 +1,31 @@
+import { RedisKeyFactory } from "./redisKeysFactory.js";
+import { Msg } from "../internal/messaging/messageTags.js";
+import { RedisLockerConfigFactory } from "../middlewares/index.js";
+const defaultRateLimitConfig = {
+    keyPrefix: RedisKeyFactory.prefixes.login,
+    keySuffixes: RedisKeyFactory.suffixes.ip,
+    windowSec: 15 * 60,
+    limit: 5,
+    message: Msg.apiStatus.tooManyRequests,
+};
+const createRateLimitConfig = (params) => {
+    return Object.assign(Object.assign({}, defaultRateLimitConfig), params);
+};
+const globalIp = (params) => {
+    return createRateLimitConfig(Object.assign({ keyPrefix: RedisKeyFactory.prefixes.global, windowSec: 60, limit: 2 }, (params || {})));
+};
+const loginIp = (params) => {
+    return createRateLimitConfig(Object.assign({}, (params || {})));
+};
+const loginIpMail = (params) => {
+    return createRateLimitConfig(Object.assign({ keySuffixes: RedisKeyFactory.suffixes.ipMail }, (params || {})));
+};
+const loginMail = (params) => {
+    return createRateLimitConfig(Object.assign({ keySuffixes: RedisKeyFactory.suffixes.mail, redisLockerConfig: RedisLockerConfigFactory.mail() }, (params || {})));
+};
+export const RateLimitConfigFactory = {
+    globalIp,
+    loginIp,
+    loginIpMail,
+    loginMail
+};

package/dist/rateLimit/redisKeysFactory.d.ts

@@ -0,0 +1,14 @@
+import { Request } from 'express';
+export declare const RedisKeyFactory: {
+    prefixes: {
+        readonly global: "global";
+        readonly login: "login";
+        readonly lockEmail: "lock:email";
+        readonly refresh: "refresh";
+    };
+    suffixes: {
+        readonly ip: (req: Request) => string[];
+        readonly ipMail: (req: Request) => string[];
+        readonly mail: (req: Request) => string[];
+    };
+};

package/dist/rateLimit/redisKeysFactory.js

@@ -0,0 +1,30 @@
+const prefixes = {
+    global: 'global',
+    login: 'login',
+    lockEmail: 'lock:email',
+    refresh: 'refresh',
+};
+const getIpSuffixCallback = (req) => {
+    const ip = req.ip || 'undefined';
+    return [ip];
+};
+const getEmailSuffixCallback = (req) => {
+    var _a;
+    const email = (((_a = req.body) === null || _a === void 0 ? void 0 : _a.email) || 'unknown').toLowerCase();
+    return [email];
+};
+const getIpEmailSuffixCallback = (req) => {
+    var _a;
+    const email = (((_a = req.body) === null || _a === void 0 ? void 0 : _a.email) || 'unknown').toLowerCase();
+    const ip = req.ip || 'unknown';
+    return [ip, email];
+};
+const suffixCallbacks = {
+    'ip': getIpSuffixCallback,
+    'ipMail': getIpEmailSuffixCallback,
+    'mail': getEmailSuffixCallback,
+};
+export const RedisKeyFactory = {
+    prefixes: prefixes,
+    suffixes: suffixCallbacks
+};

package/dist/rateLimit/types.d.ts

@@ -0,0 +1,35 @@
+import { NextFunction, Request, Response } from "express";
+import { RedisLockerConfig } from "../middlewares/index.js";
+export type RateLimiter = (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;
+export type RateLimitConfigParams = {
+    keyPrefix?: string;
+    keySuffixes?: (req: Request) => string[];
+    windowSec?: number;
+    limit?: number;
+    message?: string;
+    redisLockerConfig?: RedisLockerConfig | null;
+};
+export interface RateLimitConfig {
+    keyPrefix: string;
+    keySuffixes: (req: Request) => string[];
+    limit: number;
+    windowSec: number;
+    message?: string;
+    redisLockerConfig?: RedisLockerConfig | null;
+}
+export interface RateLimit {
+    key: string;
+    limit: number;
+    windowSec: number;
+    message?: string;
+    redisLock?: {
+        key: string;
+        ttlSeconds: number;
+    };
+}
+export interface RateLimitCheck {
+    currentCounter: number;
+    limit: number;
+    ttl: number;
+    allowed: boolean;
+}

package/dist/rateLimit/types.js

@@ -0,0 +1 @@
+export {};

package/dist/routing/express.d.ts

@@ -1,8 +1,9 @@
 import { PostgreDbConfig } from '../db/pg/index.js';
 import { MsSqlDbConfig } from '../db/mssql/index.js';
-import { CorsConfig, RateLimitConfig } from '../middlewares/index.js';
+import { CorsConfig } from '../middlewares/index.js';
 import { DbProvider } from './DbProvider.js';
+import { RateLimitConfigParams } from '../rateLimit/types.js';
 export type DbConfig = PostgreDbConfig | MsSqlDbConfig;
-export declare const createExpressApp: (isProd: boolean, dbConfig: DbConfig, corsConfig: CorsConfig, rateLimitConfig?: RateLimitConfig) => import("express-serve-static-core").Express;
+export declare const createExpressApp: (isProd: boolean, dbConfig: DbConfig, corsConfig: CorsConfig, rateLimitConfig?: RateLimitConfigParams) => Promise<import("express-serve-static-core").Express>;
 export declare const isProd: () => boolean;
 export declare const getDbProvider: () => DbProvider;

package/dist/routing/express.js

@@ -1,12 +1,22 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 import express from 'express';
 import { initDb as postgreInitDb } from '../db/pg/index.js';
 import { initDb as msSqlInitDb } from '../db/mssql/index.js';
-import { initCors, setAppRateLimit } from '../middlewares/index.js';
+import { initCors } from '../middlewares/index.js';
+import { createGlobalRateLimiter } from '../rateLimit/createRateLimiter.js';
 const env = {
     isProd: true,
     provider: undefined
 };
-export const createExpressApp = (isProd, dbConfig, corsConfig, rateLimitConfig) => {
+export const createExpressApp = (isProd, dbConfig, corsConfig, rateLimitConfig) => __awaiter(void 0, void 0, void 0, function* () {
     const app = express();
     env.isProd = isProd;
     env.provider = dbConfig.provider;
@@ -19,9 +29,11 @@ export const createExpressApp = (isProd, dbConfig, corsConfig, rateLimitConfig)
             break;
     }
     initCors(corsConfig);
-    setAppRateLimit(app, rateLimitConfig);
+    app.use(createGlobalRateLimiter(rateLimitConfig));
     app.use(express.json());
+    if (isProd)
+        app.set('trust proxy', 1);
     return app;
-};
+});
 export const isProd = () => env.isProd;
 export const getDbProvider = () => env.provider;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "mielk-api",
-	"version": "1.3.10",
+	"version": "1.5.0",
 	"keywords": [],
 	"author": "mielk",
 	"description": "Wrapper for API operations",
@@ -32,6 +32,11 @@
 			"types": "./dist/middlewares/index.d.ts",
 			"import": "./dist/middlewares/index.js",
 			"default": "./dist/middlewares/index.js"
+		},
+		"./rate-limit": {
+			"types": "./dist/rateLimit/index.d.ts",
+			"import": "./dist/rateLimit/index.js",
+			"default": "./dist/rateLimit/index.js"
 		}
 	},
 	"scripts": {
@@ -71,7 +76,6 @@
 	],
 	"peerDependencies": {
 		"express": "^5",
-		"express-rate-limit": "^8",
 		"zod": "^4"
 	},
 	"optionalDependencies": {
@@ -79,7 +83,8 @@
 	},
 	"dependencies": {
 		"cors": "^2.8.6",
-		"mielk-fn": "^1.1.1",
+		"express-rate-limit": "^8.3.1",
+		"mielk-fn": "^1.2.0",
 		"pg": "^8.20.0",
 		"tunnel-ssh": "^5.2.0"
 	}

package/dist/middlewares/rateLimit/rateLimit.d.ts

@@ -1,8 +0,0 @@
-import { Express } from 'express';
-import { RateLimitRequestHandler } from 'express-rate-limit';
-export interface RateLimitConfig {
-    windowsMs?: number;
-    max?: number;
-}
-export declare const setAppRateLimit: (app: Express, customConfig?: RateLimitConfig) => void;
-export declare const getRateLimit: (minutes: number, maxAttempts: number, message?: string) => RateLimitRequestHandler;

package/dist/middlewares/rateLimit/rateLimit.js

@@ -1,18 +0,0 @@
-import rateLimit from 'express-rate-limit';
-import { Msg } from '../../internal/messaging/messageTags.js';
-const rateLimitConfig = {
-    windowMs: 60 * 1000,
-    max: 100,
-};
-export const setAppRateLimit = (app, customConfig) => {
-    const config = Object.assign(Object.assign({}, rateLimitConfig), customConfig);
-    const limiter = rateLimit(config);
-    app.use(limiter);
-};
-export const getRateLimit = (minutes, maxAttempts, message) => {
-    return rateLimit({
-        windowMs: minutes * 60 * 1000,
-        max: maxAttempts,
-        message: message || Msg.connection.rateLimitExceededMessage
-    });
-};