- fc93f3a: pass context to getTraker as a second arg
- fbf27c6: Add the guard interfaces for export for public use
- 3d1a9a5: Swap MD5 hash for SHA256 to better support OpenSSL 3.0 and future iterations
- ef69348: Update the readme for websockets
- e058d50: Use ceil instead of floor while calculating expire and block expire at to properly account for rounding up instead of down and accidentally allowing for early continued requests. Related to #2074
- 93b62d2: A time will be provided to block the request separately from the ttl. There is a breaking change at the library level. Storage library owners will be affected by this breaking change
- 9b3f9cd: - e17a5dc: The storage has been updated to utilize Map instead of a simple object for key-value storage. This enhancement offers improved performance, especially for scenarios involving frequent additions and deletions of keys. There is a breaking change at the library level. Storage library owners will be affected by this breaking change
- 16467c1: Add dynamic error messages based on context and ThrottlerLimitDetail
- 7a431e5: Improve performance by replacing md5 npm package with Node.js crypto module.
- b06a208: Resolves a bug that cause 'this' to be undefined in the 'getTracker' and 'generateKey' methods of the custom ThrottlerGuard
- 903d187: Allow for throttler definitions to define their own trackers and key generators to allow for more customization of the rate limit process
- bc9e6b2: Correctly assign metadata for multiple throttlers passed to
@SkipThrottle()
-
2f4f2a7: # FEATURES
- allow for multiple Throttler Contexts
- allow for conditionally skipping based on
ThrottleGuard#shouldSkip
method - allow for easily overriding throttler message based on guard method
- extra context passed to throw method for better customization of message
ThrottlerStorage
no longer needs astorage
property`getTracker
can now be async
- ttl is now in milliseconds, not seconds, but there are time helper exposed to ease the migration to that
- the module options is now either an array or an object with a
throttlers
array property @Throttle()
now takes in an object instead of two parameters, to allow for setting multiple throttle contexts at once in a more readable manner@ThrottleSkip()
now takes in an object with string boolean to say which throttler should be skippedttl
andlimit
are no longer optional in the module's options. If an option object is passed, it must define the defaults for that throttler
For most people, wrapping your options in an array will be enough.
If you are using a custom storage, you should wrap you
ttl
andlimit
in an array and assign it to thethrottlers
property of the options object.Any
@ThrottleSkip()
should now take in an object withstring: boolean
props. The strings are the names of the throttlers. If you do not have a name, pass the string'default'
, as this is what will be used under the hood otherwise.Any
@Throttle()
decorators should also now take in an object with string keys, relating to the names of the throttler contexts (again,'default'
if no name) and values of objects that havelimit
andttl
keys.IMPORTANT: The
ttl
is now in miliseconds. If you want to keep your ttl in seconds for readability, usetheseconds
helper from this package. It just multiplies the ttl by 1000 to make it in milliseconds.
-
b72c9cb: Revert resolvable properties for ttl and limit
The resolvable properties made a breaking change for custom guards that was unforseen. This reverts it and schedules the changes for 5.0.0 instead
- d8d8c93: Allow for ttl and limit to be set based on the execution context, instead of statically assigned for the entire application
- 527d51c: Support Nest v10
-
4803dda: Rewrite the storage service to better handle large numbers of operations
The initial behavior was that
getRecord()
returned an list of sorted TTL timestamps, then if it didn't reach the limit, it will calladdRecord()
. This change was made based on the use of the Redis storage community package where it was found how to prevent this issue. It was found out that express-rate-limit is incrementing a single number and returning the information in a single roundtrip, which is significantly faster than how NestJS throttler works by calledgetRecord()
, thenaddRecord
.- removed
getRecord
addRecord(key: string, ttl: number): Promise<number[]>;
changes toincrement(key: string, ttl: number): Promise<ThrottlerStorageRecord>;
If you are just using the throttler library, you're already covered. No changes necessary to your code, version 4.0.0 will work as is.
If you are providing a custom storage, you will need to remove your current service's
getRecord
method and renameaddRecord
toincremenet
while adhering to the new interface and returning anThrottlerStorageRecord
object - removed
-
da3c950: Add
skipIf
option to throttler module optionsWith the new option, you can pass a factory to
skipIf
and determine if the throttler guard should be used in the first palce or not. This acts just like applying@SkipThrottle()
to every route, but can be customized to work off of theprocess.env
orExecutionContext
object to provide better support for dev and QA environments.
- c9fcd51: Upgrade nest version to v9. No breaking changes in direct code, but in nest v9 upgrade
- cf50808: fix memory leak for timeoutIds array. Before this, the timeoutIds array would not be trimmed and would grow until out of memory. Now ids are properly removed on timeout.
- adding in a comment about version (b13bf53)
- v2 and above is now being developed specificially for nest v8 and could have some unforseen side effects with Nest v7. use with v7 at your own risk.
1.2.1 (2021-07-09)
- upgrade to nest v8 (cb5dd91)
0.3.0 (2020-11-10)
- module: async register is now
forRootAsync
(a1c6ace)
0.2.3 (2020-08-06)
- ws: allows for optional use of @nestjs/websocket (f437614)
0.2.2 (2020-06-12)
- moves userAgent check to http handler (87183af)
- decorator: add setThrottlerMetadata() function back (ea31a9c)
- graphql: implements graphql limiter (40eaff1)
- Add support for ws (websockets) (a745295)
- Add support for ws (websockets) (8103a5a)
- Make storage methods async (92cd4eb)
- exception: Use const instead of duplicated string (f95da2c)
- guard: Add default case for context.getType() switch (ff46d57)
- Implement basic support for websocket (3a0cf2e)
0.2.1 (2020-06-09)
- add support for ignoreUserAgents option (1ab5e17)
0.2.0 (2020-06-09)
- make core module global and export core module inside ThrottlerModule (1f4df42)
- makes options required in forRoot and forRootAsync (14e272a)
- remove global guard and require user to implement it manually (840eae4)
0.1.1 (2020-06-07)
- interface: fixes the storage interface to be async (f7565d9)
- adds back AppModule to allow for running server for tests (5af229b)
- updates some types (b26fc06)
- updates storage interface to use number (339f29c)
- updates tests and resolves comments from pr (ee87e05)
- .gitignore: Ignore all dist and node_modules rather than root-level only (d9609af)
- guard: Change RateLimit header prefix to X-RateLimit (328c0a3)
- guard: Change RateLimit header prefix to X-RateLimit (3903885)
- guard: guard now binds globally without the use of @UseGuards() (4022447)
- guard: guard now binds globally without the use of @UseGuards() (3ca146d)
- guard: Prevent RateLimit-Remaining from going below 0 (25e33c8)
- guard: Prevent RateLimit-Remaining from going below 0 (74b1668)
- guard: Use the correct approach to check for excluded routes (38eac3c)
- guard: Use the correct approach to check for excluded routes (912813f)
- req.method value in httpPromise (b9ee26e)
- Swap excludeRoutes for @SkipThrottle() decorator (16d6fac)
- fastify: updates guard to work for fastify (bc678a3)
- Implement ignoreRoutes functionality (7b8ab42)
- package.json: Add --watch to start:dev script (3c4c28a)
- Implement ignoreRoutes functionality (75f870c)
- module: implements start of limiter module (35dbff5)
- package.json: Add --watch to start:dev script (a6b441c)
- Add global ThrottlerGuard (9a84aff)
- adds httpromise for async/await http calls in tests (70210c7)
- Rename certain variables to use the THROTTLER prefix (6a21b21)
- Setup example app (df6b5f6)
- Setup example app (30c7576)