rate-limiter-flexible 5.0.5 → 6.1.0

package/README.md

@@ -3,7 +3,7 @@
 [![node version][node-image]][node-url]
 [![deno version](https://img.shields.io/badge/deno-^1.5.3-lightgrey?logo=deno)](https://github.com/denoland/deno)
 
-[node-image]: https://img.shields.io/badge/node.js-%3E=_16.0-green.svg?style=flat-square
+[node-image]: https://img.shields.io/badge/node.js-%3E=_18.0-green.svg?style=flat-square
 [node-url]: http://nodejs.org/download/
 
 <img src="img/rlflx-logo-small.png" width="50" alt="Logo"/>
@@ -12,7 +12,7 @@
 
 **rate-limiter-flexible** counts and limits the number of actions by key and protects from DDoS and brute force attacks at any scale.
 
-It works with _Redis_, _Prisma_, _DynamoDB_, process _Memory_, _Cluster_ or _PM2_, _Memcached_, _MongoDB_, _MySQL_, and _PostgreSQL_.
+It works with _Redis_, _Valkey_, _Prisma_, _DynamoDB_, process _Memory_, _Cluster_ or _PM2_, _Memcached_, _MongoDB_, _MySQL_, _SQLite_, and _PostgreSQL_.
 
 Memory limiter also works in the browser.
 
@@ -24,7 +24,7 @@ Memory limiter also works in the browser.
 
 **Ready for growth.** It provides a unified API for all limiters. Whenever your application grows, it is ready. Prepare your limiters in minutes.
 
-**Friendly.** No matter which node package you prefer: `redis` or `ioredis`, `sequelize`/`typeorm` or `knex`, `memcached`, native driver or `mongoose`. It works with all of them.
+**Friendly.** No matter which node package you prefer: `redis` or `ioredis`, `iovalkey`, `sequelize`/`typeorm` or `knex`, `memcached`, native driver or `mongoose`. It works with all of them.
 
 **In-memory blocks.** Avoid extra requests to store with [inMemoryBlockOnConsumed](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#inmemoryblockonconsumed).
 
@@ -141,10 +141,12 @@ Some copy/paste examples on Wiki:
 * [Memory](https://github.com/animir/node-rate-limiter-flexible/wiki/Memory)
 * [DynamoDb](https://github.com/animir/node-rate-limiter-flexible/wiki/DynamoDB)
 * [Prisma](https://github.com/animir/node-rate-limiter-flexible/wiki/Prisma)
+* [Valkey](https://github.com/animir/node-rate-limiter-flexible/wiki/Valkey)
 * [BurstyRateLimiter](https://github.com/animir/node-rate-limiter-flexible/wiki/BurstyRateLimiter) Traffic burst support
 * [Mongo](https://github.com/animir/node-rate-limiter-flexible/wiki/Mongo) (with [sharding support](https://github.com/animir/node-rate-limiter-flexible/wiki/Mongo#mongodb-sharding-options))
 * [MySQL](https://github.com/animir/node-rate-limiter-flexible/wiki/MySQL) (support Sequelize and Knex)
 * [Postgres](https://github.com/animir/node-rate-limiter-flexible/wiki/PostgreSQL) (support Sequelize, TypeORM and Knex)
+* [SQLite](https://github.com/animir/node-rate-limiter-flexible/wiki/SQLite)
 * [RateLimiterCluster](https://github.com/animir/node-rate-limiter-flexible/wiki/Cluster) ([PM2 cluster docs read here](https://github.com/animir/node-rate-limiter-flexible/wiki/PM2-cluster))
 * [Memcache](https://github.com/animir/node-rate-limiter-flexible/wiki/Memcache)
 * [RateLimiterUnion](https://github.com/animir/node-rate-limiter-flexible/wiki/RateLimiterUnion) Combine 2 or more limiters to act as single
@@ -186,8 +188,8 @@ See [releases](https://github.com/animir/node-rate-limiter-flexible/releases) fo
 * [storeType](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#storetype) Have to be set to `knex`, if you use it.
 * [dbName](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#dbname) Where to store points.
 * [tableName](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#tablename) Table/collection.
-* [tableCreated](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#tablecreated) Is table already created in MySQL or PostgreSQL.
-* [clearExpiredByTimeout](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#clearexpiredbytimeout) For MySQL and PostgreSQL.
+* [tableCreated](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#tablecreated) Is table already created in MySQL, SQLite or PostgreSQL.
+* [clearExpiredByTimeout](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#clearexpiredbytimeout) For MySQL, SQLite and PostgreSQL.
 
 Smooth out traffic peaks:
 * [execEvenly](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#execevenly)

package/index.js

@@ -12,6 +12,8 @@ const BurstyRateLimiter = require('./lib/BurstyRateLimiter');
 const RateLimiterRes = require('./lib/RateLimiterRes');
 const RateLimiterDynamo = require('./lib/RateLimiterDynamo');
 const RateLimiterPrisma = require('./lib/RateLimiterPrisma');
+const RateLimiterValkey = require('./lib/RateLimiterValkey');
+const RateLimiterSQLite = require('./lib/RateLimiterSQLite');
 
 module.exports = {
   RateLimiterRedis,
@@ -30,4 +32,6 @@ module.exports = {
   RateLimiterRes,
   RateLimiterDynamo,
   RateLimiterPrisma,
+  RateLimiterValkey,
+  RateLimiterSQLite,
 };

package/lib/RateLimiterSQLite.js

@@ -0,0 +1,207 @@
+const RateLimiterStoreAbstract = require("./RateLimiterStoreAbstract");
+const RateLimiterRes = require("./RateLimiterRes");
+
+class RateLimiterSQLite extends RateLimiterStoreAbstract {
+  /**
+   * @callback callback
+   * @param {Object} err
+   *
+   * @param {Object} opts
+   * @param {callback} cb
+   * Defaults {
+   *   ... see other in RateLimiterStoreAbstract
+   *
+   *   storeClient: sqliteClient, // SQLite database instance
+   *   tableName: 'string',
+   * }
+   */
+  constructor(opts, cb = null) {
+    super(opts);
+
+    this.client = opts.storeClient;
+    this.tableName = opts.tableName;
+    this.tableCreated = opts.tableCreated || false;
+    this.clearExpiredByTimeout = opts.clearExpiredByTimeout;
+
+    if (!/^[A-Za-z0-9_]*$/.test(this.tableName)) {
+      const err = new Error("Table name must contain only letters and numbers");
+      if (typeof cb === "function") {
+        return cb(err);
+      }
+      throw err;
+    }
+
+    if (!this.tableCreated) {
+      this._createDbAndTable()
+        .then(() => {
+          this.tableCreated = true;
+
+          if (this.clearExpiredByTimeout) {
+            this._clearExpiredHourAgo();
+          }
+          if (typeof cb === "function") {
+            cb();
+          }
+        })
+        .catch((err) => {
+          if (typeof cb === "function") {
+            cb(err);
+          } else {
+            throw err;
+          }
+        });
+    } else {
+      if (this.clearExpiredByTimeout) {
+        this._clearExpiredHourAgo();
+      }
+      if (typeof cb === "function") {
+        cb();
+      }
+    }
+  }
+  async _createDbAndTable() {
+    return new Promise((resolve, reject) => {
+      const createTableSQL = this._getCreateTableSQL();
+      this.client.run(createTableSQL, (err) => {
+        if (err) {
+          reject(err);
+        } else {
+          resolve();
+        }
+      });
+    });
+  }
+
+  _getCreateTableSQL() {
+    return `CREATE TABLE IF NOT EXISTS ${this.tableName} (
+      key TEXT PRIMARY KEY,
+      points INTEGER NOT NULL DEFAULT 0,
+      expire INTEGER
+    )`;
+  }
+
+  _clearExpiredHourAgo() {
+    if (this._clearExpiredTimeoutId) {
+      clearTimeout(this._clearExpiredTimeoutId);
+    }
+    this._clearExpiredTimeoutId = setTimeout(() => {
+      this.clearExpired(Date.now() - 3600000) // Never rejected
+        .then(() => {
+          this._clearExpiredHourAgo();
+        });
+    }, 300000);
+    this._clearExpiredTimeoutId.unref();
+  }
+
+  clearExpired(nowMs) {
+    return new Promise((resolve) => {
+      this.client.run(
+        `DELETE FROM ${this.tableName} WHERE expire < ?`,
+        [nowMs],
+        () => resolve()
+      );
+    });
+  }
+
+  _getRateLimiterRes(rlKey, changedPoints, result) {
+    const res = new RateLimiterRes();
+    res.isFirstInDuration = changedPoints === result.points;
+    res.consumedPoints = res.isFirstInDuration ? changedPoints : result.points;
+    res.remainingPoints = Math.max(this.points - res.consumedPoints, 0);
+    res.msBeforeNext = result.expire
+      ? Math.max(result.expire - Date.now(), 0)
+      : -1;
+
+    return res;
+  }
+
+  async _upsertTransaction(rlKey, points, msDuration, forceExpire) {
+    return new Promise((resolve, reject) => {
+      const dateNow = Date.now();
+      const newExpire = msDuration > 0 ? dateNow + msDuration : null;
+
+      const upsertQuery = forceExpire
+        ? `INSERT OR REPLACE INTO ${this.tableName} (key, points, expire) VALUES (?, ?, ?) RETURNING points, expire;`
+        : `
+          INSERT INTO ${this.tableName} (key, points, expire)
+          VALUES (?, ?, ?)
+          ON CONFLICT(key) DO UPDATE SET
+            points = CASE
+              WHEN expire IS NULL OR expire > ? THEN points + excluded.points
+              ELSE excluded.points
+            END,
+            expire = CASE
+              WHEN expire IS NULL OR expire > ? THEN expire
+              ELSE excluded.expire
+            END
+          RETURNING points, expire;
+        `;
+
+      const upsertParams = forceExpire
+        ? [rlKey, points, newExpire]
+        : [rlKey, points, newExpire, dateNow, dateNow];
+
+      this.client.serialize(() => {
+        this.client.run("SAVEPOINT rate_limiter_trx;", (savepointErr) => {
+          if (savepointErr) return reject(savepointErr);
+
+          this.client.get(upsertQuery, upsertParams, (queryErr, row) => {
+            if (queryErr) {
+              return this.client.run(
+                "ROLLBACK TO SAVEPOINT rate_limiter_trx;",
+                () => reject(queryErr)
+              );
+            }
+
+            this.client.run("RELEASE SAVEPOINT rate_limiter_trx;", () =>
+              resolve(row)
+            );
+          });
+        });
+      });
+    });
+  }
+  _upsert(rlKey, points, msDuration, forceExpire = false) {
+    if (!this.tableCreated) {
+      return Promise.reject(Error("Table is not created yet"));
+    }
+    return this._upsertTransaction(rlKey, points, msDuration, forceExpire);
+  }
+  _get(rlKey) {
+    return new Promise((resolve, reject) => {
+      this.client.get(
+        `SELECT points, expire FROM ${this.tableName} WHERE key = ? AND (expire > ? OR expire IS NULL)`,
+        [rlKey, Date.now()],
+        (err, row) => {
+          if (err) {
+            reject(err);
+          } else {
+            resolve(row || null);
+          }
+        }
+      );
+    });
+  }
+
+  _delete(rlKey) {
+    if (!this.tableCreated) {
+      return Promise.reject(Error("Table is not created yet"));
+    }
+
+    return new Promise((resolve, reject) => {
+      this.client.run(
+        `DELETE FROM ${this.tableName} WHERE key = ?`,
+        [rlKey],
+        function (err) {
+          if (err) {
+            reject(err);
+          } else {
+            resolve(this.changes > 0);
+          }
+        }
+      );
+    });
+  }
+}
+
+module.exports = RateLimiterSQLite;

package/lib/RateLimiterValkey.js

@@ -0,0 +1,117 @@
+const RateLimiterStoreAbstract = require('./RateLimiterStoreAbstract');
+const RateLimiterRes = require('./RateLimiterRes');
+
+const incrTtlLuaScript = `
+server.call('set', KEYS[1], 0, 'EX', ARGV[2], 'NX')
+local consumed = server.call('incrby', KEYS[1], ARGV[1])
+local ttl = server.call('pttl', KEYS[1])
+return {consumed, ttl}
+`;
+
+class RateLimiterValkey extends RateLimiterStoreAbstract {
+  /**
+   *
+   * @param {Object} opts
+   * Defaults {
+   *   ... see other in RateLimiterStoreAbstract
+   *
+   *   storeClient: ValkeyClient
+   *   rejectIfValkeyNotReady: boolean = false - reject / invoke insuranceLimiter immediately when valkey connection is not "ready"
+   * }
+   */
+  constructor(opts) {
+    super(opts);
+    this.client = opts.storeClient;
+
+    this._rejectIfValkeyNotReady = !!opts.rejectIfValkeyNotReady;
+    this._incrTtlLuaScript = opts.customIncrTtlLuaScript || incrTtlLuaScript;
+
+    this.client.defineCommand('rlflxIncr', {
+      numberOfKeys: 1,
+      lua: this._incrTtlLuaScript,
+    });
+  }
+
+  /**
+   * Prevent actual valkey call if valkey connection is not ready
+   * @return {boolean}
+   * @private
+   */
+  _isValkeyReady() {
+    if (!this._rejectIfValkeyNotReady) {
+      return true;
+    }
+
+    return this.client.status === 'ready';
+  }
+
+  _getRateLimiterRes(rlKey, changedPoints, result) {
+    let consumed;
+    let resTtlMs;
+
+    if (Array.isArray(result[0])) {
+      [[, consumed], [, resTtlMs]] = result;
+    } else {
+      [consumed, resTtlMs] = result;
+    }
+
+    const res = new RateLimiterRes();
+    res.consumedPoints = +consumed;
+    res.isFirstInDuration = res.consumedPoints === changedPoints;
+    res.remainingPoints = Math.max(this.points - res.consumedPoints, 0);
+    res.msBeforeNext = resTtlMs;
+
+    return res;
+  }
+
+  _upsert(rlKey, points, msDuration, forceExpire = false) {
+    if (!this._isValkeyReady()) {
+      throw new Error('Valkey connection is not ready');
+    }
+
+    const secDuration = Math.floor(msDuration / 1000);
+
+    if (forceExpire) {
+      const multi = this.client.multi();
+
+      if (secDuration > 0) {
+        multi.set(rlKey, points, 'EX', secDuration);
+      } else {
+        multi.set(rlKey, points);
+      }
+
+      return multi.pttl(rlKey).exec();
+    }
+
+    if (secDuration > 0) {
+      return this.client.rlflxIncr([rlKey, String(points), String(secDuration), String(this.points), String(this.duration)]);
+    }
+
+    return this.client.multi().incrby(rlKey, points).pttl(rlKey).exec();
+  }
+
+  _get(rlKey) {
+    if (!this._isValkeyReady()) {
+      throw new Error('Valkey connection is not ready');
+    }
+
+    return this.client
+      .multi()
+      .get(rlKey)
+      .pttl(rlKey)
+      .exec()
+      .then((result) => {
+        const [[, points]] = result;
+        if (points === null) return null;
+        return result;
+      });
+  }
+
+  _delete(rlKey) {
+    return this.client
+      .del(rlKey)
+      .then(result => result > 0);
+  }
+}
+
+module.exports = RateLimiterValkey;

package/lib/constants.js

@@ -8,6 +8,7 @@ const LIMITER_TYPES = {
   POSTGRES: 'postgres',
   DYNAMO: 'dynamo',
   PRISMA: 'prisma',
+  SQLITE: 'sqlite',
 };
 
 const ERR_UNKNOWN_LIMITER_TYPE_MESSAGE = 'Unknown limiter type. Use one of LIMITER_TYPES constants.';

package/lib/index.d.ts

@@ -258,6 +258,10 @@ interface IRateLimiterRedisOptions extends IRateLimiterStoreOptions {
     customIncrTtlLuaScript?: string;
 }
 
+interface IRateLimiterValkeyOptions extends IRateLimiterStoreOptions {
+  customIncrTtlLuaScript?: string;
+}
+
 interface ICallbackReady {
     (error?: Error): void;
 }
@@ -291,6 +295,10 @@ export class RateLimiterRedis extends RateLimiterStoreAbstract {
     constructor(opts: IRateLimiterRedisOptions);
 }
 
+export class RateLimiterValkey extends RateLimiterStoreAbstract {
+  constructor(opts: IRateLimiterValkeyOptions);
+}
+
 export interface IRateLimiterMongoFunctionOptions {
     attrs: { [key: string]: any };
 }
@@ -350,6 +358,10 @@ export class RateLimiterPostgres extends RateLimiterStoreAbstract {
     constructor(opts: IRateLimiterPostgresOptions, cb?: ICallbackReady);
 }
 
+export class RateLimiterSQLite extends RateLimiterStoreAbstract {
+  constructor(opts: IRateLimiterStoreNoAutoExpiryOptions, cb?: ICallbackReady);
+}
+
 export class RateLimiterPrisma extends RateLimiterStoreAbstract {
   constructor(opts: IRateLimiterStoreNoAutoExpiryOptions, cb?: ICallbackReady);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rate-limiter-flexible",
-  "version": "5.0.5",
+  "version": "6.1.0",
   "description": "Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM",
   "main": "index.js",
   "scripts": {
@@ -53,6 +53,7 @@
     "eslint-plugin-node": "^6.0.1",
     "eslint-plugin-security": "^1.4.0",
     "ioredis": "^5.3.2",
+    "iovalkey": "^0.3.1",
     "istanbul": "^1.1.0-alpha.1",
     "memcached-mock": "^0.1.0",
     "mocha": "^10.2.0",
@@ -60,7 +61,8 @@
     "prisma": "^5.8.0",
     "redis": "^4.6.8",
     "redis-mock": "^0.48.0",
-    "sinon": "^17.0.1"
+    "sinon": "^17.0.1",
+    "sqlite3": "^5.1.7"
   },
   "browser": {
     "cluster": false,