express-rate-limit
Advanced tools
Comparing version 1.1.0 to 1.2.0
@@ -15,5 +15,6 @@ 'use strict'; | ||
delayMs: 1000, // milliseconds - base delay applied to the response - multiplied by number of recent hits from user's IP | ||
max: 5, // max number of recent connections during `window` miliseconds before sending a 400 response | ||
max: 5, // max number of recent connections during `window` miliseconds before sending a 429 response | ||
global: false, // if true, IP address is ignored and setting is applied equally to all requests | ||
message : 'Too many requests, please try again later.' | ||
message : 'Too many requests, please try again later.', | ||
statusCode: 429 | ||
}); | ||
@@ -41,3 +42,3 @@ | ||
// 429 status = Too Many Requests (RFC 6585) | ||
return res.status(429).end(options.message); | ||
return res.status(options.statusCode).end(options.message); | ||
} | ||
@@ -44,0 +45,0 @@ |
{ | ||
"name": "express-rate-limit", | ||
"version": "1.1.0", | ||
"version": "1.2.0", | ||
"description": "Basic rate-limiting middleware for Express. Use to limit access to public endpoints such as account creation and password reset.", | ||
@@ -5,0 +5,0 @@ "homepage": "https://github.com/nfriedly/express-rate-limit", |
@@ -22,10 +22,10 @@ # Express Rate Limit | ||
* **windowMs**: milliseconds - how long to keep records of requests in memory. Defaults to 60,000 (1 minute). | ||
* **delayAfter**: max number of connections during `windowMs` before starting to delay responses. Defaults to 1. Set to 0 to disable entirely. | ||
* **delayMs**: milliseconds - how long to delay the response; is multiplied by number of recent hits - `delayAfter`. Defaults to 1,000 (1 second). Set to 0 to disable entirely. | ||
* **max**: max number of recent connections during `windowMs` milliseconds before sending a 400 response. Defaults to 5. Set to 0 to disable entirely. | ||
* **global**: If true, IP address is ignored and a single global hit counter is used. Defaults to false. | ||
* **message**: Error message returned when `max` is exceeded. Defaults to 'Too many requests, please try again later.' | ||
* **windowMs**: milliseconds - how long to keep records of requests in memory. Defaults to `60000` (1 minute). | ||
* **delayAfter**: max number of connections during `windowMs` before starting to delay responses. Defaults to `1`. Set to `0` to disable delaying. | ||
* **delayMs**: milliseconds - how long to delay the response, multiplied by (number of recent hits - `delayAfter`). Defaults to `1000` (1 second). Set to `0` to disable delaying. | ||
* **max**: max number of connections during `windowMs` milliseconds before sending a 429 response. Defaults to `5`. Set to `0` to disable. | ||
* **global**: If `true`, IP address is ignored and a single global hit counter is used. Defaults to `false`. | ||
* **message**: Error message returned when `max` is exceeded. Defaults to `'Too many requests, please try again later.'` | ||
* **statusCode**: HTTP status code returned when `max` is exceeded. Defaults to `429`. | ||
The `delayAfter` and `delayMs` options were written for human-facing pages such as login and password reset forms. | ||
@@ -48,3 +48,4 @@ For public APIs, setting these to `0` (disabled) and relying on only `windowMs` and `max` for rate-limiting usually makes the most sense. | ||
global: false, | ||
message: 'Too many requests, please try again later.' | ||
message: 'Too many requests, please try again later.', | ||
statusCode: 429 | ||
}); | ||
@@ -51,0 +52,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
6130
43
67