UNPKG

zenin-limiter

Version:

Universal rate & throttle limiter middleware for Express, Fastify, and custom handlers

github.com/nareshbarathvp/zenin-limiter

nareshbarathvp/zenin-limiter

217 lines (203 loc) 7.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
import { Request, Response, NextFunction } from 'express'; import { FastifyRequest, FastifyReply } from 'fastify'; import { CanActivate, ExecutionContext } from '@nestjs/common'; interface LimiterConfig { /** * Key generator system for rate limiting. * - keyType: 'ip' | 'user-agent' | 'header:X-API-KEY' | 'path' | 'custom' * - headerName: Used if keyType is a header * - customKeyGenerator: Custom function for key extraction */ keyType?: "ip" | "user-agent" | "header:X-API-KEY" | "path" | "custom"; headerName?: string; customKeyGenerator?: (req: any) => string; /** * Maximum number of allowed actions (requests) within the defined time window. * Can be a number or a function that returns a number based on request context. * Default: 100 */ limit?: number | ((req: any) => number); /** * Duration of the rate limit window in seconds. * Default: 60 * Example: `60` means "limit X requests per 60 seconds". */ windowInSeconds?: number; /** * Rate limiting strategy to use. * - 'fixed': Simple fixed window (default) * - 'sliding': Accurate sliding window * - 'tokenBucket': Smooth burst control */ strategy?: "fixed" | "sliding" | "tokenBucket"; /** * Event hooks for monitoring and debugging. */ onLimitReached?: (key: string, req?: any) => void; onReset?: (key: string) => void; onPass?: (key: string, req?: any) => void; onError?: (error: Error) => void; /** * Enable debug logging for all rate limiting decisions. */ debug?: boolean; /** * Dry run mode - simulate rate limiting without actually blocking requests. */ dryRun?: boolean; /** * Silent mode - log decisions but don't block requests. */ silent?: boolean; /** * Configuration for rate limiter. * This includes settings for memory store, cleanup intervals, and more. * If not provided, defaults will be used. * * Max number of keys (default: 1,000,000) * Calls between cleanups (default: 1000) * Enable per-key metrics (default: false) * Max keys to clean per batch (default: 1000) */ limiterConfig?: RateLimiterConfig; } type RateLimiterConfig = { maxStoreSize?: number; cleanupInterval?: number; enablePerKeyStats?: boolean; maxBatchCleanup?: number; }; interface RateLimitStrategy { isAllowed(key: string, req?: any): boolean | Promise<boolean>; getState?(key: string): RateLimitState | Promise<RateLimitState>; reset?(key: string): void | Promise<void>; } type RateLimitState = { remaining: number; resetAt: number; limit: number; }; /** * Express middleware for rate limiting. */ declare function expressLimiter(config: Partial<LimiterConfig>): (req: Request, res: Response, next: NextFunction) => Promise<Response<any, Record<string, any>>>; declare function fastifyLimiter(config: Partial<LimiterConfig>): (req: FastifyRequest, reply: FastifyReply) => Promise<void>; declare function RateLimit(config: LimiterConfig): (target: any, propertyKey: string, descriptor: PropertyDescriptor) => PropertyDescriptor; declare class NestLimiterGuard implements CanActivate { private readonly config; private limiter; private keyFn; constructor(config: Partial<LimiterConfig>); canActivate(context: ExecutionContext): Promise<boolean>; } declare class RateLimitModule { } declare function universalLimiter(config: Partial<LimiterConfig>): (req: any, res: any, next: () => void) => Promise<any>; /** * Resets the rate limit for a specific key. * @param key The key to reset * @throws Error if key is invalid */ declare function resetKey(key: string): Promise<void>; /** * Resets all rate limit state. */ declare function resetAll(): Promise<void>; /** * Returns current rate limit metrics. * @param key Optional key for per-key stats * @returns Object containing hits and rejections (global or per-key) */ declare function getMetrics(key?: string): Promise<{ hits: number; rejections: number; }>; /** * Checks if a key is allowed based on rate limit. * Uses a min-heap for expirations, LRU for memory capping, and Promise-based locking. * Handles millions of users with hybrid cleanup (on-demand + periodic). * @param key Unique identifier for rate limiting * @param limit Maximum requests allowed in window * @param windowInSeconds Time window in seconds * @param config Optional configuration (maxStoreSize, cleanupInterval, enablePerKeyStats, maxBatchCleanup) * @param now Optional time source for testing (defaults to Date.now) * @returns True if allowed, false if rate limit exceeded * @throws Error if inputs are invalid */ declare function isAllowedMemory(key: string, limit: number, windowInSeconds: number, config?: RateLimiterConfig, now?: () => number): Promise<boolean>; declare class FixedWindowStrategy implements RateLimitStrategy { private config; private maxEntries; private gcStarted; private getLimitFn?; constructor(config: any); private getLimit; private startGC; stopGC(): void; isAllowed(key: string, req?: any): Promise<boolean>; reset(key: string): Promise<void>; getState(key: string): Promise<RateLimitState>; static resetAll(): Promise<void>; } interface RateLimiterStats { totalRequests: number; hits: number; rejections: number; activeKeys: number; memoryUsage?: number; } declare class RateLimiter { private strategy; private config; private stats; constructor(config: Partial<LimiterConfig>, strategy?: RateLimitStrategy); private createStrategy; private getLimit; private callHook; private logDebug; isAllowed(key: string, req?: any): Promise<boolean>; reset(key: string): Promise<void>; getState(key: string): Promise<any>; getStats(): RateLimiterStats; private getActiveKeysCount; } declare class SlidingWindowStrategy implements RateLimitStrategy { private limit; private windowMs; private config; private maxEntries; private gcStarted; private getLimitFn?; constructor(config: any); private startGC; stopGC(): void; private getLimit; isAllowed(key: string, req?: any): Promise<boolean>; getState(key: string, req?: any): Promise<RateLimitState>; reset(key: string): Promise<void>; static resetAll(): Promise<void>; } declare class TokenBucketStrategy implements RateLimitStrategy { private capacity; private refillRate; private config; private maxEntries; private gcStarted; private getLimitFn?; constructor(config: any); private startGC; stopGC(): void; private getLimit; isAllowed(key: string, req?: any): Promise<boolean>; getState(key: string, req?: any): Promise<RateLimitState>; reset(key: string): Promise<void>; static resetAll(): Promise<void>; } declare function applyDefaults(config: Partial<LimiterConfig>): LimiterConfig; interface ValidationError { field: string; message: string; } declare function validateConfig(config: LimiterConfig): ValidationError[]; declare function throwIfInvalid(config: LimiterConfig): void; export { FixedWindowStrategy, type LimiterConfig, NestLimiterGuard, RateLimit, RateLimitModule, type RateLimitState, type RateLimitStrategy, RateLimiter, type RateLimiterConfig, type RateLimiterStats, SlidingWindowStrategy, TokenBucketStrategy, applyDefaults, expressLimiter, fastifyLimiter, getMetrics, isAllowedMemory, resetAll, resetKey, throwIfInvalid, universalLimiter, validateConfig };