Fails open when path or method options are not set #31
Description
The documentation states that the path and method are optional; however, when applying the express-limiter middleware globally, both of these options MUST be set. Otherwise, the middleware will not be applied to any routes (e.g., fail open).
The problem lies in the following lines of source code:
if (opts.method && opts.path) app[opts.method](opts.path, middleware)
return middleware
If the express-limiter method AND path options are both set then the middleware is applied to the corresponding Express route. Otherwise, the middleware is simply returned. If the express-limiter instance is being applied globally, then it will not be applied to any routes and will fail open.
This was probably done in an attempt to automatically detect whether the middleware is being applied globally vs directly into a route. If this is intended, then the documentation needs to be updated to warn that the path AND method MUST be set when applying the middleware globally.