express-rate-limit
Advanced tools
Comparing version 1.0.2 to 1.0.3
@@ -15,3 +15,4 @@ 'use strict'; | ||
max: 5, // max number of recent connections during `window` miliseconds before sending a 400 response | ||
global: false // if true, IP address is ignored and setting is applied equally to all requests | ||
global: false, // if true, IP address is ignored and setting is applied equally to all requests | ||
message : 'Too many requests, please try again later.' | ||
}); | ||
@@ -22,6 +23,6 @@ | ||
if (typeof hits[ip] !== "number") { | ||
hits[ip] = 0; // first one's free ;) | ||
if (hits[ip]) { | ||
hits[ip]++; | ||
} else { | ||
hits[ip]++; | ||
hits[ip] = 1; | ||
} | ||
@@ -31,4 +32,5 @@ | ||
// cleanup | ||
hits[ip]--; | ||
if (hits[ip] <=0 ) { | ||
if (hits[ip]) { | ||
hits[ip]--; | ||
} else { | ||
delete hits[ip]; | ||
@@ -38,8 +40,9 @@ } | ||
if (hits[ip] >= options.max) { | ||
if (hits[ip] > options.max) { | ||
// 429 status = Too Many Requests (RFC 6585) | ||
return res.status(429).end('Too many requests, please try again later.'); | ||
return res.status(429).end(options.message); | ||
} | ||
var delay = hits[ip] * options.delayMs; | ||
// first hit shouldn't be delayed, so subtract 1 | ||
var delay = (hits[ip]-1) * options.delayMs; | ||
setTimeout(next, delay); | ||
@@ -49,2 +52,2 @@ }; | ||
module.exports = RateLimit; | ||
module.exports = RateLimit; |
{ | ||
"name": "express-rate-limit", | ||
"version": "1.0.2", | ||
"version": "1.0.3", | ||
"description": "Basic rate-limiting middleware for Express. Use to limit access to public endpoints such as account creation and password reset.", | ||
@@ -5,0 +5,0 @@ "homepage": "https://github.com/nfriedly/express-rate-limit", |
@@ -30,6 +30,7 @@ # Express Rate Limit | ||
// window, delay, and max apply per-ip unless global is set to true | ||
windowMs: 60 * 1000 // miliseconds - how long to keep records of requests in memory | ||
windowMs: 60 * 1000, // miliseconds - how long to keep records of requests in memory | ||
delayMs: 1000, // milliseconds - base delay applied to the response - multiplied by number of recent hits from user's IP | ||
max: 5, // max number of recent connections during `window` miliseconds before (temporarily) bocking the user. | ||
global: false // if true, IP address is ignored and setting is applied equally to all requests | ||
global: false, // if true, IP address is ignored and setting is applied equally to all requests | ||
message: 'You have been very naughty.. No API response for you!!' // if message is set, the provide message will be shown instead of `Too many requests, please try again later.` | ||
}); | ||
@@ -36,0 +37,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
5076
38
51