import type { AtomicConsumeResult, AuthRateLimitConfig, AuthRequestContext, AuthUser, AuthenticatedContext, RateLimitMiddlewareResult, RateLimitResult, RateLimitStorage, TokenBucket } from "../../types/index.js"; /** * In-memory storage for rate limiting (single instance deployments) */ export declare class MemoryRateLimitStorage implements RateLimitStorage { private buckets; private cleanupInterval?; private expiryMs; constructor(cleanupIntervalMs?: number, expiryMs?: number); getBucket(userId: string): Promise; setBucket(userId: string, bucket: TokenBucket): Promise; deleteBucket(userId: string): Promise; healthCheck(): Promise; cleanup(): Promise; private cleanupExpiredBuckets; } /** * Redis-backed storage for rate limiting (distributed deployments) */ export declare class RedisRateLimitStorage implements RateLimitStorage { private redisUrl; private prefix; private ttlSeconds; private client; private initPromise; constructor(config: { url: string; prefix?: string; ttlSeconds?: number; /** When set, TTL will be at least ceil(windowMs/1000) so keys outlive the rate-limit window. */ windowMs?: number; }); private getClient; private createClient; getBucket(userId: string): Promise; setBucket(userId: string, bucket: TokenBucket): Promise; deleteBucket(userId: string): Promise; /** * Atomically refill and consume one token using a Redis Lua script. * * The entire read-modify-write cycle runs inside Redis as a single * atomic operation, so two parallel requests for the same user can * never read the same token count. */ atomicConsume(userId: string, limit: number, windowMs: number, nowMs: number): Promise; healthCheck(): Promise; cleanup(): Promise; } /** * Token bucket rate limiter implementation * * Uses the token bucket algorithm which allows for burst traffic while * maintaining an average rate limit. Tokens are continuously added to * the bucket at a fixed rate, and each request consumes one token. */ export declare class UserRateLimiter { private storage; private config; constructor(config: AuthRateLimitConfig, storage?: RateLimitStorage); /** * Get the rate limit for a specific user based on their roles */ private getLimitForUser; /** * Check if a user should skip rate limiting (based on roles) */ private shouldSkipRateLimit; /** * Consume a token from the user's bucket * Returns the rate limit result * * When the storage backend supports `atomicConsume` (e.g. Redis with Lua), * the entire refill-and-consume is executed as a single atomic operation, * preventing race conditions where parallel requests both read the same * token count and both succeed. */ consume(user: AuthUser): Promise; /** * Get current rate limit status for a user without consuming a token */ getStatus(user: AuthUser): Promise; /** * Reset rate limit for a user (admin action) */ resetUser(userId: string): Promise; /** * Check storage health */ healthCheck(): Promise; /** * Cleanup resources */ cleanup(): Promise; } /** * Middleware result type */ /** * Create rate limiting middleware for authenticated requests * * @param config - Rate limit configuration * @param storage - Optional custom storage backend * @returns Middleware function * * @example * ```typescript * const rateLimitMiddleware = createRateLimitByUserMiddleware({ * maxRequests: 100, * windowMs: 60000, // 1 minute * roleLimits: { * "premium": 500, * "admin": 1000 * }, * skipRoles: ["super-admin"] * }); * * // Use in server * app.use(async (request, context) => { * const result = await rateLimitMiddleware(context); * if (!result.proceed) { * return result.response; * } * // Continue processing... * }); * ``` */ export declare function createRateLimitByUserMiddleware(config: AuthRateLimitConfig, storage?: RateLimitStorage): (context: AuthenticatedContext) => Promise; /** * Create a combined auth and rate limit middleware * * @param authMiddleware - Authentication middleware function * @param rateLimitConfig - Rate limit configuration * @param storage - Optional custom storage backend * @returns Combined middleware function * * @example * ```typescript * const protectedRoute = createAuthenticatedRateLimitMiddleware( * createAuthMiddleware({ provider: authProvider }), * { maxRequests: 100, windowMs: 60000 } * ); * * // Use in routes * app.post("/api/generate", async (request) => { * const result = await protectedRoute(request); * if (!result.proceed) { * return result.response; * } * // Handle request with result.context * }); * ``` */ export declare function createAuthenticatedRateLimitMiddleware(authMiddleware: (context: AuthRequestContext) => Promise<{ proceed: boolean; context?: AuthenticatedContext; response?: Response; }>, rateLimitConfig: AuthRateLimitConfig, storage?: RateLimitStorage): (context: AuthRequestContext) => Promise<{ proceed: boolean; context?: AuthenticatedContext; rateLimitResult?: RateLimitResult; response?: Response; }>; /** * Create rate limit storage based on configuration * * @param config - Storage configuration * @returns Appropriate storage backend * * @example * ```typescript * // Memory storage (default) * const storage = createRateLimitStorage({ type: "memory" }); * * // Redis storage * const storage = createRateLimitStorage({ * type: "redis", * redis: { * url: "redis://localhost:6379", * prefix: "myapp:ratelimit:" * } * }); * ``` */ export declare function createRateLimitStorage(config: { type: "memory" | "redis"; redis?: { url: string; prefix?: string; ttlSeconds?: number; windowMs?: number; }; cleanupIntervalMs?: number; }): RateLimitStorage;