fix: bumped deps, added ability to whitelist globs for rate limiting (e.g. /report)

Author: niftylettuce

index.js

@@ -19,6 +19,7 @@ const etag = require('koa-etag');
 const json = require('koa-json');
 const koa404Handler = require('koa-404-handler');
 const koaConnect = require('koa-connect');
+const multimatch = require('multimatch');
 const proxyWrap = require('findhit-proxywrap');
 const removeTrailingSlashes = require('koa-no-trailing-slash');
 const requestId = require('express-request-id');
@@ -35,6 +36,7 @@ class API {
   constructor(config) {
     this.config = {
       ...sharedConfig('API'),
+      rateLimitIgnoredGlobs: [],
       ...config
     };
 
@@ -100,6 +102,24 @@ class API {
     if (this.config.auth) app.use(auth(this.config.auth));
 
     // rate limiting
+    if (this.config.rateLimit) {
+      app.use((ctx, next) => {
+        // check against ignored/whitelisted paths
+        if (
+          Array.isArray(this.config.rateLimitIgnoredGlobs) &&
+          this.config.rateLimitIgnoredGlobs.length > 0
+        ) {
+          const match = multimatch(ctx.path, this.config.rateLimitIgnoredGlobs);
+          if (Array.isArray(match) && match.length > 0) return next();
+        }
+
+        return ratelimit({
+          ...this.config.rateLimit,
+          db: client
+        })(ctx, next);
+      });
+    }
+
     if (this.config.rateLimit)
       app.use(
         ratelimit({

package.json

@@ -20,17 +20,17 @@
     "Nick Baugh <[email protected]> (http://niftylettuce.com/)"
   ],
   "dependencies": {
-    "@koa/router": "^9.4.0",
-    "@ladjs/i18n": "^6.0.5",
+    "@koa/router": "^10.0.0",
+    "@ladjs/i18n": "^7.0.1",
     "@ladjs/redis": "^1.0.7",
-    "@ladjs/shared-config": "^3.0.9",
+    "@ladjs/shared-config": "^3.0.10",
     "@ladjs/store-ip-address": "^0.0.7",
     "boolean": "3.0.1",
-    "cabin": "^8.0.7",
+    "cabin": "^9.0.4",
     "express-request-id": "^1.4.1",
     "findhit-proxywrap": "^0.3.12",
     "kcors": "^2.2.2",
-    "koa": "^2.13.0",
+    "koa": "^2.13.1",
     "koa-404-handler": "^0.0.2",
     "koa-basic-auth": "^4.0.0",
     "koa-better-error-handler": "^6.0.1",
@@ -42,28 +42,29 @@
     "koa-etag": "^4.0.0",
     "koa-json": "^2.0.2",
     "koa-no-trailing-slash": "^2.1.0",
-    "koa-simple-ratelimit": "^5.0.1",
+    "koa-simple-ratelimit": "^5.1.0",
     "lodash": "^4.17.20",
+    "multimatch": "^5.0.0",
     "request-received": "^0.0.3",
     "response-time": "^2.3.2"
   },
   "devDependencies": {
     "@commitlint/cli": "^11.0.0",
     "@commitlint/config-conventional": "^11.0.0",
-    "ava": "^3.13.0",
-    "codecov": "^3.8.0",
-    "cross-env": "^7.0.2",
-    "eslint": "^7.12.0",
-    "eslint-config-xo-lass": "^1.0.4",
-    "fixpack": "^3.0.6",
-    "husky": "^4.3.0",
-    "lint-staged": "10.4.2",
-    "mongoose": "^5.10.10",
+    "ava": "^3.15.0",
+    "codecov": "^3.8.1",
+    "cross-env": "^7.0.3",
+    "eslint": "^7.19.0",
+    "eslint-config-xo-lass": "^1.0.5",
+    "fixpack": "^4.0.0",
+    "husky": "^4.3.8",
+    "lint-staged": "10.5.3",
+    "mongoose": "^5.11.14",
     "nyc": "^15.1.0",
     "remark-cli": "^9.0.0",
-    "remark-preset-github": "^3.0.4",
-    "supertest": "^5.0.0",
-    "xo": "^0.34.1"
+    "remark-preset-github": "^4.0.1",
+    "supertest": "^6.1.3",
+    "xo": "^0.37.1"
   },
   "engines": {
     "node": ">=8.3"