Skip to content

Latest commit

 

History

History
289 lines (178 loc) · 9.83 KB

CHANGELOG.md

File metadata and controls

289 lines (178 loc) · 9.83 KB

Changelog

4.0.0 - 2022-05-xx

Updated

  • bump dependencies

Breaking Changes

This release drops support for Node.js v12. Please use Node.js v14 and later.

3.1.2 - 2022-02-15

Updated

  • bump dependencies
  • minor code refinements
  • great to see a release after 1.5 years of silence 🥳

3.1.1 - 2020-08-05

Updated

  • bump dependencies
  • minor code refinements
  • replaced request-ip dependency with @supercharge/request-ip providing improved request IP detection

3.1.0 - 2020-06-01

Updated

  • refined route-specific rate limit handling
  • bump dependencies

Possible Breaking Changes

This release introduces an updated handling route-level max attempts.

Previously, the default (server-wide) rate limit affected route-level rate limits. Now, the route-level rate limits are independend and not affected by the default rate limit.

Example: you have a /login route with { max: 10 } configuration and your default configuration is { max: 60 }. In the previous version, any request to other pages than /login would affect the max limit of 10 requests for the /login route. This behavior may have eaten all 10 requests already before even visiting the /login route. This new version handles the /login route independently from other pages because it has its own max configuration.

This changed handling may introduce a breaking change for your app if you previously worked around that issue. Sorry, if I’m causing you trouble. I’m releasing this version as a minor release in the 2.x and 3.x release lines. In case you’re using tilde (~) in your package.json file, you’re not directly updated to this version when running npm install.

3.0.0 - 2020-01-10

Updated

  • bump dependencies
  • refined description in package.json

Breaking Changes

  • require Node.js v12
    • this change aligns with the hapi ecosystem requiring Node.js v12 with the release of hapi 19

2.13.0 - 2020-06-01

Updated

  • refined route-specific rate limit handling

Possible Breaking Changes

This release introduces an updated handling route-level max attempts.

Previously, the default (server-wide) rate limit affected route-level rate limits. Now, the route-level rate limits are independend and not affected by the default rate limit.

Example: you have a /login route with { max: 10 } configuration and your default configuration is { max: 60 }. In the previous version, any request to other pages than /login would affect the max limit of 10 requests for the /login route. This behavior may have eaten all 10 requests already before even visiting the /login route. This new version handles the /login route independently from other pages because it has its own max configuration.

This changed handling may introduce a breaking change for your app if you previously worked around that issue. Sorry, if I’m causing you trouble. I’m releasing this version as a minor release in the 2.x and 3.x release lines. In case you’re using tilde (~) in your package.json file, you’re not directly updated to this version when running npm install.

2.12.0 - 2019-11-22

Added

  • Travis testing for Node v13
  • TypeScript definitions for the rate limit request decoration and plugin options: this allows autocompletion in your editor (at least in VS Code :))

Updated

  • bump dependencies
  • internal refactorings: move event emitter to a dedicated class
  • internal refactorings: move rate limit data to a dedicated class

Removed

  • lodash as a dependency
  • @hapi/hoek as a devDependency

2.11.0 - 2019-10-17

Added

  • basic TypeScript declarations in lib/index.d.ts

2.10.0 - 2019-10-10

Added

  • getIp option allowing you to manually determine the IP address from the request.
    • Example:
      await server.register({
        plugin: require('hapi-rate-limitor'),
        options: {
          getIp: async (request) => {
            const ips = request.headers['x-forwarded-for'].split(',')
      
            return ips[ips.length - 1]
          }
        }
      }
  • emitter option to pass in your custom event emitter
  • dispatch rate limiting events: rate-limit:attempt, rate-limit:in-quota, rate-limit:exceeded
    • every event listener receives the request as the only argument

2.9.0 - 2019-08-13

Added

  • add ipWhitelist option representing an array of IP addresses that will skip rate limiting

Updated

  • bump dependencies
  • update NPM scripts
  • minor code refinements

Removed

  • Travis testing for Node.js version 11

2.8.0 - 2019-06-25

Added

  • support for Redis connection string, like redis: 'redis://user:pass@dokku-redis-lolipop:6379' (Thank you Rob! PR #37)

Updated

  • minor code refinements
  • bump dependencies

2.7.1 - 2019-05-10

Updated

  • update to @hapi/boom from boom
  • test Node.js v12
  • bump dependencies

2.7.0 - 2019-05-04

Added

  • ensure a user-defined view exists on server start, otherwise throw an error

Updated

  • bump dependencies
  • minor internal refactorings

2.6.1 - 2019-04-27

Updated

  • bump dependencis
  • update to hapi scoped dependencies

2.6.0 - 2019-02-28

Added

  • wait for Redis connection onPreStart
  • close Redis connection onPostStop

2.5.3 - 2019-02-18

Updated

  • bump dependencies
  • fix badges in Readme
  • Changelog: rename GitHub references fs-opensource -> futurestudio

2.5.2 - 2019-01-26

Updated

  • Readme: rename GitHub references fs-opensource -> futurestudio

2.5.1 - 2019-01-22

Updated

  • update tests for hapi 18
  • bump dependencies

2.5.0 - 2019-01-16

Added

  • plugin option skip: a function that determines whether to skip rate limiting for a request

Updated

  • bump dependencies

2.4.0 - 2018-12-12

Added

Updated

  • bump dependencies
  • refined plugin options overview in Readme
  • improved formatting of code examples in Readme

2.3.0 - 2018-10-29

Added

  • enabled plugin option: allows you to disable the plugin, e.g. when running tests
  • enabled route option: disable the plugin for individual routes that would eat up the user’s rate limit, e.g. assets

Updated

  • test for Node.js 11

2.2.0 - 2018-10-21

Updated

  • extract ID from authenticated requests even without user limit
  • extract user limit even without user identifier
  • apply user’s max on routes with rate limit config
  • bump dependencies

2.1.0 - 2018-09-30

Added

Updated

  • refactoring: move rate limit handling to class
  • fix lint issues in test files
  • bump dependencies

Deleted

  • Travis testing for Node.js v9

2.0.1 - 2018-09-11

Updated

  • fix 404 handling: proceed response without rate limit data

2.0.0 - 2018-09-11

Added

Updated

  • fix user-specific rate limits and use the userId as identifier
  • switch from lab and code to AVA for testing

Deleted

  • unused .prettierignore file

Breaking Changes

  • userLimitKey becomes userLimitAttribute in 2.0: if you used dynamic rate limits with userLimitKey, you need to change it to userLimitAttribute.

1.1.1 - 2018-08-21

Updated

  • Readme: quick navigation and logo size fix for small screens

1.1.0 - 2018-08-08

Added

1.0.0 - 2018-07-11

Added

  • 1.0.0 release 🚀 🎉