digital-telepresence
/
dtp-express-limiter
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Add ability to set skipHeaders into the options to prevent the setting of HTTP header fields for X-RateLimit-Limit, X-RateLimit-Remaining and Retry-After.

develop
Ashley Streb 11 years ago
parent
753480357d
commit
2283789b24
3 changed files with 44 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 14
      README.md
  2. 9
      index.js
  3. 25
      tests/index.js

14
README.md
View File

@ -45,7 +45,7 @@ limiter(options)
- `total`: `Number` allowed number of requests before getting rate limited - `total`: `Number` allowed number of requests before getting rate limited
- `expire`: `Number` amount of time in `ms` before the rate-limited is reset - `expire`: `Number` amount of time in `ms` before the rate-limited is reset
- `whitelist`: `function(req)` optional param allowing the ability to whitelist. return `boolean`, `true` to whitelist, `false` to passthru to limiter. - `whitelist`: `function(req)` optional param allowing the ability to whitelist. return `boolean`, `true` to whitelist, `false` to passthru to limiter.
- `skipHeaders`: `Boolean` whether to skip sending HTTP headers for rate limits ()
### Examples ### Examples
``` js ``` js
@ -89,6 +89,18 @@ limiter({
return !!req.user.is_admin return !!req.user.is_admin
} }
}) })
// skip sending HTTP limit headers
limiter({
path: '/delete/thing',
method: 'post',
lookup: 'user.id',
whitelist: function (req) {
return !!req.user.is_admin
},
skipHeaders: true
})
``` ```
### as direct middleware ### as direct middleware

9
index.js
View File

@ -28,14 +28,17 @@ module.exports = function (app, db) {
limit.remaining = Math.max(Number(limit.remaining) - 1, 0) limit.remaining = Math.max(Number(limit.remaining) - 1, 0)
db.set(key, JSON.stringify(limit), function () { db.set(key, JSON.stringify(limit), function () {
res.set('X-RateLimit-Limit', limit.total) if (!opts.skipHeaders) {
res.set('X-RateLimit-Remaining', limit.remaining) res.set('X-RateLimit-Limit', limit.total)
res.set('X-RateLimit-Remaining', limit.remaining)
}
if (limit.remaining) return next() if (limit.remaining) return next()
var after = (limit.reset - Date.now()) / 1000 var after = (limit.reset - Date.now()) / 1000
res.set('Retry-After', after) if (!opts.skipHeaders) res.set('Retry-After', after)
res.send(429, 'Rate limit exceeded') res.send(429, 'Rate limit exceeded')
}) })

25
tests/index.js
View File

@ -24,6 +24,7 @@ describe('rate-limiter', function () {
it('should work', function (done) { it('should work', function (done) {
var map = [10, 9, 8, 7, 6, 5, 4, 3, 2] var map = [10, 9, 8, 7, 6, 5, 4, 3, 2]
var clock = sinon.useFakeTimers() var clock = sinon.useFakeTimers()
limiter({ limiter({
path: '/route', path: '/route',
method: 'get', method: 'get',
@ -69,4 +70,28 @@ describe('rate-limiter', function () {
}) })
v.waterfall(out, done) v.waterfall(out, done)
}) })
describe('options', function() {
it('should process skipHeaders', function (done) {
limiter({
path: '/route',
method: 'get',
lookup: ['connection.remoteAddress'],
total: 0,
expire: 1000 * 60 * 60,
skipHeaders: true
})
app.get('/route', function (req, res) {
res.send(200, 'hello')
})
request(app)
.get('/route')
.expect(function(res) { if ('X-RateLimit-Limit' in res.headers) return 'X-RateLimit-Limit Header not to be set' })
.expect(function(res) { if ('X-RateLimit-Remaining' in res.headers) return 'X-RateLimit-Remaining Header not to be set' })
.expect(function(res) { if ('Retry-After' in res.headers) return 'Retry-After not to be set' })
.expect(429, done)
})
})
}) })

Write Preview
Loading…
Cancel
Save