express-token-api-middleware
Advanced tools
express-token-api-middleware - npm Package Compare versions
Comparing version 0.5.0 to 0.5.1
@@ -55,3 +55,3 @@ 'use strict'; | ||
| if (rate < 1) { | ||
| throw new Error('Invalid number of nodes specified for determining rate limits:' + rate); | ||
| throw new Error('Invalid rate specified for determining rate limits:' + rate); | ||
| } | ||
@@ -78,3 +78,3 @@ return rate; | ||
| if (this._config.timeout) { | ||
| if (this.queues[user.id].length * rate * this._config.nodes > this._config.timeout) { | ||
| if ((this.queues[user.id].length + 1) * rate * this._config.nodes >= this._config.timeout) { | ||
| throw new Error('Queue limit exceeded due to timeout setting'); | ||
@@ -116,5 +116,6 @@ } | ||
| } | ||
| var rate = Limiter._validateRate(user.rate); | ||
| var cb = this.queues[user.id].shift(); | ||
| cb(); | ||
| setTimeout(this._process.bind(this), user.rate * this._config.nodes, user); | ||
| setTimeout(this._process.bind(this), rate * this._config.nodes, user); | ||
| } | ||
@@ -121,0 +122,0 @@ } |
| { | ||
| "name": "express-token-api-middleware", | ||
| "version": "0.5.0", | ||
| "version": "0.5.1", | ||
| "description": "An express middleware that allows to protect an api behind token authentication, rate limiting and endpoint permissions.", | ||
@@ -5,0 +5,0 @@ "license": "Apache-2.0", |
@@ -25,2 +25,7 @@ /* global describe, it, beforeEach, afterEach */ | ||
| }); | ||
| it('should reject rates that are less than 1', () => { | ||
| expect(Limiter._validateRate.bind(null, '0')).to.throw(); | ||
| expect(Limiter._validateRate.bind(null, '-1ms')).to.throw(); | ||
| }); | ||
| }); | ||
@@ -31,3 +36,3 @@ | ||
| var limiter = new Limiter({ timeout: 51, nodes: 1 }); | ||
| for (let i in [0,1,2,3,4,5,6]) { | ||
| for (let i in [0,1,2,3,4,5]) { | ||
| limiter.check({id: 1, rate: 10}, () => {}); | ||
@@ -34,0 +39,0 @@ } |
@@ -24,3 +24,3 @@ /* global describe, it, beforeEach, afterEach */ | ||
| app.get('/test', (req, res) => { | ||
| expect(req.user.id).to.equal('test'); | ||
| expect(req.user.id).to.equal('1'); | ||
| res.end(); | ||
@@ -30,3 +30,3 @@ }); | ||
| var token = tokenManager.getToken({ | ||
| id: 'test' | ||
| id: '1' | ||
| }); | ||
@@ -48,3 +48,3 @@ | ||
| var token = tokenManager.getToken({ | ||
| id: 'test', | ||
| id: '1', | ||
| path: /^\/secure.*/ | ||
@@ -73,3 +73,3 @@ }); | ||
| var token = tokenManager.getToken({ | ||
| id: 'test', | ||
| id: '1', | ||
| rate: '100ms' | ||
@@ -79,3 +79,3 @@ }); | ||
| var token2 = tokenManager.getToken({ | ||
| id: 'test2', | ||
| id: '2', | ||
| rate: '100ms' | ||
@@ -95,6 +95,6 @@ }); | ||
| done(err); | ||
| }) | ||
| }); | ||
| }); | ||
| it('should rate limit while being manually notified', () => { | ||
| it('should rate limit while being manually notified', done => { | ||
| var app = express(); | ||
@@ -106,8 +106,6 @@ var tokenManager = middleware({ | ||
| app.use(tokenManager); | ||
| app.get('/test', (req, res) => { | ||
| res.end(); | ||
| }); | ||
| app.get('/test', (req, res) => res.end()); | ||
| var user = { | ||
| id: 'test', | ||
| id: '1', | ||
| rate: '100ms' | ||
@@ -130,6 +128,6 @@ }; | ||
| done(err); | ||
| }) | ||
| }); | ||
| }); | ||
| it('should rate limit while being manually notified even if a request is already being processed', () => { | ||
| it('should rate limit while being manually notified even if a request is already being processed', done => { | ||
| var app = express(); | ||
@@ -141,8 +139,6 @@ var tokenManager = middleware({ | ||
| app.use(tokenManager); | ||
| app.get('/test', (req, res) => { | ||
| res.end(); | ||
| }); | ||
| app.get('/test', (req, res) => res.end()); | ||
| var user = { | ||
| id: 'test', | ||
| id: '1', | ||
| rate: '100ms' | ||
@@ -166,5 +162,35 @@ }; | ||
| done(err); | ||
| }) | ||
| }); | ||
| }); | ||
| it('should reject requests if the requests queue is already too long', done => { | ||
| var app = express(); | ||
| var tokenManager = middleware({ | ||
| password: 'test', | ||
| salt: crypto.randomBytes(16), | ||
| timeout: 100 | ||
| }); | ||
| app.use(tokenManager); | ||
| app.get('/test', (req, res) => res.end() ); | ||
| var user = { | ||
| id: '1', | ||
| rate: '50ms' | ||
| }; | ||
| var token = tokenManager.getToken(user); | ||
| request(app).get('/test').set('Authorization', token).expect(200); | ||
| request(app).get('/test').set('Authorization', token).expect(200); | ||
| request(app).get('/test').set('Authorization', token).expect(200); | ||
| async.parallel([ | ||
| cb => request(app).get('/test').set('Authorization', token).expect(200, cb), // processed now | ||
| cb => request(app).get('/test').set('Authorization', token).expect(200, cb), // queued (50ms) | ||
| cb => request(app).get('/test').set('Authorization', token).expect(200, cb) // queued (100ms) | ||
| ], () => { | ||
| request(app).get('/test').set('Authorization', token).expect(429, done) // rejected (more than 100ms waiting) | ||
| }); | ||
| }); | ||
| it('should not initialize if configuration properties are missing or invalid', () => { | ||
@@ -171,0 +197,0 @@ try { |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by3.47%
73777
- Lines of code
- increased by5.24%
522