express-rate-limit
Advanced tools
Comparing version 3.5.2 to 4.0.0
"use strict"; | ||
const defaults = require("defaults"); | ||
const MemoryStore = require("./memory-store"); | ||
function RateLimit(options) { | ||
options = defaults(options, { | ||
windowMs: 60 * 1000, // milliseconds - how long to keep records of requests in memory | ||
max: 5, // max number of recent connections during `window` milliseconds before sending a 429 response | ||
message: "Too many requests, please try again later.", | ||
statusCode: 429, // 429 status = Too Many Requests (RFC 6585) | ||
headers: true, //Send custom rate limit header with limit and remaining | ||
skipFailedRequests: false, // Do not count failed requests (status >= 400) | ||
skipSuccessfulRequests: false, // Do not count successful requests (status < 400) | ||
// allows to create custom keys (by default user IP is used) | ||
keyGenerator: function(req /*, res*/) { | ||
return req.ip; | ||
options = Object.assign( | ||
{ | ||
windowMs: 60 * 1000, // milliseconds - how long to keep records of requests in memory | ||
max: 5, // max number of recent connections during `window` milliseconds before sending a 429 response | ||
message: "Too many requests, please try again later.", | ||
statusCode: 429, // 429 status = Too Many Requests (RFC 6585) | ||
headers: true, //Send custom rate limit header with limit and remaining | ||
skipFailedRequests: false, // Do not count failed requests (status >= 400) | ||
skipSuccessfulRequests: false, // Do not count successful requests (status < 400) | ||
// allows to create custom keys (by default user IP is used) | ||
keyGenerator: function(req /*, res*/) { | ||
return req.ip; | ||
}, | ||
skip: function(/*req, res*/) { | ||
return false; | ||
}, | ||
handler: function(req, res /*, next*/) { | ||
res.status(options.statusCode).send(options.message); | ||
}, | ||
onLimitReached: function(/*req, res, optionsUsed*/) {} | ||
}, | ||
skip: function(/*req, res*/) { | ||
return false; | ||
}, | ||
handler: function(req, res /*, next*/) { | ||
res.status(options.statusCode).send(options.message); | ||
}, | ||
onLimitReached: function(/*req, res, optionsUsed*/) {} | ||
}); | ||
options | ||
); | ||
@@ -27,0 +29,0 @@ // store to use for persisting rate limit data |
{ | ||
"name": "express-rate-limit", | ||
"version": "3.5.2", | ||
"version": "4.0.0", | ||
"description": "Basic IP rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.", | ||
@@ -36,5 +36,3 @@ "homepage": "https://github.com/nfriedly/express-rate-limit", | ||
], | ||
"dependencies": { | ||
"defaults": "^1.0.3" | ||
}, | ||
"dependencies": {}, | ||
"devDependencies": { | ||
@@ -41,0 +39,0 @@ "eslint": "^5.15.3", |
@@ -274,4 +274,10 @@ # Express Rate Limit | ||
## v3 Changes | ||
## Summary of breaking changes: | ||
### v4 Changes | ||
- Express Rate Limit no longer modifies the passed-in options object, it instead makes a clone of it. | ||
### v3 Changes | ||
- Removed `delayAfter` and `delayMs` options; they were moved to a new module: [express-slow-down](https://npmjs.org/package/express-slow-down). | ||
@@ -281,3 +287,3 @@ - Simplified the default `handler` function so that it no longer changes the response format. Now uses [res.send](https://expressjs.com/en/4x/api.html#res.send). | ||
## v2 Changes | ||
### v2 Changes | ||
@@ -284,0 +290,0 @@ v2 uses a less precise but less resource intensive method of tracking hits from a given IP. v2 also adds the `limiter.resetKey()` API and removes the `global: true` option. |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
17779
0
195
293
- Removeddefaults@^1.0.3
- Removedclone@1.0.4(transitive)
- Removeddefaults@1.0.4(transitive)