mielk-api 1.4.0 → 1.5.0

package/dist/http/httpResponseStatus/HttpResponseStatus.d.ts

@@ -2,11 +2,14 @@ import { HttpStatus } from "../types/HttpStatus.js";
 export declare const HttpResponseStatus: {
     OK: HttpStatus;
     CREATED: HttpStatus;
+    ACCEPTED: HttpStatus;
+    NO_CONTENT: HttpStatus;
     BAD_REQUEST: HttpStatus;
     UNAUTHORIZED: HttpStatus;
     FORBIDDEN: HttpStatus;
     NOT_FOUND: HttpStatus;
     CONFLICT: HttpStatus;
+    LOCKED: HttpStatus;
     TOO_MANY_REQUESTS: HttpStatus;
     SERVER_ERROR: HttpStatus;
 };

package/dist/http/httpResponseStatus/HttpResponseStatus.js

@@ -4,11 +4,14 @@ const msg = Msg.apiStatus;
 export const HttpResponseStatus = {
     OK: createApiStatus(true, 200, msg.ok),
     CREATED: createApiStatus(true, 201, msg.created),
+    ACCEPTED: createApiStatus(true, 202, msg.created),
+    NO_CONTENT: createApiStatus(true, 204, msg.noContent),
     BAD_REQUEST: createApiStatus(false, 400, msg.badRequest),
     UNAUTHORIZED: createApiStatus(false, 401, msg.unauthorized),
     FORBIDDEN: createApiStatus(false, 403, msg.forbidden),
     NOT_FOUND: createApiStatus(false, 404, msg.notFound),
     CONFLICT: createApiStatus(false, 409, msg.conflict),
+    LOCKED: createApiStatus(false, 423, msg.locked),
     TOO_MANY_REQUESTS: createApiStatus(false, 429, msg.tooManyRequests),
     SERVER_ERROR: createApiStatus(false, 500, msg.serverError),
 };

package/dist/internal/messaging/messageTags.d.ts

@@ -2,11 +2,14 @@ export declare const Msg: {
     apiStatus: {
         ok: string;
         created: string;
+        accepted: string;
+        noContent: string;
         badRequest: string;
         unauthorized: string;
         forbidden: string;
         notFound: string;
         conflict: string;
+        locked: string;
         tooManyRequests: string;
         serverError: string;
     };

package/dist/internal/messaging/messageTags.js

@@ -5,11 +5,14 @@ export const Msg = {
     apiStatus: {
         ok: `${___HTTP_STATUS___}:ok`,
         created: `${___HTTP_STATUS___}:created`,
+        accepted: `${___HTTP_STATUS___}:accepted`,
+        noContent: `${___HTTP_STATUS___}:noContent`,
         badRequest: `${___HTTP_STATUS___}:badRequest`,
         unauthorized: `${___HTTP_STATUS___}:unauthorized`,
         forbidden: `${___HTTP_STATUS___}:forbidden`,
         notFound: `${___HTTP_STATUS___}:notFound`,
         conflict: `${___HTTP_STATUS___}:conflict`,
+        locked: `${___HTTP_STATUS___}:locked`, // Account is temporarily locked. Try again later or reset your password. OR Your account has been temporarily locked due to multiple failed login attempts. Please reset your password to regain access.
         tooManyRequests: `${___HTTP_STATUS___}:tooManyRequests`,
         serverError: `${___HTTP_STATUS___}:serverError`,
     },

package/dist/middlewares/index.d.ts

@@ -3,6 +3,12 @@ import { privateCors } from './cors/privateCors.js';
 import { publicCors } from './cors/publicCors.js';
 import { apiKeyAuthorization } from './requestAuth/auth.middleware.js';
 import { validateQueryParams, validateBodyJson } from './zod/validate.js';
+import { createRedisLocker, setRedisLock, removeRedisLock, checkIfLockedInRedis } from './redisLocks/redisLocker.js';
+import { RedisLockerConfigFactory } from './redisLocks/redisLockerConfigFactory.js';
+import { RedisLocker, RedisLockerConfig, RedisLockerConfigParams } from './redisLocks/types.js';
 export { CorsConfig, initCors, privateCors, publicCors };
 export { apiKeyAuthorization };
 export { validateQueryParams, validateBodyJson };
+export { createRedisLocker, setRedisLock, removeRedisLock as removeLock, checkIfLockedInRedis as isLocked };
+export { RedisLockerConfigFactory };
+export { RedisLocker, RedisLockerConfig, RedisLockerConfigParams };

package/dist/middlewares/index.js

@@ -3,6 +3,10 @@ import { privateCors } from './cors/privateCors.js';
 import { publicCors } from './cors/publicCors.js';
 import { apiKeyAuthorization } from './requestAuth/auth.middleware.js';
 import { validateQueryParams, validateBodyJson } from './zod/validate.js';
+import { createRedisLocker, setRedisLock, removeRedisLock, checkIfLockedInRedis } from './redisLocks/redisLocker.js';
+import { RedisLockerConfigFactory } from './redisLocks/redisLockerConfigFactory.js';
 export { initCors, privateCors, publicCors };
 export { apiKeyAuthorization };
 export { validateQueryParams, validateBodyJson };
+export { createRedisLocker, setRedisLock, removeRedisLock as removeLock, checkIfLockedInRedis as isLocked };
+export { RedisLockerConfigFactory };

package/dist/middlewares/redisLocks/redisLocker.d.ts

@@ -0,0 +1,7 @@
+import { RedisLocker, RedisLockerConfig } from "./types.js";
+import { Request } from "express";
+export declare const createRedisLocker: (config: RedisLockerConfig) => RedisLocker;
+export declare const generateRedisLockKey: (config: RedisLockerConfig, req: Request) => string;
+export declare const setRedisLock: (key: string, ttlSeconds: number) => Promise<void>;
+export declare const removeRedisLock: (key: string) => Promise<void>;
+export declare const checkIfLockedInRedis: (key: string) => Promise<boolean>;

package/dist/middlewares/redisLocks/redisLocker.js

@@ -0,0 +1,46 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { getRedisClient } from "mielk-fn/redis";
+import { failure, HttpResponseStatus } from "../../http/index.js";
+import { Msg } from "../../internal/messaging/messageTags.js";
+export const createRedisLocker = (config) => {
+    return (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
+        const { message } = config;
+        const key = generateRedisLockKey(config, req);
+        const isLocked = yield checkIfLockedInRedis(key);
+        if (isLocked) {
+            return failure(res, HttpResponseStatus.LOCKED, message || Msg.apiStatus.locked);
+        }
+        return next();
+    });
+};
+export const generateRedisLockKey = (config, req) => {
+    const { keyPrefix, keySuffixes } = config;
+    return `${keyPrefix}:${keySuffixes(req).join(':')}`;
+};
+export const setRedisLock = (key, ttlSeconds) => __awaiter(void 0, void 0, void 0, function* () {
+    const redisClient = yield getRedisClient();
+    yield redisClient.set(key, JSON.stringify({ locked: true }), {
+        expiration: {
+            type: 'EX',
+            value: ttlSeconds
+        }
+    });
+    console.log('RL key:', key, ttlSeconds);
+});
+export const removeRedisLock = (key) => __awaiter(void 0, void 0, void 0, function* () {
+    const redisClient = yield getRedisClient();
+    yield redisClient.del(key);
+});
+export const checkIfLockedInRedis = (key) => __awaiter(void 0, void 0, void 0, function* () {
+    const redisClient = yield getRedisClient();
+    const value = yield redisClient.get(key);
+    return value !== null;
+});

package/dist/middlewares/redisLocks/redisLockerConfigFactory.d.ts

@@ -0,0 +1,4 @@
+import { RedisLockerConfig, RedisLockerConfigParams } from "./types.js";
+export declare const RedisLockerConfigFactory: {
+    mail: (params?: RedisLockerConfigParams) => RedisLockerConfig;
+};

package/dist/middlewares/redisLocks/redisLockerConfigFactory.js

@@ -0,0 +1,17 @@
+import { RedisKeyFactory } from "../../rateLimit/redisKeysFactory.js";
+import { Msg } from "../../internal/messaging/messageTags.js";
+const defaultRedisLockerConfig = {
+    keyPrefix: RedisKeyFactory.prefixes.lockEmail,
+    keySuffixes: RedisKeyFactory.suffixes.mail,
+    ttlSeconds: 3 * 60,
+    message: Msg.apiStatus.locked,
+};
+const createRedisLockerConfig = (params) => {
+    return Object.assign(Object.assign({}, defaultRedisLockerConfig), params);
+};
+const mail = (params) => {
+    return createRedisLockerConfig(Object.assign({}, (params || {})));
+};
+export const RedisLockerConfigFactory = {
+    mail,
+};

package/dist/middlewares/redisLocks/types.d.ts

@@ -0,0 +1,14 @@
+import { NextFunction, Request, Response } from "express";
+export type RedisLocker = (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;
+export interface RedisLockerConfigParams {
+    keyPrefix?: string;
+    keySuffixes?: (req: Request) => string[];
+    ttlSeconds?: number;
+    message?: string;
+}
+export interface RedisLockerConfig {
+    keyPrefix: string;
+    keySuffixes: (req: Request) => string[];
+    ttlSeconds: number;
+    message: string;
+}

package/dist/middlewares/redisLocks/types.js

@@ -0,0 +1 @@
+export {};

package/dist/rateLimit/checkRateLimit.js

@@ -8,8 +8,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 import { getRedisClient } from 'mielk-fn/redis';
+import { setRedisLock } from '../middlewares/redisLocks/redisLocker.js';
 export const checkRateLimit = (rateLimit) => __awaiter(void 0, void 0, void 0, function* () {
-    const { key, limit, windowSec } = rateLimit;
+    const { key, limit, windowSec, redisLock } = rateLimit;
     const client = yield getRedisClient();
     const currentCounter = yield client.incr(key);
     if (currentCounter === 1) {
@@ -17,6 +18,12 @@ export const checkRateLimit = (rateLimit) => __awaiter(void 0, void 0, void 0, f
     }
     const ttl = yield client.ttl(key);
     const allowed = currentCounter <= limit;
+    if (!allowed && redisLock) {
+        const { key, ttlSeconds } = redisLock;
+        console.log(`Setting Redis lock for ${key} | ${ttlSeconds} seconds`);
+        setRedisLock(key, ttlSeconds);
+    }
+    console.log('RL key:', key, 'current:', currentCounter, 'ttl:', ttl);
     return {
         currentCounter,
         limit,

package/dist/rateLimit/createRateLimiter.d.ts

@@ -1,4 +1,4 @@
 import { Request, Response, NextFunction } from 'express';
-import { RateLimitConfig } from './types.js';
-export declare const createGlobalRateLimiter: (config?: RateLimitConfig) => (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;
+import { RateLimitConfig, RateLimitConfigParams } from './types.js';
+export declare const createGlobalRateLimiter: (config?: RateLimitConfigParams) => (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;
 export declare const createRateLimiter: (config: RateLimitConfig) => (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;

package/dist/rateLimit/createRateLimiter.js

@@ -11,8 +11,9 @@ import { checkRateLimit } from './checkRateLimit.js';
 import { failure, HttpResponseStatus } from '../http/index.js';
 import { Msg } from '../internal/messaging/messageTags.js';
 import { RateLimitConfigFactory } from './rateLimitConfigFactory.js';
+import { generateRedisLockKey } from '../middlewares/redisLocks/redisLocker.js';
 export const createGlobalRateLimiter = (config) => {
-    return createRateLimiter(config || RateLimitConfigFactory.globalIp);
+    return createRateLimiter(RateLimitConfigFactory.globalIp(config));
 };
 export const createRateLimiter = (config) => {
     return (req, res, next) => __awaiter(void 0, void 0, void 0, function* () {
@@ -22,6 +23,8 @@ export const createRateLimiter = (config) => {
         res.setHeader('X-RateLimit-Limit', limit);
         res.setHeader('X-RateLimit-Remaining', Math.max(0, limit - currentCounter));
         res.setHeader('X-RateLimit-Reset', ttl);
+        console.log('IP:', req.ip);
+        console.log('Forwarded:', req.headers['x-forwarded-for']);
         if (!allowed) {
             return failure(res, HttpResponseStatus.TOO_MANY_REQUESTS, message || Msg.apiStatus.tooManyRequests);
         }
@@ -29,9 +32,16 @@ export const createRateLimiter = (config) => {
     });
 };
 const createRateLimitFromConfig = (config, req) => {
-    const { limit, windowSec, message } = config;
+    const { limit, windowSec, message, redisLockerConfig } = config;
     const key = generateKeyFromConfig(config, req);
-    return { key, limit, windowSec, message };
+    const rateLimit = { key, limit, windowSec, message };
+    if (redisLockerConfig) {
+        const { ttlSeconds } = redisLockerConfig;
+        const key = generateRedisLockKey(redisLockerConfig, req);
+        const redisLock = { key, ttlSeconds };
+        rateLimit.redisLock = redisLock;
+    }
+    return rateLimit;
 };
 const generateKeyFromConfig = (config, req) => {
     const { keyPrefix, keySuffixes } = config;

package/dist/rateLimit/index.d.ts

@@ -2,6 +2,7 @@ import { checkRateLimit } from './checkRateLimit.js';
 import { createRateLimiter } from './createRateLimiter.js';
 import { RateLimitConfigFactory } from './rateLimitConfigFactory.js';
 import { RedisKeyFactory } from './redisKeysFactory.js';
-import { RateLimitConfig, RateLimit, RateLimitCheck } from './types.js';
+import { type RateLimiter, RateLimitConfig, RateLimit, RateLimitCheck } from './types.js';
 export { checkRateLimit, createRateLimiter, RateLimitConfigFactory, RedisKeyFactory };
 export { RateLimitConfig, RateLimit, RateLimitCheck };
+export type { RateLimiter };

package/dist/rateLimit/rateLimitConfigFactory.d.ts

@@ -1,7 +1,7 @@
-import { RateLimitConfig } from "./types.js";
+import { RateLimitConfig, RateLimitConfigParams } from "./types.js";
 export declare const RateLimitConfigFactory: {
-    globalIp: RateLimitConfig;
-    loginIp: RateLimitConfig;
-    loginIpMail: RateLimitConfig;
-    loginMail: RateLimitConfig;
+    globalIp: (params?: RateLimitConfigParams) => RateLimitConfig;
+    loginIp: (params?: RateLimitConfigParams) => RateLimitConfig;
+    loginIpMail: (params?: RateLimitConfigParams) => RateLimitConfig;
+    loginMail: (params?: RateLimitConfigParams) => RateLimitConfig;
 };

package/dist/rateLimit/rateLimitConfigFactory.js

@@ -1,5 +1,6 @@
 import { RedisKeyFactory } from "./redisKeysFactory.js";
 import { Msg } from "../internal/messaging/messageTags.js";
+import { RedisLockerConfigFactory } from "../middlewares/index.js";
 const defaultRateLimitConfig = {
     keyPrefix: RedisKeyFactory.prefixes.login,
     keySuffixes: RedisKeyFactory.suffixes.ip,
@@ -10,18 +11,18 @@ const defaultRateLimitConfig = {
 const createRateLimitConfig = (params) => {
     return Object.assign(Object.assign({}, defaultRateLimitConfig), params);
 };
-const globalIp = createRateLimitConfig({
-    keyPrefix: RedisKeyFactory.prefixes.global,
-    windowSec: 60,
-    limit: 100,
-});
-const loginIp = defaultRateLimitConfig;
-const loginIpMail = createRateLimitConfig({
-    keySuffixes: RedisKeyFactory.suffixes.ipMail,
-});
-const loginMail = createRateLimitConfig({
-    keySuffixes: RedisKeyFactory.suffixes.mail,
-});
+const globalIp = (params) => {
+    return createRateLimitConfig(Object.assign({ keyPrefix: RedisKeyFactory.prefixes.global, windowSec: 60, limit: 2 }, (params || {})));
+};
+const loginIp = (params) => {
+    return createRateLimitConfig(Object.assign({}, (params || {})));
+};
+const loginIpMail = (params) => {
+    return createRateLimitConfig(Object.assign({ keySuffixes: RedisKeyFactory.suffixes.ipMail }, (params || {})));
+};
+const loginMail = (params) => {
+    return createRateLimitConfig(Object.assign({ keySuffixes: RedisKeyFactory.suffixes.mail, redisLockerConfig: RedisLockerConfigFactory.mail() }, (params || {})));
+};
 export const RateLimitConfigFactory = {
     globalIp,
     loginIp,

package/dist/rateLimit/redisKeysFactory.d.ts

@@ -3,6 +3,7 @@ export declare const RedisKeyFactory: {
     prefixes: {
         readonly global: "global";
         readonly login: "login";
+        readonly lockEmail: "lock:email";
         readonly refresh: "refresh";
     };
     suffixes: {

package/dist/rateLimit/redisKeysFactory.js

@@ -1,7 +1,8 @@
 const prefixes = {
     global: 'global',
     login: 'login',
-    refresh: 'refresh'
+    lockEmail: 'lock:email',
+    refresh: 'refresh',
 };
 const getIpSuffixCallback = (req) => {
     const ip = req.ip || 'undefined';
@@ -9,12 +10,12 @@ const getIpSuffixCallback = (req) => {
 };
 const getEmailSuffixCallback = (req) => {
     var _a;
-    const email = ((_a = req.body) === null || _a === void 0 ? void 0 : _a.email) || 'unknown';
+    const email = (((_a = req.body) === null || _a === void 0 ? void 0 : _a.email) || 'unknown').toLowerCase();
     return [email];
 };
 const getIpEmailSuffixCallback = (req) => {
     var _a;
-    const email = ((_a = req.body) === null || _a === void 0 ? void 0 : _a.email) || 'unknown';
+    const email = (((_a = req.body) === null || _a === void 0 ? void 0 : _a.email) || 'unknown').toLowerCase();
     const ip = req.ip || 'unknown';
     return [ip, email];
 };

package/dist/rateLimit/types.d.ts

@@ -1,16 +1,31 @@
-import { Request } from "express";
+import { NextFunction, Request, Response } from "express";
+import { RedisLockerConfig } from "../middlewares/index.js";
+export type RateLimiter = (req: Request, res: Response, next: NextFunction) => Promise<void | Response<Record<string, any>, Record<string, any>>>;
+export type RateLimitConfigParams = {
+    keyPrefix?: string;
+    keySuffixes?: (req: Request) => string[];
+    windowSec?: number;
+    limit?: number;
+    message?: string;
+    redisLockerConfig?: RedisLockerConfig | null;
+};
 export interface RateLimitConfig {
     keyPrefix: string;
     keySuffixes: (req: Request) => string[];
     limit: number;
     windowSec: number;
     message?: string;
+    redisLockerConfig?: RedisLockerConfig | null;
 }
 export interface RateLimit {
     key: string;
     limit: number;
     windowSec: number;
     message?: string;
+    redisLock?: {
+        key: string;
+        ttlSeconds: number;
+    };
 }
 export interface RateLimitCheck {
     currentCounter: number;

package/dist/routing/express.d.ts

@@ -2,8 +2,8 @@ import { PostgreDbConfig } from '../db/pg/index.js';
 import { MsSqlDbConfig } from '../db/mssql/index.js';
 import { CorsConfig } from '../middlewares/index.js';
 import { DbProvider } from './DbProvider.js';
-import { RateLimitConfig } from '../rateLimit/types.js';
+import { RateLimitConfigParams } from '../rateLimit/types.js';
 export type DbConfig = PostgreDbConfig | MsSqlDbConfig;
-export declare const createExpressApp: (isProd: boolean, dbConfig: DbConfig, corsConfig: CorsConfig, rateLimitConfig?: RateLimitConfig) => Promise<import("express-serve-static-core").Express>;
+export declare const createExpressApp: (isProd: boolean, dbConfig: DbConfig, corsConfig: CorsConfig, rateLimitConfig?: RateLimitConfigParams) => Promise<import("express-serve-static-core").Express>;
 export declare const isProd: () => boolean;
 export declare const getDbProvider: () => DbProvider;

package/dist/routing/express.js

@@ -31,6 +31,8 @@ export const createExpressApp = (isProd, dbConfig, corsConfig, rateLimitConfig)
     initCors(corsConfig);
     app.use(createGlobalRateLimiter(rateLimitConfig));
     app.use(express.json());
+    if (isProd)
+        app.set('trust proxy', 1);
     return app;
 });
 export const isProd = () => env.isProd;

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "mielk-api",
-	"version": "1.4.0",
+	"version": "1.5.0",
 	"keywords": [],
 	"author": "mielk",
 	"description": "Wrapper for API operations",