You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
version used: "redis-token-bucket-ratelimiter": "^0.5.1"
EXPECTED
When I await limiter.use(), I expected to get RollingLimiterResult object. As documented on readme page example
Example below uses `limit.rejected' to tell if a request was rejected
async function rateLimitMiddleware(req, res, next) {
const id = getUserId(req);
const limit = await requestLimiter.use(id);
// Your max tokens
res.set('X-RateLimit-Limit', String(limit.limit));
// Remaining tokens; this continually refills
res.set('X-RateLimit-Remaining', String(limit.remaining));
// The time at which it's valid to do the same request again; this is almost always now()
const retrySec = Math.ceil(limit.retryDelta / 1000);
res.set(
'X-RateLimit-Reset',
String(Math.ceil(Date.now() / 1000) + retrySec)
);
if (limit.rejected) {
res.set('Retry-After', String(retrySec));
res.status(429).json({
error: {
message: `Rate limit exceeded, retry in ${retrySec} seconds.`,
name: 'RateLimitError',
},
});
return;
}
next();
}
ACTUAL
When use() amount exceeds limit, the function throws error instead
I think you are correct that this is unexpected behavior, as it is reasonable to set someone's limit to 0 if their account is, say, disabled. In that case, the error thrown rather than a rejection is quite unexpected and will require an additional catch() clause to correctly trap.
I assume this is what you are doing? Can you tell me more about your use case?
Thanks for the quick reply. In our case we are not actually setting the limit to zero.
We are trying to rate limit a GraphQL API endpoint using query complexity calculations. Since graphQL allows arbitrary queries to be written, we plan to set our api limit based on points per minute. Therefore each api call cost is larger than one and deducted from the limit. Occasionally a single query might be larger than the total limit for that time, that's what triggered the error.
constlimiter=newRollingLimit({interval:60000,limit: 100,force: false,});// when complexityScore > 100 the limiter throws error instead of rejectconstlimitRes=awaitlimiter.use(storeId,complexityScore);if(limitRes.rejected){//set header and things}
BASIC INFO
version used: "redis-token-bucket-ratelimiter": "^0.5.1"
EXPECTED
When I await limiter.use(), I expected to get RollingLimiterResult object. As documented on readme page example
Example below uses `limit.rejected' to tell if a request was rejected
ACTUAL
When
use()
amount exceeds limit, the function throws error insteadAs shown in code here: https://github.com/BitMEX/node-redis-token-bucket-ratelimiter/blob/master/rollingLimit.js#L53
Which one is the correct behavior. Thanks
The text was updated successfully, but these errors were encountered: