This pull request introduces a new feature to the rate limiter middleware by adding a whitelist option, along with several related changes to the codebase and documentation.

New Feature: Whitelist Option for Rate Limiter

• Rate Limiter Configuration:

  • Added a whiteList property to the RateLimiter type, allowing specific IP addresses to bypass rate limiting. (docs/content/3.middleware/1.rate-limiter.md, src/types/middlewares.ts, src/defaultConfig.ts) [1] [2] [3]
  • Updated documentation to include details about the new whiteList property. (docs/content/3.middleware/1.rate-limiter.md)

• Implementation in Configuration:

  • Configured the rate limiter with the new whiteList option in various configuration files. (playground/nuxt.config.ts, test/fixtures/rateLimiter/nuxt.config.ts) [1] [2]

• Middleware Updates:

  • Updated the rate limiter middleware to check if the request's IP is in the whitelist and skip rate limiting if it is. (src/runtime/server/middleware/rateLimiter.ts)

• Testing:

  • Added new test cases to verify the behavior of the rate limiter with different whitelist configurations. (test/rateLimiter.test.ts)
  • Added new test pages to support the rate limiter tests. (test/fixtures/rateLimiter/pages/whitelistBase.vue, test/fixtures/rateLimiter/pages/whitelistEmpty.vue, test/fixtures/rateLimiter/pages/whitelistNotListed.vue) [1] [2] [3]

Additional Changes

• Security Configuration:

  • Fixed an issue where securityConfig was not correctly initialized in the basic authentication middleware. (src/runtime/server/middleware/basicAuth.ts)

• Nonce Handling:

  • Improved the handling of nonces in CSP headers by ensuring existing nonces are replaced instead of duplicated. (src/runtime/nitro/plugins/40-cspSsrNonce.ts) [1] [2]

These changes enhance the flexibility and functionality of the rate limiter middleware, allowing certain IP addresses to bypass rate limiting, and improve the overall security configuration and nonce handling in the application.

Resolves #595
Resolves #586
Resolves #517