Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix limit middleware skip options #1568

Merged
merged 3 commits into from
Oct 11, 2021
Merged

Fix limit middleware skip options #1568

merged 3 commits into from
Oct 11, 2021

Conversation

aliereno
Copy link
Contributor

@aliereno aliereno commented Oct 7, 2021

Please provide enough information so that others can review your pull request:
Related: #1567

Explain the details for making this change. What existing problem does the pull request solve?

This solution
1- doesn't forward the request before the limit reached calculations.
2- doesn't returns 429 on successful requests and doesn't overwrite the actual statuscode.

But there is a problem that I can't solve. I need some help.
When remaining number is 1 and next request should be skipped, this code will return 429 because it can't see the actual status code before checking limit reached.

@aliereno aliereno mentioned this pull request Oct 7, 2021
Closed
@ReneWerner87 ReneWerner87 linked an issue Oct 11, 2021 that may be closed by this pull request
🐛 Limiter Middleware behaves wrongly after latest changes #1567
Closed
@ReneWerner87
Copy link
Member

ReneWerner87 commented Oct 11, 2021
edited

@aliereno

When remaining number is 1 and next request should be skipped, this code will return 429 because it can't see the actual status code before checking limit reached.

https://github.com/nfriedly/express-rate-limit#skipsuccessfulrequests

you can have a look how other languages do it, this is only a process problem, not a programming language problem.

e.g. in express you should find a solution
https://github.com/nfriedly/express-rate-limit/blob/master/lib/express-rate-limit.js

@aliereno
Copy link
Contributor Author

@ReneWerner87

I checked the codes. They decreased the hit counter with a callback at the end of response (res.on("finish", ...)). So basically my code does same thing. I think they have same problem. But I didn't test it for express package.
I tried to find different libraries that has feature skip by response's status code. But I couldn't find any.

Also in this express library, they put some info about possible problem of this implementation.

https://github.com/nfriedly/express-rate-limit#skipsuccessfulrequests

# skipSuccessfulRequests
  When set to true successful requests (response status < 400) won't be counted. 
  (Technically they are counted and then un-counted, so a large number of slow 
  requests all at once could still trigger a rate-limit. This may be fixed in a future 
  release.)

I will think about optimal solution. But I can't promise anything.

@ReneWerner87 ReneWerner87 merged commit 9c37b4c into gofiber:master Oct 11, 2021
@ReneWerner87
Copy link
Member

I merged the first iteration

@DomiM94
Copy link

DomiM94 commented Oct 12, 2021

When will this be released in a new version?

@ReneWerner87
Copy link
Member

In the next days.

@meruiden
Copy link

Can u guys pls release this a little sooner? this completely breaks the limiter, it simply returns the status code but still executes everything, but we still really need the skip features so rollback is not an option for us.

@ReneWerner87
Copy link
Member

I will release the fix right away, just have to wait a short time for the checks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ReneWerner87 ReneWerner87 ReneWerner87 approved these changes

Assignees
No one assigned
Labels
☢️ Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

🐛 Limiter Middleware behaves wrongly after latest changes
4 participants
@aliereno @ReneWerner87 @DomiM94 @meruiden