Replies: 11 comments 26 replies
-
Should we also drop node 14? It's been EOL for almost 2 years, and active security support ended 3 months ago.
We should also remove the
We could try out tsc for the decorators, if it makes writing validations easier. |
Beta Was this translation helpful? Give feedback.
-
I was wondering if we should drop the default export too - and only have a named export. It'll allow us to get rid of the ugly footer we tape on to the end of the cjs files. |
Beta Was this translation helpful? Give feedback.
-
Hum, it looks like the headers standardization went through a major change: https://author-tools.ietf.org/iddiff?url1=draft-ietf-httpapi-ratelimit-headers-06&url2=draft-ietf-httpapi-ratelimit-headers-07&difftype=--html Instead of separate headers for limit, remaining, and reset, they're now fields in a single header. I think we'll want to support this, but now I'm not sure about making it the default since it's still changing. I also think we want some way to request the behavior from the earlier draft. I don't like |
Beta Was this translation helpful? Give feedback.
-
I just had a thought: for deprecation notices, we've been using |
Beta Was this translation helpful? Give feedback.
-
One more change I think we should make is to rename the |
Beta Was this translation helpful? Give feedback.
-
Last PR for 6.10 is up: #379 |
Beta Was this translation helpful? Give feedback.
-
Kind of a note to myself because I thought of this twice today and came to the same conclusion both times: Can't use exports.MemoryStore = MemoryStore;
exports["default"] = rateLimit;
exports.rateLimit = rateLimit; So anyone using: const rateLimit = require('express-rate-limit') will hit an error that says const rateLimit = require('express-rate-limit').default Ppl using typescript with However, I feel it would be quite presumptous if we forced JS users to change their imports just so we could make bundling the library easier for us. Instead, we could shift to The benefit of switching to |
Beta Was this translation helpful? Give feedback.
-
Hey, this is kind of unrelated, but did something change with our jest setup in the past few weeks? I used to be able to run individual tests from within vs code, and now that seems broken. |
Beta Was this translation helpful? Give feedback.
-
What do you think about changing We could keep the old one around possibly with Object.defineProperty(rateLimitInfo, 'current', { configurable: false, enumerable: false, get: function() { return this.used } }) That would allow code calling |
Beta Was this translation helpful? Give feedback.
-
Ok, there's only two items left on the v7 checklist, and I think we can skip them both:
Now that specific validations can be disabled by configuration, I don't think this is as important.
This was primarily to make the validations changes I had in mind easier, but I ended up working them out without this. So I think we can skip it and stick with what works. I think we're ready, what do you think? |
Beta Was this translation helpful? Give feedback.
-
Done! Yay! |
Beta Was this translation helpful? Give feedback.
-
I have a few things in mind for the v7 release, some of which would benefit from warning users of ahead of time:
v6.10.0 - done and shipped!
onLimitReached
max=0
max: 0
change warning #370RateLimit
header from ietf draft 7 #376draft_polli_ratelimit_headers
draft_polli_ratelimit_headers
option deprecation warning #377Also, fix the root cause in the Memcached storetotalHits
value returned from store #379v7.0.0 - done and shipped!
max=0
behavior to just callhandler
on every requestmax: 0
should rate limits all requests #380draft_polli_ratelimit_headers
optiononLimitReached
MemoryStore
#378max
, replace it withlimit
.max
tolimit
while still supportingmax
#381req.rateLimit.current
toreq.rateLimit.used
Not going to change after all
Headers
Given that the standard headers draft is still undergoing significant changes, I think we should skip most of the warnings around headers (except the
draft_polli_ratelimit_headers
option), and definitely not change the defaults.v6.10:
Warn for v5 and earlierheaders
optionWarn for unset headers optionsv7
change headers defaults tostandardHeaders: true, legacyHeaders: false
update the warning for now, probably remove it eventuallyMaybe add a warning forstandardHeaders: true
?Drop support for v5 headers optionsOther changes omitted from v7:
maybe suppressmax=0
warning if a custom handler is set (this will be the case for express-slow-down and could conceivably be helpful elsewhere)- the ability to disable specific validations mostly obviates the need for this
Maybe: switch esbuild to tsc to use decorators?Beta Was this translation helpful? Give feedback.
All reactions