Comments (5)
Sorry was sick - catching up.
You are right, something not right. The Passport authenticate is set up in the middleware to be called with each request. This set up line is 36 mentioned above. I would not expect any Passport activity before this point. Trace shows otherwise.
from express-rate-limit.
Hum, that's confusing. Can you post the full stack trace it logs with the error?
The way the check works is that it looks for the string "Layer.handle [as handle_request]" in the stack trace. Perhaps that string is appearing for some reason? I'm not sure why it would be intermittent, though..
Also, as a workaround, you can disable that validation check:
const publicAPIlimiter = rateLimit({
windowMs: <someValue>,
limit: <several allowed>,
validate: {
creationStack: false
}
});
const authRateLimit = rateLimit({
windowMs: <someSmallerValue>,
limit: <SmallerLimit>,
validate: {
creationStack: false
}
});
from express-rate-limit.
Here is the stack.
Not sure why it indicates creation as part of the authentication, as the piece of code above is registered at start up time with the all the routes on the server. Those two are registered 2nd and 3rd respectively.
Thank you for your attention.
Et
ValidationError: express-rate-limit instance should be created at app initialization, not when responding to a request. See https://express-rate-limit.github.io/ERR_ERL_CREATED_IN_REQUEST_HANDLER/ for more information.
at Object.creationStack (/home/ubuntu/dev/<appName>/node_modules/express-rate-limit/dist/index.cjs:308:13)
at Object.wrappedValidations.<computed> [as creationStack] (/home/ubuntu/dev/<appName>/node_modules/express-rate-limit/dist/index.cjs:338:22)
at rateLimit (/home/ubuntu/dev/<appName>/node_modules/express-rate-limit/dist/index.cjs:633:22)
at new SecurityHandlers (/home/ubuntu/dev/<appName>/server/securityMiddleware/security.handlers.ts:20:39)
at /home/ubuntu/dev/<appName>/server/routes.ts:36:7
at Layer.handle [as handle_request] (/home/ubuntu/dev/<appName>/node_modules/express/lib/router/layer.js:95:5)
at trim_prefix (/home/ubuntu/dev/<appName>/node_modules/express/lib/router/index.js:328:13)
at /home/ubuntu/dev/<appName>/node_modules/express/lib/router/index.js:286:9
at param (/home/ubuntu/dev/<appName>/node_modules/express/lib/router/index.js:365:14)
at param (/home/ubuntu/dev/<appName>/node_modules/express/lib/router/index.js:376:14)
at Function.process_params (/home/ubuntu/dev/<appName>/node_modules/express/lib/router/index.js:421:3)
at next (/home/ubuntu/dev/<appName>/node_modules/express/lib/router/index.js:280:10)
at SessionStrategy.strategy.pass (/home/ubuntu/dev/<appName>/node_modules/passport/lib/middleware/authenticate.js:346:9)
at SessionStrategy.authenticate (/home/ubuntu/dev/<appName>/node_modules/passport/lib/strategies/session.js:75:10)
at attempt (/home/ubuntu/dev/<appName>/node_modules/passport/lib/middleware/authenticate.js:369:16)
at authenticate (/home/ubuntu/dev/<appName>/node_modules/passport/lib/middleware/authenticate.js:370:7) {
code: 'ERR_ERL_CREATED_IN_REQUEST_HANDLER',
help: 'https://express-rate-limit.github.io/ERR_ERL_CREATED_IN_REQUEST_HANDLER/'
}
from express-rate-limit.
What's at and around line 36 in your /home/ubuntu/dev/<appName>/server/routes.ts
?
Also, I'm a little perplexed as to how passport's authenticate function is the last item in the stack trace - is it getting called in a setTimeout
or process.nextTick
or something along those lines?
from express-rate-limit.
Just checking back in, did you make any progress on this? If not, could you share the snippet of your routs.ts
, around line 36?
from express-rate-limit.
Related Issues (20)
- ValidationError: The 'X-Forwarded-For' header is set but the Express HOT 2
- I found that this library occasionally works and occasionally doesn't work. HOT 3
- limit is not working , still need to set max HOT 5
- [Question] keyGenerator option HOT 4
- Get Remaining Rate-Limit HOT 3
- ERR_ERL_DOUBLE_COUNT with multiple rate limits HOT 2
- It blocks all IPs instead of blocking each IP HOT 7
- getKey is undefined in Redis Store HOT 9
- Passed options in RateLimitRequestHandler HOT 1
- Install a problem in express5 / express@next HOT 9
- Can't get the correct ip HOT 3
- Ratelimit headers empty while running on Bun v1.0.x HOT 1
- Don't know how to resetKey when user complete captcha HOT 6
- requestWasSuccessful usage doesn't support returning a Promise
- Can't use process.env variables HOT 3
- An option similar to `skip` but which is evaluated after the request has completed HOT 2
- Add Support for Persistent Storage (e.g., Redis) in express-rate-limit HOT 1
- Enhanced Rate Limiting with a retryAfter option and IP Blocking Features for Improved Flexibility HOT 2
- Allow rate limit configuration dynamic based on request comes in (Saas) HOT 22
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-rate-limit.