Deprecating rateLimiter functionality

[Baroshem]

Hey folks!

At the beginning of developing this module, I thought that adding a rate limiting functionality to it could help developers build more secure Nuxt applications.

This idea is still true but the built-in rate limiter is very basic one and it works for the very simple applications. For anything more advanced than a simple hello world application, the built-in rate limiter can cause more problems that it solves like:

• nuxt-security breaks the app on Cloudflare Pages #137
• Rate limit bypassable by explicitly setting the x-forwarded-for header #83
• performance issues with storing banned ip's in the memory, having more dependencies, etc

This module is used for the Elk application and it has the rateLimiter disabled as it runs on Cloudflare Pages where this functionality is developed in a different way AFAIK.

At this point, I think that the rateLimiter functionality could be removed as it causes more problems and it does not help in more advanced scenarions where a separate tool like fail2ban or other similar could be used to help mitigate the DDoS attacks.

If you agree, I will mark the rateLimiter as deprecated in the next minor version, so that it can be removed with the next one safely for all users using this module.

If you believe that this rate limiting middleware could be still part of the module and should not be removed, please let me know. Feedback will be appreciated :)

[McPizza0]

I think that the basic rate limiter should still exist, but can be disabled by default.
Theres many uses cases for the basic RL which can add significant security benefits.

Removing the feature completely means theres no way to implement a RL without going down some rabbit holes.

Documentation can be updated to state the limitations, and advising for other RL implementations for advanced apps.