v1.0.1: Added fix to allow for time skew within freeRetries

BUG: Fixed an edge case where freeretries weren't being respected if app servers had slightly different times

v1.0.0: Updated to use Express 4.x as a peer dependency.

NEW: Updated to use Express 4.x as a peer dependency.
REMOVED: proxyDepth option on ExpressBrute has been removed. Use app.set('trust proxy', x) from Express 4 instead. More Info
REMOVED: getIPFromRequest(req) has been removed from instances, use req.ip instead.

v0.6.0: Add ignoreIP option and switch from Jasmine to Mocha

• NEW: Added new ignoreIP option. (Thanks Magnitus-!)
• CHANGED: .reset callbacks are now always called asyncronously, regardless of the implementation of the store (particularly effects MemoryStore).
• CHANGED: Unit tests have been converted from Jasmine to Mocha/Chai/Sinon
• BUG: Fixed a crash when .reset was called without a callback function

v0.5.3: Improve handling of errors in the persistent store

• NEW: Added the handleStoreError option to allow more customizable handling of errors that are thrown by the persistent store. Default behavior is to throw the errors as an exception - there is nothing ExpressBrute can do to recover.
• CHANGED: Errors thrown as a result of errors raised by the store now include the store's error as well, for debugging purposes.

v0.5.2: Change to avoid deprecated warning in express 4.x

• CHANGED: Stopped using res.send(status, body), as it is deprecated in express 4.x. Instead call res.status and res.send separately (Thanks marinewater!)

v0.5.1: Fixed bug with proxyDepth and X-Forwarded-For

• BUG: When setting proxyDepth to 1, ips is never populated with proxied X-Forwarded-For IP.

v0.5.0: Move MemcachedStore into a separate module and switch from 403 to 429

• NEW: Added an additional FailTooManyRequests failure callback, that returns a 429 (TooManyRequests) error instead of 403 (Forbidden). This is a more accurate error status code.
• NEW: All the built in failure callbacks now set the "Retry-After" header to the number of seconds until it is safe to try again. Per RFC6585
• NEW: Documentation updated to list some known store implementations.
• CHANGED: Default failure callback is now FailTooManyRequests. FailForbidden remains an option for backwards compatiblity.
• CHANGED: ExpressBrute.MemcachedStore is no longer included by default, and is now available as a separate module (because there are multiple store options it doesn't really make sense to include one by default).
• CHANGED: FailMark no longer sets returns 403 Forbidden, instead does 429 TooManyRequets.

v0.4.2

• BUG: In some cases when no callbacks were supplied memcached would drop the request. Ensure that memcached always sees a callback even if expressBrute isn't given one.

v0.4.1

• NEW: refreshTimeoutOnRequest option that allows you to prevent the remaining lifetime for a timer from being reset on each request (useful for implementing limits for set time frames, e.g. requests per day)
• BUG: Lifetimes were not previously getting extended properly for instances of ExpressBrute.MemoryStore

v0.4.0

• NEW: attachResetToRequest parameter that lets you prevent the request object being decorated
• NEW: failCallback can be overriden by getMiddleware
• NEW: proxyDepth option on ExpressBrute that specifies how many levels of the X-Forwarded-For header to trust (inspired by express-bouncer).
• NEW: getIPFromRequest method that essentially allows reset to used in a similar ways as in v0.2.2. This also respects the new proxyDepth setting.
• CHANGED: getMiddleware now takes an options object instead of the key directly.