Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Added passOnStoreError to skip rate limitter if the store is not available #447

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

feat: Added passOnStoreError to skip rate limitter if the store is not available #447

wants to merge 2 commits into from

Conversation

Gp2mv3
Copy link

@Gp2mv3 Gp2mv3 commented Mar 20, 2024

This PR adds the parameter passOnStoreError to allow requests if the store is not available.
For instance, if using Redis and the Redis server disconnects, the request will still pass.

This feature can be important for HA issues.

nfriedly
nfriedly requested changes Mar 20, 2024
View reviewed changes
Copy link
Member

@nfriedly nfriedly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea, thanks!

A few thoughts:

  1. There's a lot of "stuff" inside the try/catch besides the store.increment() call, so I think it should either be renamed to passOnError or else the try/catch should be more narrowly scoped to only the increment call.
    • I'm leaning towards the rename option, but I could see a good argument for the other side.
  2. If we go with the rename option, it should probably hook into the existing handleAsyncErrors:

    express-rate-limit/source/lib.ts

    Line 284 in e3e3ca9

    const handleAsyncErrors =
  3. Regardless, I think it should log the error, not just silently allow the request.

What do you think @gamemaker1 ?

@nfriedly
Copy link
Member

nfriedly commented Mar 20, 2024
edited

Oh, and this PR closes express-rate-limit/rate-limit-redis#193 and fixes express-rate-limit/rate-limit-redis#190

@gamemaker1
Copy link
Member

Hi @Gp2mv3, thanks for making this PR!

  1. There's a lot of "stuff" inside the try/catch besides the store.increment() call, so I think it should either be renamed to passOnError or else the try/catch should be more narrowly scoped to only the increment call.

I think we should keep it passOnStoreError, and scope it to the increment call as you said.

The passOnStoreError option has already been requested in rate-limit-redis, and I think it'd be better if we just provide it as part of express-rate-limit.

  1. Regardless, I think it should log the error, not just silently allow the request.

I agree, we should make this addition to handleAsyncErrors regardless of the passOnStoreError option.

@Gp2mv3
Copy link
Author

Gp2mv3 commented Mar 21, 2024

Hello,
Thanks for the feedback. I moved the try catch to only enclose increment.
However, I'm not sure of what you mean for the point 3. Can you elaborate ?

@gamemaker1
Copy link
Member

By point 3, we mean logging the error before calling next().

Also logging the error in handleAsyncError can be done in a separate pr.

@nfriedly
Copy link
Member

Also logging the error in handleAsyncError can be done in a separate pr.

handleAsyncError currently passes the error onto express.js to handle however it's configured to (show an error page by default), so no need to change it unless we add an option that ignores those errors.

express-rate-limit/source/lib.ts

Line 291 in e3e3ca9

next(error)

nfriedly
nfriedly reviewed Mar 21, 2024
View reviewed changes
source/lib.ts
resetTime = incrementResult.resetTime
} catch (error) {
if (config.passOnStoreError) {
next()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
next()
console.error('express-rate-limit: error from store, allowing request without rate-limiting.', error)
next()

This is what I meant by point 3.

test/library/middleware-test.ts
Comment on lines +965 to +984
it('should not pass if the store throws an error by default', async () => {
const app = createServer(
rateLimit({
limit: 1,
store: new StoreThrowingErrors(),
}),
)
await request(app).get('/').expect(500)
})

it('should pass if the store throws an error and passOnStoreError is true', async () => {
const app = createServer(
rateLimit({
limit: 1,
store: new StoreThrowingErrors(),
passOnStoreError: true,
}),
)
await request(app).get('/').expect(200)
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I forgot to say it last time, but thank you for adding these tests!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nfriedly nfriedly nfriedly requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Gp2mv3 @nfriedly @gamemaker1