Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

meta : export getValidations function #456

Closed
wants to merge 1 commit into from
Closed

meta : export getValidations function #456

wants to merge 1 commit into from

Conversation

bejewel-kyoungmin
Copy link 

		keyGenerator(request: Request, _response: Response): string {
			// Run the validation checks on the IP and headers to make sure everything
			// is working as intended.
			validations.ip(request.ip)
			validations.trustProxy(request)
			validations.xForwardedForHeader(request)

			// By default, use the IP address to rate limit users.
			// eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
			return request.ip!
		},

above code is default keyGenerator.
I wanna make custom keyGenerator that is based on default keyGenerator.
For using validations, I have to call getValidations function.
But getValidations is not exported.
That's why I made this pr. Thank you : )

@gamemaker1
Copy link
Member

Hi @bejewel-kyoungmin,

Thanks for making the PR!

The validations in the default keyGenerator are only to be called if you are using the IP address of the user as the key. You do not need to call these validations if you are defining a custom key generator (which should ideally use something more reliable than an IP address, like an authentication token).

That said, I believe it would be beneficial to work on exporting the validation API;

  1. for users to build on it
  2. for better validation support in express-slow-down, which uses this package under the hood

What do you think, @nfriedly?

@nfriedly
Copy link
Member

nfriedly commented May 9, 2024
edited

Yea, my thinking with not exporting the validations part was that

  1. If you're supplying your own functions, then you're probably a more advanced user that is unlikely to hit the issues the validations check for
  2. As @gamemaker1 said, the validations may not even apply in your use case

So, in light of that, I'm not sure this PR makes sense.

However, I've had the idea of moving the validations code to a standalone library for a while now. But I haven't fully fleshed out what that would look like and what all it would provide. (If you omit the parts that are specific to this library, there's not that much code left.)

@bejewel-kyoungmin
Copy link
Author 

validations.ip(request.ip)
validations.trustProxy(request)
validations.xForwardedForHeader(request)

when I first met this code, I think these validations make sense.
so I wanna take these validations for my own key.
I'm considering to make key like this ${ip}.${otherkey}
It is not hard to copy and paste that validation code to my codebase.
I respect you guys opinions. and I appreciate making useful package.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bejewel-kyoungmin @gamemaker1 @nfriedly