Comments (3)
Thank you for your answer. I have understood why this situation occurred. I will try using Redis storage instead of the default memory store, and your guess is correct. I did mean to express' 10 times within 10 seconds', but I mistakenly typed it due to my own negligence.
from express-rate-limit.
myExpress.use(
"/api/suggestion/create",
rateLimit({
windowMs: 10 * 1000,
max: req => {
if (
req.headers.session &&
validateSession(req.headers.session as string)
) {
return 10;
} else {
return 1;
}
},
message: "您的操作过于频繁,请稍后再试",
keyGenerator: req => {
return req.headers.session as string;
},
})
like this
from express-rate-limit.
I see two things that might be an issue:
keyGenerator: req => {
return req.headers.session as string;
},
This should probably have a fallback for users without a session header, e.g.
keyGenerator: req => {
return (req.headers.session as string) || req.ip;
},
② For example, to create a suggested interface, a user can call it up to 10 times within 10 days - I tested this with Postman, occasionally normal and occasionally abnormal, and there may be 15 successful requests, as well as the first 10 successful requests and the last five unsuccessful ones.
(I assume you meant "10 times within 10 seconds")
This is likely due to using the default MemoryStore where the time windows doesn't start with the first request, it starts when express-rate-limit is initialized and then repeats from there. So, some of the requests fall into the first 10-second window, and other requests fall into the next 10-second window, and a user could potentially get up to 20 requests in a row before having to wait 10 seconds.
Any of the external stores are going to behave closer to what you're probably expecting, where they have separate time windows for each user, starting at that user's first request: https://github.com/express-rate-limit/express-rate-limit#store If you don't want to set up a database, then the precise memory store might be the way to go: https://www.npmjs.com/package/precise-memory-rate-limit
from express-rate-limit.
Related Issues (20)
- Not callable expression in 6.7.1 HOT 14
- Multiple rate limits with different window sizes not working properly HOT 6
- ValidationError: The 'X-Forwarded-For' header is set but the Express HOT 2
- limit is not working , still need to set max HOT 5
- [Question] keyGenerator option HOT 4
- Get Remaining Rate-Limit HOT 3
- ERR_ERL_DOUBLE_COUNT with multiple rate limits HOT 2
- It blocks all IPs instead of blocking each IP HOT 7
- getKey is undefined in Redis Store HOT 9
- Passed options in RateLimitRequestHandler HOT 1
- Install a problem in express5 / express@next HOT 9
- Can't get the correct ip HOT 3
- Ratelimit headers empty while running on Bun v1.0.x HOT 1
- Don't know how to resetKey when user complete captcha HOT 6
- requestWasSuccessful usage doesn't support returning a Promise
- Can't use process.env variables HOT 3
- An option similar to `skip` but which is evaluated after the request has completed HOT 2
- Add Support for Persistent Storage (e.g., Redis) in express-rate-limit HOT 1
- Enhanced Rate Limiting with a retryAfter option and IP Blocking Features for Improved Flexibility HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-rate-limit.