Validation Profiles for Request Throttling

Build a small module that constructs request-throttling middleware with different validation presets, leaning on the dependency's configurable safety checks for proxy/IP handling instead of reimplementing validations.

Capabilities

Strict validation preset

• Building without a mode uses a strict validation profile: the middleware is constructed with dependency validation checks active for IP format sanity, proxy trust configuration, Forwarded/X-Forwarded-For handling, and detection of creation inside a request handler. @test

Validation opt-out

• Passing a mode of "none" creates middleware with dependency validations disabled so questionable proxy/IP setups do not raise validation errors. @test

Proxy-only preset with overrides

• Passing a mode of "proxyOnly" activates only proxy header/trust checks while leaving other validations off; any provided overrides flip the individual proxy header, IP format, or creation-location checks on/off and merge with that preset. @test

Exposed validation summary

• The factory returns an inspection object describing which validation checks were passed to the dependency alongside the middleware itself. @test

Implementation

@generates

API

export type ValidationMode = "strict" | "none" | "proxyOnly";

export interface ValidationOverrides {
  proxyHeaders?: boolean;
  ipFormat?: boolean;
  creationLocation?: boolean;
}

export interface ValidationBuildResult {
  middleware: unknown;
  validationConfig: Record<"proxyHeaders" | "ipFormat" | "creationLocation", boolean>;
}

export function buildValidationLimiter(
  mode?: ValidationMode,
  overrides?: ValidationOverrides
): ValidationBuildResult;

Dependencies { .dependencies }

express-rate-limit { .dependency }

Rate limiting middleware that supports configurable validation toggles around IP handling and proxy safety.