-
-
Notifications
You must be signed in to change notification settings - Fork 218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Added passOnStoreError to skip rate limitter if the store is not available #447
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea, thanks!
A few thoughts:
- There's a lot of "stuff" inside the try/catch besides the store.increment() call, so I think it should either be renamed to
passOnError
or else the try/catch should be more narrowly scoped to only the increment call.- I'm leaning towards the rename option, but I could see a good argument for the other side.
- If we go with the rename option, it should probably hook into the existing
handleAsyncErrors
:express-rate-limit/source/lib.ts
Line 284 in e3e3ca9
const handleAsyncErrors = - Regardless, I think it should log the error, not just silently allow the request.
What do you think @gamemaker1 ?
Oh, and this PR closes express-rate-limit/rate-limit-redis#193 and fixes express-rate-limit/rate-limit-redis#190 |
Hi @Gp2mv3, thanks for making this PR!
I think we should keep it The
I agree, we should make this addition to |
Hello, |
By point 3, we mean logging the error before calling Also logging the error in |
express-rate-limit/source/lib.ts Line 291 in e3e3ca9
|
resetTime = incrementResult.resetTime | ||
} catch (error) { | ||
if (config.passOnStoreError) { | ||
next() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
next() | |
console.error('express-rate-limit: error from store, allowing request without rate-limiting.', error) | |
next() |
This is what I meant by point 3.
it('should not pass if the store throws an error by default', async () => { | ||
const app = createServer( | ||
rateLimit({ | ||
limit: 1, | ||
store: new StoreThrowingErrors(), | ||
}), | ||
) | ||
await request(app).get('/').expect(500) | ||
}) | ||
|
||
it('should pass if the store throws an error and passOnStoreError is true', async () => { | ||
const app = createServer( | ||
rateLimit({ | ||
limit: 1, | ||
store: new StoreThrowingErrors(), | ||
passOnStoreError: true, | ||
}), | ||
) | ||
await request(app).get('/').expect(200) | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I forgot to say it last time, but thank you for adding these tests!
This PR adds the parameter passOnStoreError to allow requests if the store is not available.
For instance, if using Redis and the Redis server disconnects, the request will still pass.
This feature can be important for HA issues.