npm - rate-limiter-flexible - Versions diffs - 7.1.1 → 7.2.0 - Mend

rate-limiter-flexible 7.1.1 → 7.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +10 -12
package/index.js +2 -0
package/lib/RateLimiterDrizzle.js +170 -0
package/lib/index.d.ts +18 -10
package/package.json +10 -5

package/README.md CHANGED Viewed

@@ -26,12 +26,8 @@ Memory limiter also works in the browser.
 **Friendly.** No matter which node package you prefer: [`valkey-glide`](https://www.npmjs.com/package/@valkey/valkey-glide) or [`iovalkey`](https://www.npmjs.com/package/iovalkey), `redis` or `ioredis`, `sequelize`/`typeorm` or `knex`, `memcached`, native driver or `mongoose`. It works with all of them.
-**Safe for using with valkey cluster.** [`valkey-glide`](https://www.npmjs.com/package/@valkey/valkey-glide) implementation, [RateLimiterValkeyGlide](https://github.com/animir/node-rate-limiter-flexible/wiki/Valkey-Glide), is being tested to ensure compatibility and high performance.
 **In-memory blocks.** Avoid extra requests to store with [inMemoryBlockOnConsumed](https://github.com/animir/node-rate-limiter-flexible/wiki/Options#inmemoryblockonconsumed).
-Allow **traffic bursts** with [BurstyRateLimiter](https://github.com/animir/node-rate-limiter-flexible/wiki/BurstyRateLimiter).
 **Deno compatible** See [this example](https://gist.github.com/animir/d06ca92931677f330d3f2d4c6c3108e4)
 It uses a **fixed window**, as it is much faster than a rolling window.
@@ -123,12 +119,12 @@ Full documentation is on [Wiki](https://github.com/animir/node-rate-limiter-flex
 Some copy/paste examples on Wiki:
 * [Minimal protection against password brute-force](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#minimal-protection-against-password-brute-force)
 * [Login endpoint protection](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#login-endpoint-protection)
+* [Apply Block Strategy](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#apply-in-memory-block-strategy-to-avoid-extra-requests-to-store)
+* [Setup Insurance Strategy](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#setup-insurance-strategy-for-store-limiters)
 * [Websocket connection prevent flooding](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#websocket-single-connection-prevent-flooding)
 * [Dynamic block duration](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#dynamic-block-duration)
 * [Authorized users specific limits](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#authorized-and-not-authorized-users)
 * [Different limits for different parts of application](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#different-limits-for-different-parts-of-application)
-* [Apply Block Strategy](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#apply-in-memory-block-strategy-to-avoid-extra-requests-to-store)
-* [Setup Insurance Strategy](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#setup-insurance-strategy-for-store-limiters)
 * [Third-party API, crawler, bot rate limiting](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#third-party-api-crawler-bot-rate-limiting)
 ### Migration from other packages
@@ -139,19 +135,21 @@ Some copy/paste examples on Wiki:
 * [Options](https://github.com/animir/node-rate-limiter-flexible/wiki/Options)
 * [API methods](https://github.com/animir/node-rate-limiter-flexible/wiki/API-methods)
-* Valkey: [ValkeyGlide](https://github.com/animir/node-rate-limiter-flexible/wiki/Valkey-Glide) or [iovalkey](https://github.com/animir/node-rate-limiter-flexible/wiki/IoValkey)
-* [Redis](https://github.com/animir/node-rate-limiter-flexible/wiki/Redis)
-* [Memory](https://github.com/animir/node-rate-limiter-flexible/wiki/Memory)
+* [Drizzle](https://github.com/animir/node-rate-limiter-flexible/wiki/Drizzle)
 * [DynamoDb](https://github.com/animir/node-rate-limiter-flexible/wiki/DynamoDB)
 * [Etcd](https://github.com/animir/node-rate-limiter-flexible/wiki/Etcd)
-* [Prisma](https://github.com/animir/node-rate-limiter-flexible/wiki/Prisma)
-* [BurstyRateLimiter](https://github.com/animir/node-rate-limiter-flexible/wiki/BurstyRateLimiter) Traffic burst support
+* [Memcached](https://github.com/animir/node-rate-limiter-flexible/wiki/Memcache)
+* [Memory](https://github.com/animir/node-rate-limiter-flexible/wiki/Memory)
 * [Mongo](https://github.com/animir/node-rate-limiter-flexible/wiki/Mongo) (with [sharding support](https://github.com/animir/node-rate-limiter-flexible/wiki/Mongo#mongodb-sharding-options))
 * [MySQL](https://github.com/animir/node-rate-limiter-flexible/wiki/MySQL) (support Sequelize and Knex)
 * [Postgres](https://github.com/animir/node-rate-limiter-flexible/wiki/PostgreSQL) (support Sequelize, TypeORM and Knex)
+* [Prisma](https://github.com/animir/node-rate-limiter-flexible/wiki/Prisma)
+* [Redis](https://github.com/animir/node-rate-limiter-flexible/wiki/Redis)
 * [SQLite](https://github.com/animir/node-rate-limiter-flexible/wiki/SQLite)
+* Valkey: [iovalkey](https://github.com/animir/node-rate-limiter-flexible/wiki/IoValkey) or [ValkeyGlide](https://github.com/animir/node-rate-limiter-flexible/wiki/Valkey-Glide)
 * [RateLimiterCluster](https://github.com/animir/node-rate-limiter-flexible/wiki/Cluster) ([PM2 cluster docs read here](https://github.com/animir/node-rate-limiter-flexible/wiki/PM2-cluster))
-* [Memcached](https://github.com/animir/node-rate-limiter-flexible/wiki/Memcache)
+* [BurstyRateLimiter](https://github.com/animir/node-rate-limiter-flexible/wiki/BurstyRateLimiter) Traffic burst support
 * [RateLimiterUnion](https://github.com/animir/node-rate-limiter-flexible/wiki/RateLimiterUnion) Combine 2 or more limiters to act as single
 * [RLWrapperBlackAndWhite](https://github.com/animir/node-rate-limiter-flexible/wiki/Black-and-White-lists) Black and White lists
 * [RateLimiterQueue](https://github.com/animir/node-rate-limiter-flexible/wiki/RateLimiterQueue) Rate limiter with FIFO queue

package/index.js CHANGED Viewed

@@ -12,6 +12,7 @@ const BurstyRateLimiter = require('./lib/BurstyRateLimiter');
 const RateLimiterRes = require('./lib/RateLimiterRes');
 const RateLimiterDynamo = require('./lib/RateLimiterDynamo');
 const RateLimiterPrisma = require('./lib/RateLimiterPrisma');
+const RateLimiterDrizzle = require('./lib/RateLimiterDrizzle');
 const RateLimiterValkey = require('./lib/RateLimiterValkey');
 const RateLimiterValkeyGlide = require('./lib/RateLimiterValkeyGlide');
 const RateLimiterSQLite = require('./lib/RateLimiterSQLite');
@@ -39,5 +40,6 @@ module.exports = {
   RateLimiterValkeyGlide,
   RateLimiterSQLite,
   RateLimiterEtcd,
+  RateLimiterDrizzle,
   RateLimiterEtcdNonAtomic,
 };

package/lib/RateLimiterDrizzle.js ADDED Viewed

@@ -0,0 +1,170 @@
+let drizzleOperators = null;
+const CLEANUP_INTERVAL_MS = 300000; // 5 minutes
+const EXPIRED_THRESHOLD_MS = 3600000; // 1 hour
+class RateLimiterDrizzleError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = 'RateLimiterDrizzleError';
+  }
+}
+function getDrizzleOperators() {
+  if (drizzleOperators) return drizzleOperators;
+  try {
+    const { and, or, gt, lt, eq, isNull , sql } = require('drizzle-orm');
+    drizzleOperators = { and, or, gt, lt, eq, isNull , sql };
+    return drizzleOperators;
+  } catch (error) {
+    throw new RateLimiterDrizzleError(
+      'drizzle-orm is not installed. Please install drizzle-orm to use RateLimiterDrizzle.'
+    );
+  }
+}
+const RateLimiterStoreAbstract = require('./RateLimiterStoreAbstract');
+const RateLimiterRes = require('./RateLimiterRes');
+class RateLimiterDrizzle extends RateLimiterStoreAbstract {
+  constructor(opts) {
+    super(opts);
+    if (!opts?.schema) {
+      throw new RateLimiterDrizzleError('Drizzle schema is required');
+    }
+    if (!opts?.storeClient) {
+      throw new RateLimiterDrizzleError('Drizzle client is required');
+    }
+    this.schema = opts.schema;
+    this.drizzleClient = opts.storeClient;
+    this.clearExpiredByTimeout = opts.clearExpiredByTimeout ?? true;
+    if (this.clearExpiredByTimeout) {
+      this._clearExpiredHourAgo();
+    }
+  }
+  _getRateLimiterRes(rlKey, changedPoints, result) {
+    const res = new RateLimiterRes();
+    let doc = result;
+    res.isFirstInDuration = doc.points === changedPoints;
+    res.consumedPoints = doc.points;
+    res.remainingPoints = Math.max(this.points - res.consumedPoints, 0);
+    res.msBeforeNext = doc.expire !== null
+      ? Math.max(new Date(doc.expire).getTime() - Date.now(), 0)
+      : -1;
+    return res;
+  }
+  async _upsert(key, points, msDuration, forceExpire = false) {
+    if (!this.drizzleClient) {
+      return Promise.reject(new RateLimiterDrizzleError('Drizzle client is not established'))
+    }
+    const { eq , sql } = getDrizzleOperators();
+    const now = new Date();
+    const newExpire = msDuration > 0 ? new Date(now.getTime() + msDuration) : null;
+    const query = await this.drizzleClient.transaction(async (tx) => {
+      const [existingRecord] = await tx
+        .select()
+        .from(this.schema)
+        .where(eq(this.schema.key, key))
+        .limit(1);
+      const shouldUpdateExpire =
+        forceExpire ||
+        !existingRecord?.expire ||
+        existingRecord?.expire <= now ||
+        newExpire === null;
+      const [data] = await tx
+        .insert(this.schema)
+        .values({
+          key,
+          points,
+          expire: newExpire,
+        })
+        .onConflictDoUpdate({
+          target: this.schema.key,
+          set: {
+            points: !shouldUpdateExpire
+              ? sql`${this.schema.points} + ${points}`
+              : points,
+            ...(shouldUpdateExpire && { expire: newExpire }),
+          },
+        })
+        .returning();
+      return data;
+    })
+    return query
+  }
+  async _get(rlKey) {
+    if (!this.drizzleClient) {
+      return Promise.reject(new RateLimiterDrizzleError('Drizzle client is not established'))
+    }
+    const { and, or, gt, eq, isNull } = getDrizzleOperators();
+    const [response] = await this.drizzleClient
+      .select()
+      .from(this.schema)
+      .where(
+        and(
+          eq(this.schema.key, rlKey),
+          or(gt(this.schema.expire, new Date()), isNull(this.schema.expire))
+        )
+      )
+      .limit(1);
+    return response || null;
+  }
+  async _delete(rlKey) {
+    if (!this.drizzleClient) {
+      return Promise.reject(new RateLimiterDrizzleError('Drizzle client is not established'))
+    }
+    const { eq } = getDrizzleOperators();
+    const [result] = await this.drizzleClient
+      .delete(this.schema)
+      .where(eq(this.schema.key, rlKey))
+      .returning({ key: this.schema.key });
+    return !!result?.key
+  }
+  _clearExpiredHourAgo() {
+    if (this._clearExpiredTimeoutId) {
+      clearTimeout(this._clearExpiredTimeoutId);
+    }
+    const { lt } = getDrizzleOperators();
+    this._clearExpiredTimeoutId = setTimeout(async () => {
+      try {
+        await this.drizzleClient
+          .delete(this.schema)
+          .where(lt(this.schema.expire, new Date(Date.now() - EXPIRED_THRESHOLD_MS)));
+      } catch (error) {
+        console.warn('Failed to clear expired records:', error);
+      }
+      this._clearExpiredHourAgo();
+    }, CLEANUP_INTERVAL_MS);
+    this._clearExpiredTimeoutId.unref();
+  }
+}
+module.exports = RateLimiterDrizzle;

package/lib/index.d.ts CHANGED Viewed

@@ -241,6 +241,10 @@ interface IRateLimiterStoreNoAutoExpiryOptions extends IRateLimiterStoreOptions
     clearExpiredByTimeout?: boolean;
 }
+interface IRateLimiterStoreNoAutoExpiryOptionsAndSchema extends IRateLimiterStoreNoAutoExpiryOptions {
+    schema: any;
+}
 interface IRateLimiterMongoOptions extends IRateLimiterStoreOptions {
     indexKeyPrefix?: {
         [key: string]: any;
@@ -366,6 +370,10 @@ export class RateLimiterPrisma extends RateLimiterStoreAbstract {
   constructor(opts: IRateLimiterStoreNoAutoExpiryOptions, cb?: ICallbackReady);
 }
+export class RateLimiterDrizzle extends RateLimiterStoreAbstract {
+  constructor(opts: IRateLimiterStoreNoAutoExpiryOptionsAndSchema, cb?: ICallbackReady);
+}
 export class RateLimiterMemcache extends RateLimiterStoreAbstract { }
 export class RateLimiterUnion {
@@ -439,7 +447,7 @@ interface IRateLimiterValkeyGlideOptions extends IRateLimiterStoreOptions {
      * - KEYS[1]: The key being rate limited
      * - ARGV[1]: Points to consume (as string, use tonumber() to convert)
      * - ARGV[2]: Duration in seconds (as string, use tonumber() to convert)
-     *
+     *
      * Must return an array with exactly two elements:
      * - [0]: Consumed points (number)
      * - [1]: TTL in milliseconds (number)
@@ -449,7 +457,7 @@ interface IRateLimiterValkeyGlideOptions extends IRateLimiterStoreOptions {
     /**
      * Custom name for the function library, defaults to 'ratelimiter'.
      * The name is used to identify the library of the Lua function.
-     * A custom name should be used only if you want to use different
+     * A custom name should be used only if you want to use different
      * libraries for different rate limiters.
      * @default 'ratelimiter'
      */
@@ -462,9 +470,9 @@ interface IRateLimiterValkeyGlideOptions extends IRateLimiterStoreOptions {
 export class RateLimiterValkeyGlide extends RateLimiterStoreAbstract {
     /**
      * Creates a new instance of RateLimiterValkeyGlide
-     *
+     *
      * @param opts Configuration options
-     *
+     *
      * @example
      * ```typescript
      * // Basic usage
@@ -473,24 +481,24 @@ export class RateLimiterValkeyGlide extends RateLimiterStoreAbstract {
      *   points: 5,
      *   duration: 1
      * });
-     *
+     *
      * // With custom Lua function
      * const customScript = `local key = KEYS[1]
      * local pointsToConsume = tonumber(ARGV[1]) or 0
      * local secDuration = tonumber(ARGV[2]) or 0
-     *
+     *
      * -- Custom implementation
      * -- ...
-     *
+     *
      * -- Must return exactly two values: [consumed_points, ttl_in_ms]
      * return {consumed, ttl}`;
-     *
+     *
      * const rateLimiter = new RateLimiterValkeyGlide({
      *   storeClient: glideClient,
      *   points: 5,
      *   customFunction: customScript
      * });
-     *
+     *
      * // With insurance limiter
      * const rateLimiter = new RateLimiterValkeyGlide({
      *   storeClient: primaryGlideClient,
@@ -508,7 +516,7 @@ export class RateLimiterValkeyGlide extends RateLimiterStoreAbstract {
     /**
      * Close the rate limiter and release resources
      * Note: The method won't close the Valkey client, as it may be shared with other instances.
-     *
+     *
      * @returns Promise that resolves when the rate limiter is closed
      */
     close(): Promise<void>;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "rate-limiter-flexible",
-  "version": "7.1.1",
+  "version": "7.2.0",
   "description": "Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM",
   "main": "index.js",
   "scripts": {
@@ -10,7 +10,8 @@
     "valkey-cluster:down": "docker-compose -f docker-compose.valkey-cluster.yml down -v",
     "test:valkey-cluster": "VALKEY_CLUSTER_PORT=7001 mocha test/RateLimiterValkeyGlide.test.js --  -g 'RateLimiterValkeyGlide with cluster client'",
     "prisma:postgres": "prisma generate --schema=./test/RateLimiterPrisma/Postgres/schema.prisma && prisma db push --schema=./test/RateLimiterPrisma/Postgres/schema.prisma",
-    "test": "npm run prisma:postgres && nyc  --reporter=html --reporter=text mocha",
+    "drizzle:postgres": "cd ./test/RateLimiterDrizzle/Postgres && drizzle-kit push",
+    "test": "npm run prisma:postgres && npm run drizzle:postgres && nyc --reporter=html --reporter=text mocha",
     "debug-test": "mocha --inspect-brk lib/**/**.test.js",
     "coveralls": "cat ./coverage/lcov.info | coveralls",
     "eslint": "eslint --quiet lib/**/**.js test/**/**.js",
@@ -34,6 +35,7 @@
     "mysql",
     "postgres",
     "prisma",
+    "drizzle",
     "koa",
     "express",
     "hapi",
@@ -53,15 +55,18 @@
   "devDependencies": {
     "@aws-sdk/client-dynamodb": "^3.431.0",
     "@prisma/client": "^5.8.0",
+    "@valkey/valkey-glide": "^1.3.1",
     "better-sqlite3": "^11.9.0",
     "chai": "^4.1.2",
     "coveralls": "^3.0.1",
-    "etcd3": "^1.1.2",
+    "drizzle-kit": "^0.31.4",
+    "drizzle-orm": "^0.44.3",
     "eslint": "^4.19.1",
     "eslint-config-airbnb-base": "^12.1.0",
     "eslint-plugin-import": "^2.7.0",
     "eslint-plugin-node": "^6.0.1",
     "eslint-plugin-security": "^1.4.0",
+    "etcd3": "^1.1.2",
     "ioredis": "^5.3.2",
     "iovalkey": "^0.3.1",
     "istanbul": "^1.1.0-alpha.1",
@@ -69,12 +74,12 @@
     "memcached-mock": "^0.1.0",
     "mocha": "^10.2.0",
     "nyc": "^15.1.0",
+    "pg": "^8.16.3",
     "prisma": "^5.8.0",
     "redis": "^4.6.8",
     "redis-mock": "^0.48.0",
     "sinon": "^17.0.1",
-    "sqlite3": "^5.1.7",
-    "@valkey/valkey-glide": "^1.3.1"
+    "sqlite3": "^5.1.7"
   },
   "browser": {
     "cluster": false,