UNPKG

hapi-rate-limitor

Version:

Rate limiting for hapi/hapi.js to prevent brute-force attacks

github.com/futurestudio/hapi-rate-limitor

futurestudio/hapi-rate-limitor

146 lines (121 loc) 4.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
/// <reference types='node' /> import { Plugin, Request } from '@hapi/hapi'; declare module '@hapi/hapi' { interface Request { rateLimit: HapiRateLimitor.RateLimit; } } declare namespace HapiRateLimitor { interface RateLimit { /** * Returns the maximum allowed rate limit. * * @returns Returns the maximum allowed rate limit. */ total: number; /** * Returns the remaining rate limit. * * @returns Returns the remaining rate limit. */ remaining: number; /** * Returns the time since epoch in seconds when the rate limiting period will end. * * @returns Returns the time since epoch in seconds when the rate limiting period will end. */ reset: number; /** * Determine whether the rate limit quota is exceeded (has no remaining). * * @returns Returns `true` if the rate limit is not exceeded, otherwise `false`. */ isInQuota(): boolean; } /** * Available options when registering hapi-rate-limitor as a plugin to the hapi server. */ interface Options { /** * The maximum number of requests allowed in a `duration`. * */ max?: number; /** * The lifetime window keeping records of a request in milliseconds. * */ duration?: number; /** * The used prefix to create the rate limit identifier before storing the data. * */ namespace?: string; /** * The Redis configuration used to create and connect an ioRedis instance. * The configuration value can be a connection string or an object. * This property is passed through to ioRedis. * */ redis?: string | object; /** * The [request lifecycle extension point](https://futurestud.io/downloads/hapi/request-lifecycle) used for rate limiting * */ extensionPoint?: string; /** * the property name identifying a user (credentials) for dynamic rate limits (see Readme). * This option is used to access the value from `request.auth.credentials`. * */ userAttribute?: string; /** * The property name identifying the rate limit value on dynamic rate limit (see Readme). * This option is used to access the value from `request.auth.credentials`. * */ userLimitAttribute?: string; /** * The path to a view file which will be rendered instead of throwing an error. * The rate limiter uses `h.view(yourView, { total, remaining, reset }).code(429)` * to render the defined view. * */ view?: string; /** * A shortcut to enable or disable the plugin, e.g. when running tests. * */ enabled?: boolean; /** * An async function with the signature `async (request)` to determine whether * to skip rate limiting for a given request. The `skip` function retrieves * the incoming request as the only argument. * */ skip?(request: Request): Promise<boolean>; /** * An array of whitelisted IP addresses that won’t be rate-limited. Requests from * such IPs proceed the request lifecycle. Notice that the related responses * won’t contain rate limit headers. * */ ipWhitelist?: Array<string>; /** * An async function with the signature `async (request)` to manually determine * the requesting IP address. This is helpful if your load balancer provides * the client IP address as the last item in the list of forwarded * addresses (e.g. Heroku and AWS ELB). * */ getIp?(request: Request): Promise<string>; /** * an event emitter instance used to emit the * [rate-limitting events](https://github.com/futurestudio/hapi-rate-limitor#events) * */ emitter?: object; } } declare var HapiRateLimitor: Plugin<HapiRateLimitor.Options>; export = HapiRateLimitor;