Skip to content

Latest commit

 

History

History
285 lines (177 loc) · 13.9 KB

CHANGELOG.md

File metadata and controls

285 lines (177 loc) · 13.9 KB

5.0.0

6.3.0

Minor Changes

  • fc93f3a: pass context to getTraker as a second arg

6.2.1

Patch Changes

  • fbf27c6: Add the guard interfaces for export for public use

6.2.0

Minor Changes

  • 3d1a9a5: Swap MD5 hash for SHA256 to better support OpenSSL 3.0 and future iterations

6.1.1

Patch Changes

  • ef69348: Update the readme for websockets

6.1.0

Minor Changes

  • e058d50: Use ceil instead of floor while calculating expire and block expire at to properly account for rounding up instead of down and accidentally allowing for early continued requests. Related to #2074

6.0.0

Major Changes

  • 93b62d2: A time will be provided to block the request separately from the ttl. There is a breaking change at the library level. Storage library owners will be affected by this breaking change
  • 9b3f9cd: - e17a5dc: The storage has been updated to utilize Map instead of a simple object for key-value storage. This enhancement offers improved performance, especially for scenarios involving frequent additions and deletions of keys. There is a breaking change at the library level. Storage library owners will be affected by this breaking change

5.2.0

Minor Changes

  • 16467c1: Add dynamic error messages based on context and ThrottlerLimitDetail

5.1.2

Patch Changes

  • 7a431e5: Improve performance by replacing md5 npm package with Node.js crypto module.

5.1.1

Patch Changes

  • b06a208: Resolves a bug that cause 'this' to be undefined in the 'getTracker' and 'generateKey' methods of the custom ThrottlerGuard

5.1.0

Minor Changes

  • 903d187: Allow for throttler definitions to define their own trackers and key generators to allow for more customization of the rate limit process

5.0.1

Patch Changes

  • bc9e6b2: Correctly assign metadata for multiple throttlers passed to @SkipThrottle()

Major Changes

  • 2f4f2a7: # FEATURES

    • allow for multiple Throttler Contexts
    • allow for conditionally skipping based on ThrottleGuard#shouldSkip method
    • allow for easily overriding throttler message based on guard method
    • extra context passed to throw method for better customization of message
    • ThrottlerStorage no longer needs a storage property`
    • getTracker can now be async

    BREAKING CHANGES

    • ttl is now in milliseconds, not seconds, but there are time helper exposed to ease the migration to that
    • the module options is now either an array or an object with a throttlers array property
    • @Throttle() now takes in an object instead of two parameters, to allow for setting multiple throttle contexts at once in a more readable manner
    • @ThrottleSkip() now takes in an object with string boolean to say which throttler should be skipped
    • ttl and limit are no longer optional in the module's options. If an option object is passed, it must define the defaults for that throttler

    HOW TO MIGRATE

    For most people, wrapping your options in an array will be enough.

    If you are using a custom storage, you should wrap you ttl and limit in an array and assign it to the throttlers property of the options object.

    Any @ThrottleSkip() should now take in an object with string: boolean props. The strings are the names of the throttlers. If you do not have a name, pass the string 'default', as this is what will be used under the hood otherwise.

    Any @Throttle() decorators should also now take in an object with string keys, relating to the names of the throttler contexts (again, 'default' if no name) and values of objects that have limit and ttl keys.

    IMPORTANT: The ttl is now in miliseconds. If you want to keep your ttl in seconds for readability, usethe seconds helper from this package. It just multiplies the ttl by 1000 to make it in milliseconds.

4.2.1

Patch Changes

  • b72c9cb: Revert resolvable properties for ttl and limit

    The resolvable properties made a breaking change for custom guards that was unforseen. This reverts it and schedules the changes for 5.0.0 instead

4.2.0

Minor Changes

  • d8d8c93: Allow for ttl and limit to be set based on the execution context, instead of statically assigned for the entire application

4.1.0

Minor Changes

  • 527d51c: Support Nest v10

4.0.0

Major Changes

  • 4803dda: Rewrite the storage service to better handle large numbers of operations

    Why

    The initial behavior was that getRecord() returned an list of sorted TTL timestamps, then if it didn't reach the limit, it will call addRecord(). This change was made based on the use of the Redis storage community package where it was found how to prevent this issue. It was found out that express-rate-limit is incrementing a single number and returning the information in a single roundtrip, which is significantly faster than how NestJS throttler works by called getRecord(), then addRecord.

    Breaking Changes

    • removed getRecord
    • addRecord(key: string, ttl: number): Promise<number[]>; changes to increment(key: string, ttl: number): Promise<ThrottlerStorageRecord>;

    How to Migrate

    If you are just using the throttler library, you're already covered. No changes necessary to your code, version 4.0.0 will work as is.

    If you are providing a custom storage, you will need to remove your current service's getRecord method and rename addRecord to incremenet while adhering to the new interface and returning an ThrottlerStorageRecord object

3.1.0

Minor Changes

  • da3c950: Add skipIf option to throttler module options

    With the new option, you can pass a factory to skipIf and determine if the throttler guard should be used in the first palce or not. This acts just like applying @SkipThrottle() to every route, but can be customized to work off of the process.env or ExecutionContext object to provide better support for dev and QA environments.

3.0.0

Major Changes

  • c9fcd51: Upgrade nest version to v9. No breaking changes in direct code, but in nest v9 upgrade

2.0.1

Patch Changes

  • cf50808: fix memory leak for timeoutIds array. Before this, the timeoutIds array would not be trimmed and would grow until out of memory. Now ids are properly removed on timeout.

Features

  • adding in a comment about version (b13bf53)

BREAKING CHANGES

  • v2 and above is now being developed specificially for nest v8 and could have some unforseen side effects with Nest v7. use with v7 at your own risk.

1.2.1 (2021-07-09)

Performance Improvements

0.3.0 (2020-11-10)

Bug Fixes

  • module: async register is now forRootAsync (a1c6ace)

0.2.3 (2020-08-06)

Features

  • ws: allows for optional use of @nestjs/websocket (f437614)

0.2.2 (2020-06-12)

Bug Fixes

  • moves userAgent check to http handler (87183af)

Features

  • decorator: add setThrottlerMetadata() function back (ea31a9c)
  • graphql: implements graphql limiter (40eaff1)
  • Add support for ws (websockets) (a745295)
  • Add support for ws (websockets) (8103a5a)
  • Make storage methods async (92cd4eb)
  • exception: Use const instead of duplicated string (f95da2c)
  • guard: Add default case for context.getType() switch (ff46d57)
  • Implement basic support for websocket (3a0cf2e)

0.2.1 (2020-06-09)

Features

  • add support for ignoreUserAgents option (1ab5e17)

0.2.0 (2020-06-09)

Bug Fixes

  • make core module global and export core module inside ThrottlerModule (1f4df42)

Features

  • makes options required in forRoot and forRootAsync (14e272a)
  • remove global guard and require user to implement it manually (840eae4)

0.1.1 (2020-06-07)

Bug Fixes

  • interface: fixes the storage interface to be async (f7565d9)

0.1.0 (2020-06-07)

Bug Fixes

  • adds back AppModule to allow for running server for tests (5af229b)
  • updates some types (b26fc06)
  • updates storage interface to use number (339f29c)
  • updates tests and resolves comments from pr (ee87e05)
  • .gitignore: Ignore all dist and node_modules rather than root-level only (d9609af)
  • guard: Change RateLimit header prefix to X-RateLimit (328c0a3)
  • guard: Change RateLimit header prefix to X-RateLimit (3903885)
  • guard: guard now binds globally without the use of @UseGuards() (4022447)
  • guard: guard now binds globally without the use of @UseGuards() (3ca146d)
  • guard: Prevent RateLimit-Remaining from going below 0 (25e33c8)
  • guard: Prevent RateLimit-Remaining from going below 0 (74b1668)
  • guard: Use the correct approach to check for excluded routes (38eac3c)
  • guard: Use the correct approach to check for excluded routes (912813f)
  • req.method value in httpPromise (b9ee26e)

Features

  • Swap excludeRoutes for @SkipThrottle() decorator (16d6fac)
  • fastify: updates guard to work for fastify (bc678a3)
  • Implement ignoreRoutes functionality (7b8ab42)
  • package.json: Add --watch to start:dev script (3c4c28a)
  • Implement ignoreRoutes functionality (75f870c)
  • module: implements start of limiter module (35dbff5)
  • package.json: Add --watch to start:dev script (a6b441c)
  • Add global ThrottlerGuard (9a84aff)
  • adds httpromise for async/await http calls in tests (70210c7)
  • Rename certain variables to use the THROTTLER prefix (6a21b21)
  • Setup example app (df6b5f6)
  • Setup example app (30c7576)