Skip to content
Merged

V3 #2

Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 38 additions & 4 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,49 @@ name: Build

on:
push:
branches: [master, v3]
tags: ['*']
pull_request:

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
build:
quality:
name: Lint & format
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 24.x
cache: npm

- name: Install dependencies
run: npm ci

- name: Check formatting
run: npm run format:check

- name: Lint
run: npm run lint

test:
name: Test (Node ${{ matrix.node-version }})
runs-on: ubuntu-latest
timeout-minutes: 15
strategy:
fail-fast: false
matrix:
node-version: [lts/*]

node-version: [22.x, 24.x]
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -20,9 +53,10 @@ jobs:
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: npm

- name: Install dependencies
run: npm install
run: npm ci

- name: Run tests
run: npm test
9 changes: 9 additions & 0 deletions .oxfmtrc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"singleQuote": true,
"tabWidth": 4,
"printWidth": 80,
"semi": true,
"trailingComma": "all",
"arrowParens": "avoid",
"bracketSpacing": true
}
20 changes: 20 additions & 0 deletions .oxlintrc.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"$schema": "./node_modules/oxlint/configuration_schema.json",
"categories": {
"correctness": "error"
},
"rules": {
"no-debugger": "error",
"no-console": ["warn", { "allow": ["warn", "error", "info"] }],
"no-unused-vars": "warn"
},
"ignorePatterns": [
"**/*.js",
"**/*.d.ts",
"docs/",
"coverage/",
".nyc_output/",
".agent-out/",
"node_modules/"
]
}
24 changes: 22 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,10 @@ Or it is possible to do manual injection:

```typescript
import HttpProtect, { VerificationStatus } from '@imqueue/http-protect';
import { getClientIp } from 'request-ip';

// inside some async function in the code
const protect = new HttpProtect();
const { status, httpCode } = await protect.verify(getClientIp(req));
const { status, httpCode } = await protect.verify(req);

switch (status) {
case VerificationStatus.LIMITED: {
Expand Down Expand Up @@ -80,6 +79,27 @@ you might want to configure it via constructor options or bypass existing
ioredis instance in the options. Please, refer `HttpProtectOptions` interface
for more details.

### Client IP resolution

By default the client IP is resolved with [request-ip](
https://www.npmjs.com/package/request-ip), which reads the usual proxy
headers (`x-forwarded-for`, `x-real-ip`, etc.). Because bans and rate limits
are keyed by this address, a client behind an untrusted proxy could spoof
those headers to evade limits or poison the ban list. When the service is
exposed behind proxies you do not fully control, override the resolver with
a trust-aware one (for example built on top of [proxy-addr](
https://www.npmjs.com/package/proxy-addr) configured with your known
proxies):

```typescript
import proxyaddr from 'proxy-addr';

const protect = new HttpProtect({
// trust only your known load balancer subnet
getClientIp: req => proxyaddr(req, ip => ip === '10.0.0.1'),
});
```

## License

This project is licensed under the GNU General Public License v3.0.
Expand Down
134 changes: 0 additions & 134 deletions eslint.config.mjs

This file was deleted.

Loading
Loading