4.0.0 - 2022-05-xx
- bump dependencies
This release drops support for Node.js v12. Please use Node.js v14 and later.
3.1.2 - 2022-02-15
- bump dependencies
- minor code refinements
- great to see a release after 1.5 years of silence 🥳
3.1.1 - 2020-08-05
- bump dependencies
- minor code refinements
- replaced
request-ip
dependency with@supercharge/request-ip
providing improved request IP detection
3.1.0 - 2020-06-01
- refined route-specific rate limit handling
- bump dependencies
This release introduces an updated handling route-level max attempts.
Previously, the default (server-wide) rate limit affected route-level rate limits. Now, the route-level rate limits are independend and not affected by the default rate limit.
Example: you have a /login
route with { max: 10 }
configuration and your default configuration is { max: 60 }
. In the previous version, any request to other pages than /login
would affect the max limit of 10 requests for the /login
route. This behavior may have eaten all 10 requests already before even visiting the /login
route. This new version handles the /login
route independently from other pages because it has its own max
configuration.
This changed handling may introduce a breaking change for your app if you previously worked around that issue. Sorry, if I’m causing you trouble. I’m releasing this version as a minor release in the 2.x
and 3.x
release lines. In case you’re using tilde (~
) in your package.json
file, you’re not directly updated to this version when running npm install
.
3.0.0 - 2020-01-10
- bump dependencies
- refined description in
package.json
- require Node.js v12
- this change aligns with the hapi ecosystem requiring Node.js v12 with the release of hapi 19
2.13.0 - 2020-06-01
- refined route-specific rate limit handling
This release introduces an updated handling route-level max attempts.
Previously, the default (server-wide) rate limit affected route-level rate limits. Now, the route-level rate limits are independend and not affected by the default rate limit.
Example: you have a /login
route with { max: 10 }
configuration and your default configuration is { max: 60 }
. In the previous version, any request to other pages than /login
would affect the max limit of 10 requests for the /login
route. This behavior may have eaten all 10 requests already before even visiting the /login
route. This new version handles the /login
route independently from other pages because it has its own max
configuration.
This changed handling may introduce a breaking change for your app if you previously worked around that issue. Sorry, if I’m causing you trouble. I’m releasing this version as a minor release in the 2.x
and 3.x
release lines. In case you’re using tilde (~
) in your package.json
file, you’re not directly updated to this version when running npm install
.
2.12.0 - 2019-11-22
- Travis testing for Node v13
- TypeScript definitions for the rate limit request decoration and plugin options: this allows autocompletion in your editor (at least in VS Code :))
- bump dependencies
- internal refactorings: move event emitter to a dedicated class
- internal refactorings: move rate limit data to a dedicated class
lodash
as a dependency@hapi/hoek
as a devDependency
2.11.0 - 2019-10-17
- basic TypeScript declarations in
lib/index.d.ts
2.10.0 - 2019-10-10
getIp
option allowing you to manually determine the IP address from the request.- Example:
await server.register({ plugin: require('hapi-rate-limitor'), options: { getIp: async (request) => { const ips = request.headers['x-forwarded-for'].split(',') return ips[ips.length - 1] } } }
- Example:
emitter
option to pass in your custom event emitter- dispatch rate limiting events:
rate-limit:attempt
,rate-limit:in-quota
,rate-limit:exceeded
- every event listener receives the request as the only argument
2.9.0 - 2019-08-13
- add
ipWhitelist
option representing an array of IP addresses that will skip rate limiting
- bump dependencies
- update NPM scripts
- minor code refinements
- Travis testing for Node.js version 11
2.8.0 - 2019-06-25
- support for Redis connection string, like
redis: 'redis://user:pass@dokku-redis-lolipop:6379'
(Thank you Rob! PR #37)
- minor code refinements
- bump dependencies
2.7.1 - 2019-05-10
- update to
@hapi/boom
fromboom
- test Node.js v12
- bump dependencies
2.7.0 - 2019-05-04
- ensure a user-defined view exists on server start, otherwise throw an error
- bump dependencies
- minor internal refactorings
2.6.1 - 2019-04-27
- bump dependencis
- update to hapi scoped dependencies
2.6.0 - 2019-02-28
- wait for Redis connection
onPreStart
- close Redis connection
onPostStop
2.5.3 - 2019-02-18
- bump dependencies
- fix badges in Readme
- Changelog: rename GitHub references
fs-opensource -> futurestudio
2.5.2 - 2019-01-26
- Readme: rename GitHub references
fs-opensource -> futurestudio
2.5.1 - 2019-01-22
- update tests for hapi 18
- bump dependencies
2.5.0 - 2019-01-16
- plugin option
skip
: a function that determines whether to skip rate limiting for a request
- bump dependencies
2.4.0 - 2018-12-12
- plugin option
extensionPoint
: request lifecycle extension point when the plugin should apply rate limiting
- bump dependencies
- refined plugin options overview in Readme
- improved formatting of code examples in Readme
2.3.0 - 2018-10-29
enabled
plugin option: allows you to disable the plugin, e.g. when running testsenabled
route option: disable the plugin for individual routes that would eat up the user’s rate limit, e.g. assets
- test for Node.js 11
2.2.0 - 2018-10-21
- extract ID from authenticated requests even without user limit
- extract user limit even without user identifier
- apply user’s max on routes with rate limit config
- bump dependencies
2.1.0 - 2018-09-30
- refactoring: move rate limit handling to class
- fix lint issues in test files
- bump dependencies
- Travis testing for Node.js v9
2.0.1 - 2018-09-11
- fix 404 handling: proceed response without rate limit data
2.0.0 - 2018-09-11
- route-specific rate limits
- NPM command to calculate coverage
- fix user-specific rate limits and use the userId as identifier
- switch from
lab
andcode
toAVA
for testing
- unused
.prettierignore
file
userLimitKey
becomesuserLimitAttribute
in 2.0: if you used dynamic rate limits withuserLimitKey
, you need to change it touserLimitAttribute
.
1.1.1 - 2018-08-21
- Readme: quick navigation and logo size fix for small screens
1.1.0 - 2018-08-08
- dynamic rate limits
- readme describes rate-limit-related response headers
- add logo
1.0.0
release 🚀 🎉