Giter VIP home page Giter VIP logo

Comments (3)

qingmimi529 avatar qingmimi529 commented on June 9, 2024 1

Thank you for your answer. I have understood why this situation occurred. I will try using Redis storage instead of the default memory store, and your guess is correct. I did mean to express' 10 times within 10 seconds', but I mistakenly typed it due to my own negligence.

from express-rate-limit.

qingmimi529 avatar qingmimi529 commented on June 9, 2024 
myExpress.use(
    "/api/suggestion/create",
    rateLimit({
      windowMs: 10 * 1000,
      max: req => {
        if (
          req.headers.session &&
          validateSession(req.headers.session as string)
        ) {
          return 10;
        } else {
          return 1;
        }
      },
      message: "您的操作过于频繁,请稍后再试",
      keyGenerator: req => {
        return req.headers.session as string;
      },
    })

like this

from express-rate-limit.

nfriedly avatar nfriedly commented on June 9, 2024

I see two things that might be an issue:

      keyGenerator: req => {
        return req.headers.session as string;
      },

This should probably have a fallback for users without a session header, e.g.

      keyGenerator: req => {
        return (req.headers.session as string) || req.ip;
      },

② For example, to create a suggested interface, a user can call it up to 10 times within 10 days - I tested this with Postman, occasionally normal and occasionally abnormal, and there may be 15 successful requests, as well as the first 10 successful requests and the last five unsuccessful ones.

(I assume you meant "10 times within 10 seconds")

This is likely due to using the default MemoryStore where the time windows doesn't start with the first request, it starts when express-rate-limit is initialized and then repeats from there. So, some of the requests fall into the first 10-second window, and other requests fall into the next 10-second window, and a user could potentially get up to 20 requests in a row before having to wait 10 seconds.

Any of the external stores are going to behave closer to what you're probably expecting, where they have separate time windows for each user, starting at that user's first request: https://github.com/express-rate-limit/express-rate-limit#store If you don't want to set up a database, then the precise memory store might be the way to go: https://www.npmjs.com/package/precise-memory-rate-limit

from express-rate-limit.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.