rate-limiter-flexible 8.0.1 → 8.2.0

package/README.md

@@ -10,7 +10,7 @@
 
 ## node-rate-limiter-flexible
 
-**rate-limiter-flexible** counts and limits the number of actions by key and protects from DDoS and brute force attacks at any scale.
+**rate-limiter-flexible** counts and limits the number of actions by key and protects from DoS and brute force attacks at any scale.
 
 It works with _Valkey_, _Redis_, _Prisma_, _DynamoDB_, process _Memory_, _Cluster_ or _PM2_, _Memcached_, _MongoDB_, _MySQL_, _SQLite_, and _PostgreSQL_.
 
@@ -96,7 +96,7 @@ const headers = {
 * no race conditions
 * no production dependencies
 * TypeScript declaration bundled
-* Block Strategy against really powerful DDoS attacks (like 100k requests per sec) [Read about it and benchmarking here](https://github.com/animir/node-rate-limiter-flexible/wiki/In-memory-Block-Strategy)
+* Block Strategy against really powerful DoS attacks (like 100k requests per sec) [Read about it and benchmarking here](https://github.com/animir/node-rate-limiter-flexible/wiki/In-memory-Block-Strategy)
 * Insurance Strategy as emergency solution if database/store is down [Read about Insurance Strategy here](https://github.com/animir/node-rate-limiter-flexible/wiki/Insurance-Strategy)
 * works in Cluster or PM2 without additional software [See RateLimiterCluster benchmark and detailed description here](https://github.com/animir/node-rate-limiter-flexible/wiki/Cluster)
 * useful `get`, `set`, `block`, `delete`, `penalty` and `reward` methods
@@ -147,6 +147,7 @@ Some copy/paste examples on Wiki:
 * [BurstyRateLimiter](https://github.com/animir/node-rate-limiter-flexible/wiki/BurstyRateLimiter) Traffic burst support
 * [RateLimiterUnion](https://github.com/animir/node-rate-limiter-flexible/wiki/RateLimiterUnion) Combine 2 or more limiters to act as single
 * [RLWrapperBlackAndWhite](https://github.com/animir/node-rate-limiter-flexible/wiki/Black-and-White-lists) Black and White lists
+* [RLWrapperTimeouts](https://github.com/animir/node-rate-limiter-flexible/wiki/RLWrapperTimeouts) Timeouts
 * [RateLimiterQueue](https://github.com/animir/node-rate-limiter-flexible/wiki/RateLimiterQueue) Rate limiter with FIFO queue
 * [AWS SDK v3 Client Rate Limiter](https://github.com/animir/node-rate-limiter-flexible/wiki/AWS-SDK-v3-Client-Rate-Limiter) Prevent punishing rate limit.
 

package/lib/RLWrapperTimeouts.js

@@ -0,0 +1,82 @@
+const RateLimiterAbstract = require('./RateLimiterAbstract');
+const RateLimiterInsuredAbstract = require('./RateLimiterInsuredAbstract');
+
+module.exports = class RLWrapperTimeouts extends RateLimiterInsuredAbstract {
+  constructor(opts= {}) {
+    super(opts);
+    this.limiter = opts.limiter;
+    this.timeoutMs = opts.timeoutMs || 0;
+  }
+
+  get limiter() {
+    return this._limiter;
+  }
+
+  set limiter(limiter) {
+    if (!(limiter instanceof RateLimiterAbstract)) {
+      throw new TypeError('limiter must be an instance of RateLimiterAbstract');
+    }
+    this._limiter = limiter;
+    if (!this.insuranceLimiter && limiter instanceof RateLimiterInsuredAbstract) {
+      this.insuranceLimiter = limiter.insuranceLimiter;
+    }
+  }
+
+  get timeoutMs() {
+    return this._timeoutMs;
+  }
+
+  set timeoutMs(value) {
+    if (typeof value !== 'number' || value < 0) {
+      throw new TypeError('timeoutMs must be a non-negative number');
+    }
+    this._timeoutMs = value;
+  }
+
+  _run(funcName, params) {
+    return new Promise(async (resolve, reject) => {
+      const timeout = setTimeout(() => {
+        return reject(new Error('Operation timed out'));
+      }, this.timeoutMs);
+
+      await this.limiter[funcName](...params)
+        .then((result) => {
+          clearTimeout(timeout);
+          resolve(result);
+        })
+        .catch((err) => {
+          clearTimeout(timeout);
+          reject(err);
+        });
+    });
+  }
+
+  _consume(key, pointsToConsume = 1, options = {}) {
+    return this._run('consume', [key, pointsToConsume, options]);
+  }
+
+  _penalty(key, points = 1, options = {}) {
+    return this._run('penalty', [key, points, options]);
+  }
+
+  _reward(key, points = 1, options = {}) {
+    return this._run('reward', [key, points, options]);
+  }
+
+  _get(key, options = {}) {
+    return this._run('get', [key, options]);
+  }
+
+  _set(key, points, secDuration, options = {}) {
+    return this._run('set', [key, points, secDuration, options]);
+  }
+
+  _block(key, secDuration, options = {}) {
+    return this._run('block', [key, secDuration, options]);
+  }
+
+  _delete(key, options = {}) {
+    return this._run('delete', [key, options]);
+  }
+
+}

package/lib/RateLimiterInsuredAbstract.js

@@ -0,0 +1,109 @@
+const RateLimiterAbstract = require('./RateLimiterAbstract');
+
+module.exports = class RateLimiterInsuredAbstract extends RateLimiterAbstract {
+  constructor(opts = {}) {
+    super(opts);
+    this.insuranceLimiter = opts.insuranceLimiter;
+  }
+
+  get insuranceLimiter() {
+    return this._insuranceLimiter;
+  }
+
+  set insuranceLimiter(value) {
+    if (typeof value !== 'undefined' && !(value instanceof RateLimiterAbstract)) {
+      throw new Error('insuranceLimiter must be instance of RateLimiterAbstract');
+    }
+    this._insuranceLimiter = value;
+    if (this._insuranceLimiter) {
+      this._insuranceLimiter.blockDuration = this.blockDuration;
+      this._insuranceLimiter.execEvenly = this.execEvenly;
+    }
+  }
+
+  _handleError(err, funcName, resolve, reject, params) {
+    if (!(this.insuranceLimiter instanceof RateLimiterAbstract)) {
+      reject(err);
+    } else {
+      this.insuranceLimiter[funcName](...params)
+        .then((res) => {
+          resolve(res);
+        })
+        .catch((res) => {
+          reject(res);
+        });
+    }
+  }
+
+  _operation(funcName, params) {
+    const promise = this[funcName](...params);
+    return new Promise((resolve, reject) => {
+      return promise.then((res) => {
+          resolve(res);
+        })
+        .catch((err) => {
+          if (funcName.startsWith('_')) {
+            funcName = funcName.slice(1);
+          }
+          this._handleError(err, funcName, resolve, reject, params);
+        });
+    });
+  }
+
+  consume(key, pointsToConsume = 1, options = {}) {
+    return this._operation('_consume', [key, pointsToConsume, options]);
+  }
+
+  penalty(key, points = 1, options = {}) {
+    return this._operation('_penalty', [key, points, options]);
+  }
+
+  reward(key, points = 1, options = {}) {
+    return this._operation('_reward', [key, points, options]);
+  }
+
+  get(key, options = {}) {
+    return this._operation('_get', [key, options]);
+  }
+
+  set(key, points, secDuration, options = {}) {
+    return this._operation('_set', [key, points, secDuration, options]);
+  }
+
+  block(key, secDuration, options = {}) {
+    return this._operation('_block', [key, secDuration, options]);
+  }
+
+  delete(key, options = {}) {
+    return this._operation('_delete', [key, options]);
+  }
+
+  _consume() {
+    throw new Error("You have to implement the method '_consume'!");
+  }
+
+  _penalty() {
+    throw new Error("You have to implement the method '_penalty'!");
+  }
+
+  _reward() {
+    throw new Error("You have to implement the method '_reward'!");
+  }
+
+  _get() {
+    throw new Error("You have to implement the method '_get'!");
+  }
+
+  _set() {
+    throw new Error("You have to implement the method '_set'!");
+  }
+
+  _block() {
+    throw new Error("You have to implement the method '_block'!");
+  }
+
+  _delete() {
+    throw new Error("You have to implement the method '_delete'!");
+  }
+
+}

package/lib/RateLimiterRedis.js

@@ -43,20 +43,41 @@ class RateLimiterRedis extends RateLimiterStoreAbstract {
    * Prevent actual redis call if redis connection is not ready
    * Because of different connection state checks for ioredis and node-redis, only this clients would be actually checked.
    * For any other clients all the requests would be passed directly to redis client
+   * @param {String} rlKey
+   * @param {Boolean} isReadonly
    * @return {boolean}
    * @private
    */
-  _isRedisReady() {
+  _isRedisReady(rlKey, isReadonly) {
     if (!this._rejectIfRedisNotReady) {
       return true;
     }
     // ioredis client
-    if (this.client.status && this.client.status !== 'ready') {
-      return false;
+    if (this.client.status) {
+      return this.client.status === 'ready';
     }
-    // node-redis client
-    if (typeof this.client.isReady === 'function' && !this.client.isReady()) {
-      return false;
+    // node-redis v3 client
+    if (typeof this.client.isReady === 'function') {
+      return this.client.isReady();
+    }
+
+    // node-redis v4+ (non-cluster) client
+    if (typeof this.client.isReady === 'boolean') {
+      return this.client.isReady === true;
+    }
+
+    // node-redis v4+ cluster client
+    if (this.client._slots && typeof this.client._slots.getClient === 'function') {
+      if (typeof this.client.isOpen === 'boolean' && this.client.isOpen !== true) {
+        return false;
+      }
+
+      try {
+        const slotClient = this.client._slots.getClient(rlKey, isReadonly);
+        return slotClient && slotClient.isReady === true;
+      } catch (error) {
+        return false;
+      }
     }
     return true;
   }
@@ -89,7 +110,7 @@ class RateLimiterRedis extends RateLimiterStoreAbstract {
       throw new Error("Consuming decimal number of points is not supported by this package");
     }
 
-    if (!this._isRedisReady()) {
+    if (!this._isRedisReady(rlKey, false)) {
       throw new Error('Redis connection is not ready');
     }
 
@@ -150,7 +171,7 @@ class RateLimiterRedis extends RateLimiterStoreAbstract {
   }
 
   async _get(rlKey) {
-    if (!this._isRedisReady()) {
+    if (!this._isRedisReady(rlKey, true)) {
       throw new Error('Redis connection is not ready');
     }
     if(!this.useRedisPackage && !this.useRedis3AndLowerPackage){

package/lib/RateLimiterStoreAbstract.js

@@ -1,8 +1,9 @@
 const RateLimiterAbstract = require('./RateLimiterAbstract');
 const BlockedKeys = require('./component/BlockedKeys');
 const RateLimiterRes = require('./RateLimiterRes');
+const RateLimiterInsuredAbstract = require('./RateLimiterInsuredAbstract');
 
-module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
+module.exports = class RateLimiterStoreAbstract extends RateLimiterInsuredAbstract {
   /**
    *
    * @param opts Object Defaults {
@@ -18,7 +19,6 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
 
     this.inMemoryBlockOnConsumed = opts.inMemoryBlockOnConsumed;
     this.inMemoryBlockDuration = opts.inMemoryBlockDuration;
-    this.insuranceLimiter = opts.insuranceLimiter;
     this._inMemoryBlockedKeys = new BlockedKeys();
   }
 
@@ -92,20 +92,6 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
     }
   }
 
-  _handleError(err, funcName, resolve, reject, key, data = false, options = {}) {
-    if (!(this.insuranceLimiter instanceof RateLimiterAbstract)) {
-      reject(err);
-    } else {
-      this.insuranceLimiter[funcName](key, data, options)
-        .then((res) => {
-          resolve(res);
-        })
-        .catch((res) => {
-          reject(res);
-        });
-    }
-  }
-
   getInMemoryBlockMsBeforeExpire(rlKey) {
     if (this.inMemoryBlockOnConsumed > 0) {
       return this._inMemoryBlockedKeys.msBeforeExpire(rlKey);
@@ -140,21 +126,6 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
     return this._inMemoryBlockDuration * 1000;
   }
 
-  get insuranceLimiter() {
-    return this._insuranceLimiter;
-  }
-
-  set insuranceLimiter(value) {
-    if (typeof value !== 'undefined' && !(value instanceof RateLimiterAbstract)) {
-      throw new Error('insuranceLimiter must be instance of RateLimiterAbstract');
-    }
-    this._insuranceLimiter = value;
-    if (this._insuranceLimiter) {
-      this._insuranceLimiter.blockDuration = this.blockDuration;
-      this._insuranceLimiter.execEvenly = this.execEvenly;
-    }
-  }
-
   /**
    * Block any key for secDuration seconds
    *
@@ -191,7 +162,7 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
    * @param {Object} options
    * @returns Promise<RateLimiterRes>
    */
-  consume(key, pointsToConsume = 1, options = {}) {
+  _consume(key, pointsToConsume = 1, options = {}) {
     return new Promise((resolve, reject) => {
       const rlKey = this.getKey(key);
 
@@ -204,9 +175,7 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
         .then((res) => {
           this._afterConsume(resolve, reject, rlKey, pointsToConsume, res);
         })
-        .catch((err) => {
-          this._handleError(err, 'consume', resolve, reject, key, pointsToConsume, options);
-        });
+        .catch((err) => reject(err));
     });
   }
 
@@ -217,16 +186,14 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
    * @param {Object} options
    * @returns Promise<RateLimiterRes>
    */
-  penalty(key, points = 1, options = {}) {
+  _penalty(key, points = 1, options = {}) {
     const rlKey = this.getKey(key);
     return new Promise((resolve, reject) => {
       this._upsert(rlKey, points, this._getKeySecDuration(options) * 1000, false, options)
         .then((res) => {
           resolve(this._getRateLimiterRes(rlKey, points, res));
         })
-        .catch((err) => {
-          this._handleError(err, 'penalty', resolve, reject, key, points, options);
-        });
+        .catch((res) => reject(res));
     });
   }
 
@@ -237,16 +204,14 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
    * @param {Object} options
    * @returns Promise<RateLimiterRes>
    */
-  reward(key, points = 1, options = {}) {
+  _reward(key, points = 1, options = {}) {
     const rlKey = this.getKey(key);
     return new Promise((resolve, reject) => {
       this._upsert(rlKey, -points, this._getKeySecDuration(options) * 1000, false, options)
         .then((res) => {
           resolve(this._getRateLimiterRes(rlKey, -points, res));
         })
-        .catch((err) => {
-          this._handleError(err, 'reward', resolve, reject, key, points, options);
-        });
+        .catch((res) => reject(res));
     });
   }
 
@@ -268,7 +233,7 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
           }
         })
         .catch((err) => {
-          this._handleError(err, 'get', resolve, reject, key, options);
+          this._handleError(err, 'get', resolve, reject, [key, options]);
         });
     });
   }
@@ -288,7 +253,7 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
           resolve(res);
         })
         .catch((err) => {
-          this._handleError(err, 'delete', resolve, reject, key, options);
+          this._handleError(err, 'delete', resolve, reject, [key, options]);
         });
     });
   }
@@ -330,7 +295,7 @@ module.exports = class RateLimiterStoreAbstract extends RateLimiterAbstract {
           resolve(new RateLimiterRes(0, msDuration > 0 ? msDuration : -1, initPoints));
         })
         .catch((err) => {
-          this._handleError(err, 'block', resolve, reject, this.parseKey(rlKey), msDuration / 1000, options);
+          this._handleError(err, 'block', resolve, reject, [this.parseKey(rlKey), msDuration / 1000, options]);
         });
     });
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rate-limiter-flexible",
-  "version": "8.0.1",
+  "version": "8.2.0",
   "description": "Node.js rate limiter by key and protection from DDoS and Brute-Force attacks in process Memory, Redis, MongoDb, Memcached, MySQL, PostgreSQL, Cluster or PM",
   "main": "index.js",
   "scripts": {

package/types.d.ts

@@ -204,7 +204,11 @@ export class RateLimiterAbstract {
     ): Promise<boolean>;
 }
 
-export class RateLimiterStoreAbstract extends RateLimiterAbstract {
+export class RateLimiterInsuredAbstract extends RateLimiterAbstract {
+    constructor(opts: IRateLimiterOptions);
+}
+
+export class RateLimiterStoreAbstract extends RateLimiterInsuredAbstract {
     constructor(opts: IRateLimiterStoreOptions);
 
     /**
@@ -220,6 +224,7 @@ interface IRateLimiterOptions {
     execEvenly?: boolean;
     execEvenlyMinDelayMs?: number;
     blockDuration?: number;
+    insuranceLimiter?: RateLimiterAbstract;
 }
 
 interface IRateLimiterClusterOptions extends IRateLimiterOptions {
@@ -393,6 +398,15 @@ export class RLWrapperBlackAndWhite extends RateLimiterAbstract {
     constructor(opts: IRLWrapperBlackAndWhiteOptions);
 }
 
+interface IRLWrapperTimeoutsOptions extends IRateLimiterOptions {
+    limiter: RateLimiterAbstract;
+    timeoutMs?: number;
+}
+
+export class RLWrapperTimeouts extends RateLimiterInsuredAbstract {
+    constructor(opts: IRLWrapperTimeoutsOptions);
+}
+
 interface IRateLimiterQueueOpts {
     maxQueueSize?: number;
 }