{"id":15063092,"url":"https://github.com/rrd108/nuxt-api-shield","last_synced_at":"2025-04-10T10:33:49.697Z","repository":{"id":230427929,"uuid":"779236088","full_name":"rrd108/nuxt-api-shield","owner":"rrd108","description":"Nuxt API Rate Limiter / Brute Force Protection","archived":false,"fork":false,"pushed_at":"2025-04-08T11:49:42.000Z","size":890,"stargazers_count":29,"open_issues_count":14,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-08T12:37:25.846Z","etag":null,"topics":["nuxt","nuxt-module","rate-limiter","security"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rrd108.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-29T10:58:28.000Z","updated_at":"2025-04-07T06:25:22.000Z","dependencies_parsed_at":"2024-06-13T12:24:54.595Z","dependency_job_id":"892bfb8b-632b-4f57-a1d3-352f9b7d0db4","html_url":"https://github.com/rrd108/nuxt-api-shield","commit_stats":{"total_commits":118,"total_committers":6,"mean_commits":"19.666666666666668","dds":0.2627118644067796,"last_synced_commit":"c77654dc94154f0def0f206420722b32b14d8282"},"previous_names":["rrd108/nuxt-api-shield"],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rrd108%2Fnuxt-api-shield","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rrd108%2Fnuxt-api-shield/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rrd108%2Fnuxt-api-shield/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rrd108%2Fnuxt-api-shield/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rrd108","download_url":"https://codeload.github.com/rrd108/nuxt-api-shield/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247847247,"owners_count":21006096,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nuxt","nuxt-module","rate-limiter","security"],"created_at":"2024-09-24T23:51:02.058Z","updated_at":"2025-04-10T10:33:49.670Z","avatar_url":"https://github.com/rrd108.png","language":"TypeScript","readme":"# Nuxt API Shield\n\n[![npm version][npm-version-src]][npm-version-href]\n[![npm downloads][npm-downloads-src]][npm-downloads-href]\n[![License][license-src]][license-href]\n[![Nuxt][nuxt-src]][nuxt-href]\n\nThis Nuxt module implements a rate limiting middleware to protect your API endpoints from excessive requests.\n\n- [✨ \u0026nbsp;Release Notes](/CHANGELOG.md)\n  \u003c!-- - [🏀 Online playground](https://stackblitz.com/github/your-org/nuxt-api-shield?file=playground%2Fapp.vue) --\u003e\n  - [📖 \u0026nbsp;Documentation](https://github.com/rrd108/nuxt-api-shield)\n\n## Features\n\n- **IP-Based Rate limiting and Brute Force Protection**\n  - Tracks and enforces rate limits for individual IP addresses.\n  - Prevents malicious actors or excessive requests from a single source from overwhelming your API.\n- **Customizable Rate Limits**\n  - Configure maximum request count, duration within which the limit applies, and a ban period for exceeding the limit.\n  - Add a delay to responses when a user is banned to discourage further abuse.\n  - Customize the error message for banned users.\n  - Optionally include the `Retry-After` header in responses when a user is banned.\n  - Tailor the rate-limiting behavior to align with your API's specific needs and usage patterns.\n- **Event-Driven Handling**\n  - Intercepts incoming API requests efficiently using Nuxt's event system.\n  - Ensures seamless integration with your Nuxt application's request lifecycle.\n- **Flexible Storage**\n  - Utilizes Nuxt's unstorage abstraction for versatile storage options.\n  - Store rate-limiting data in various storage providers (filesystem, memory, databases, etc.) based on your project's requirements.\n- **Configurable with Runtime Config**\n  - Easily adjust rate-limiting parameters without code changes.\n  - Adapt to dynamic needs and maintain control over rate-limiting behavior through Nuxt's runtime configuration.\n- **Clear Error Handling**\n  - Returns a standardized 429 \"Too Many Requests\" error response when rate limits are exceeded.\n  - Facilitates proper error handling in client-side applications for a smooth user experience.\n\n## Quick Setup\n\n### 1. Add `nuxt-api-shield` dependency to your project\n\n```bash\n# Using pnpm\npnpm add nuxt-api-shield\n\n# Using yarn\nyarn add nuxt-api-shield\n\n# Using npm\nnpm install nuxt-api-shield\n```\n\n### 2. Add `nuxt-api-shield` to the `modules` section of `nuxt.config.ts`\n\nYou should add only the values you want to use differently from the default values.\n\n```js\nexport default defineNuxtConfig({\n  modules: [\"nuxt-api-shield\"],\n  nuxtApiShield: {\n    /*limit: {\n      max: 12,        // maximum requests per duration time, default is 12/duration\n      duration: 108,   // duration time in seconds, default is 108 seconds\n      ban: 3600,      // ban time in seconds, default is 3600 seconds = 1 hour\n    },\n    delayOnBan: true  // delay every response with +1sec when the user is banned, default is true\n    errorMessage: \"Too Many Requests\",  // error message when the user is banned, default is \"Too Many Requests\"\n    retryAfterHeader: false, // when the user is banned add the Retry-After header to the response, default is false\n    log: {\n      path: \"logs\", // path to the log file, every day a new log file will be created, use \"\" to disable logging\n      attempts: 100,    // if an IP reach 100 requests, all the requests will be logged, can be used for further analysis or blocking for example with fail2ban, use 0 to disable logging\n    },\n    routes: [], // specify routes to apply rate limiting to, default is an empty array meaning all routes are protected.\n    // Example:\n    // routes: [\"/api/v2/\", \"/api/v3/\"], // /api/v1 will not be protected, /api/v2/ and /api/v3/ will be protected */\n  },\n});\n```\n\n### 3. Add `nitro/storage` to `nuxt.config.ts`\n\nYou can use any storage you want, but you have to use **shield** as the name of the storage.\n\n```json\n{\n  \"nitro\": {\n    \"storage\": {\n      \"shield\": {\n        // storage name, you **must** use \"shield\" as the name\n        \"driver\": \"memory\"\n      }\n    }\n  }\n}\n```\n\nIf you use for example redis, you can use the following configuration, define the host and port.\n\n```json\n{\n  \"nitro\": {\n    \"storage\": {\n      \"shield\": {\n        \"driver\": \"redis\",\n        \"host\": \"localhost\",\n        \"port\": 6379,\n      }\n    }\n  }\n}\n```\n\n### 4. Add `shield:clean` to `nuxt.config.ts`\n\n```json\n{\n  \"nitro\": {\n    \"experimental\": {\n      \"tasks\": true\n    },\n    \"scheduledTasks\": {\n      \"*/15 * * * *\": [\"shield:clean\"] // clean the shield storage every 15 minutes\n    }\n  }\n}\n```\n\n### 5. Create your `clean` task\n\nIn `server/tasks/shield/clean.ts` you should have something like this.\n\n```ts\nimport type { RateLimit } from \"#imports\";\n\nexport default defineTask({\n  meta: {\n    description: \"Clean expired bans\",\n  },\n  async run() {\n    const shieldStorage = useStorage(\"shield\");\n\n    const keys = await shieldStorage.getKeys();\n    keys.forEach(async (key) =\u003e {\n      const rateLimit = (await shieldStorage.getItem(key)) as RateLimit;\n      if (isBanExpired(rateLimit)) {\n        await shieldStorage.removeItem(key);\n      }\n    });\n    return { result: keys };\n  },\n});\n```\n\n## Development\n\n```bash\n# Install dependencies\nyarn\n\n# Generate type stubs\nyarn dev:prepare\n\n# Develop with the playground\nyarn dev\n\n# Build the playground\nyarn dev:build\n\n# Run ESLint\nyarn lint\n\n# Run Vitest\nyarn test\nyarn test:watch\n\n# Release new version\nyarn release:patch\nyarn release:minor\n```\n\n\u003c!-- Badges --\u003e\n\n[npm-version-src]: https://img.shields.io/npm/v/nuxt-api-shield/latest.svg?style=flat\u0026colorA=020420\u0026colorB=00DC82\n[npm-version-href]: https://npmjs.com/package/nuxt-api-shield\n[npm-downloads-src]: https://img.shields.io/npm/dm/nuxt-api-shield.svg?style=flat\u0026colorA=020420\u0026colorB=00DC82\n[npm-downloads-href]: https://npmjs.com/package/nuxt-api-shield\n[license-src]: https://img.shields.io/npm/l/nuxt-api-shield.svg?style=flat\u0026colorA=020420\u0026colorB=00DC82\n[license-href]: https://npmjs.com/package/nuxt-api-shield\n[nuxt-src]: https://img.shields.io/badge/Nuxt-020420?logo=nuxt.js\n[nuxt-href]: https://nuxt.com\n","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frrd108%2Fnuxt-api-shield","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frrd108%2Fnuxt-api-shield","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frrd108%2Fnuxt-api-shield/lists"}