feat add support for urls

Author: rrd108

src/module.ts

@@ -18,6 +18,7 @@ export interface ModuleOptions {
   errorMessage: string;
   retryAfterHeader: boolean;
   log: false | LogEntry;
+  routes: string[];
 }
 
 export default defineNuxtModule<ModuleOptions>({
@@ -35,6 +36,7 @@ export default defineNuxtModule<ModuleOptions>({
     errorMessage: "Too Many Requests",
     retryAfterHeader: false,
     log: false,
+    routes: [],
   },
   setup(options, nuxt) {
     const resolver = createResolver(import.meta.url);

src/runtime/server/middleware/shield.ts

@@ -10,10 +10,14 @@ import { isBanExpired } from "../utils/isBanExpired";
 import shieldLog from "../utils/shieldLog";
 
 export default defineEventHandler(async (event) => {
-  if (!event.node.req.url?.startsWith("/api/")) {
+  const config = useRuntimeConfig().public.nuxtApiShield;
+  const url = event.node.req.url;
+
+  if (!url?.startsWith("/api/") || (config.routes?.length && !config.routes.some(route => url.startsWith(route)))) {
     return;
   }
 
+
   // console.log(
   //   `👉 Handling request for URL: ${event.node.req.url} from IP: ${
   //     getRequestIP(event, { xForwardedFor: true }) || "unKnownIP"

test/basic.test.ts

@@ -11,7 +11,7 @@ const nuxtConfigBan = 10;
 beforeEach(async () => {
   // await useStorage("shield").clear(); TODO waiting for https://github.com/nuxt/test-utils/issues/531
   // this is a workaround to clean the storage
-  const storagePath = fileURLToPath(new URL("../_testShield", import.meta.url));
+  const storagePath = fileURLToPath(new URL("../_testBasciShield", import.meta.url));
   await rm(storagePath, { recursive: true, force: true });
 });
 

test/fixtures/basic/nuxt.config.ts

@@ -20,7 +20,7 @@ export default defineNuxtConfig({
       shield: {
         //driver: "memory",
         driver: "fs",
-        base: "_testShield",
+        base: "_testBasicShield",
       },
     },
   },

test/fixtures/withroutes/app.vue

@@ -0,0 +1,5 @@
+<template>
+  <div>withRoutes</div>
+</template>
+
+<script setup></script>

test/fixtures/withroutes/nuxt.config.ts

@@ -0,0 +1,25 @@
+import nuxtApiShield from "../../../src/module";
+
+export default defineNuxtConfig({
+  modules: [nuxtApiShield],
+  nuxtApiShield: {
+    limit: {
+      max: 2,
+      duration: 3,
+      ban: 10,
+    },
+    errorMessage: "Leave me alone",
+    retryAfterHeader: true,
+    log: false,
+    routes: ["/api/v3"],
+  },
+  nitro: {
+    storage: {
+      shield: {
+        //driver: "memory",
+        driver: "fs",
+        base: "_testWithRoutesShield",
+      },
+    },
+  },
+});

test/fixtures/withroutes/package.json

@@ -0,0 +1,5 @@
+{
+  "private": true,
+  "name": "withroutes",
+  "type": "module"
+}

test/fixtures/withroutes/server/api/v2/example.get.ts

@@ -0,0 +1,3 @@
+export default defineEventHandler(async () => {
+    return { id: 1, name: "Gauranga" };
+});

test/fixtures/withroutes/server/api/v3/example.get.ts

@@ -0,0 +1,3 @@
+export default defineEventHandler(async () => {
+  return { id: 1, name: "Gauranga" };
+});

test/withroutes.test.ts

@@ -0,0 +1,71 @@
+import { describe, it, expect } from "vitest";
+import { fileURLToPath } from "node:url";
+import { setup, $fetch } from "@nuxt/test-utils/e2e";
+import { beforeEach } from "vitest";
+import { rm } from "node:fs/promises";
+
+beforeEach(async () => {
+    // await useStorage("shield").clear(); TODO waiting for https://github.com/nuxt/test-utils/issues/531
+    // this is a workaround to clean the storage
+    const storagePath = fileURLToPath(new URL("../_testWithRoutesShield", import.meta.url));
+    await rm(storagePath, { recursive: true, force: true });
+});
+
+describe("shield", async () => {
+    await setup({
+        rootDir: fileURLToPath(new URL("./fixtures/withroutes", import.meta.url)),
+    });
+
+    it("respond to api call 2 times (limit.max, limit.duration) and rejects the 3rd call if the route matches the routes option", async () => {
+        // req.count = 1
+        let response = await $fetch("/api/v3/example?c=1/1", {
+            method: "GET",
+            retryStatusCodes: [],
+        });
+        expect((response as any).name).toBe("Gauranga");
+
+        // req.count = 2
+        response = await $fetch("/api/v3/example?c=1/2", {
+            method: "GET",
+            retryStatusCodes: [],
+        });
+        expect((response as any).name).toBe("Gauranga");
+
+        try {
+            // req.count = 3
+            // as limit.max = 2, this should throw 429 and ban for 3 seconds (limit.ban)
+            expect(async () =>
+                $fetch("/api/v3/example?c=1/3", { method: "GET", retryStatusCodes: [] })
+            ).rejects.toThrowError();
+        } catch (err) {
+            const typedErr = err as { statusCode: number; statusMessage: string };
+            expect(typedErr.statusCode).toBe(429);
+            expect(typedErr.statusMessage).toBe("Leave me alone");
+        }
+    });
+
+    it("respond to api call 2 times (limit.max, limit.duration) and accept the 3rd call if the route does not matches the routes option", async () => {
+        // req.count = 1
+        let response = await $fetch("/api/v2/example?c=2/1", {
+            method: "GET",
+            retryStatusCodes: [],
+        });
+        expect((response as any).name).toBe("Gauranga");
+
+        // req.count = 2
+        response = await $fetch("/api/v2/example?c=2/2", {
+            method: "GET",
+            retryStatusCodes: [],
+        });
+        expect((response as any).name).toBe("Gauranga");
+
+        // req.count = 3
+        response = await $fetch("/api/v2/example?c=2/3", {
+            method: "GET",
+            retryStatusCodes: [],
+        });
+        expect((response as any).name).toBe("Gauranga");
+    });
+
+
+});