From 6b04b3f1f5a669a0b2dd09350cea2d100e58eff8 Mon Sep 17 00:00:00 2001 From: Tanya Byrne Date: Mon, 17 Aug 2020 17:51:33 +0100 Subject: [PATCH] Should be using the errror handler for all errors --- api/src/middleware/rate-limiter.ts | 74 ++++++++++++++---------------- 1 file changed, 35 insertions(+), 39 deletions(-) diff --git a/api/src/middleware/rate-limiter.ts b/api/src/middleware/rate-limiter.ts index 93d3d95a94..ed085f5e0e 100644 --- a/api/src/middleware/rate-limiter.ts +++ b/api/src/middleware/rate-limiter.ts @@ -19,46 +19,42 @@ const redisClient = redis.createClient({ }); const rateLimiter: RequestHandler = (req, res, next) => { - try { - // first need to check that redis is running! - if (!redisClient) { - throw new RedisNotFoundException('Redis client does not exist'); - } - // options for the rate limiter are set below. Opts can be found - // at https://github.com/animir/node-rate-limiter-flexible/wiki/Options - const opts = { - storeClient: redisClient, - points: 5, // Number of points - duration: 5, // Number of seconds before consumed points are reset. - - // Custom - execEvenly: true, // delay actions after first action - this may need adjusting (leaky bucket) - blockDuration: 0, // Do not block if consumed more than points - keyPrefix: 'rlflx', // must be unique for limiters with different purpose - }; - - const rateLimiterRedis = new RateLimiterRedis(opts); - - rateLimiterRedis - .consume(req.ip) - .then((rateLimiterRes) => { - // everything is ok - can put addition logic in there later for users etc - next(); - }) - .catch((rejRes) => { - if (rejRes instanceof RedisNotFoundException) { - throw new RedisNotFoundException('Redis insurance limiter not set up'); - } else { - // If there is no error, rateLimiterRedis promise rejected with number of ms before next request allowed - const secs = Math.round(rejRes.msBeforeNext / 1000) || 1; - res.set('Retry-After', String(secs)); - res.status(429).send('Too Many Requests'); - throw new HitRateLimitException(`Too many requests, retry after ${secs}.`); - } - }); - } catch (error) { - next(error); + // first need to check that redis is running! + if (!redisClient) { + throw new RedisNotFoundException('Redis client does not exist'); } + // options for the rate limiter are set below. Opts can be found + // at https://github.com/animir/node-rate-limiter-flexible/wiki/Options + const opts = { + storeClient: redisClient, + points: 5, // Number of points + duration: 5, // Number of seconds before consumed points are reset. + + // Custom + execEvenly: true, // delay actions after first action - this may need adjusting (leaky bucket) + blockDuration: 0, // Do not block if consumed more than points + keyPrefix: 'rlflx', // must be unique for limiters with different purpose + }; + + const rateLimiterRedis = new RateLimiterRedis(opts); + + rateLimiterRedis + .consume(req.ip) + .then((rateLimiterRes) => { + // everything is ok - can put addition logic in there later for users etc + next(); + }) + .catch((rejRes) => { + if (rejRes instanceof RedisNotFoundException) { + throw new RedisNotFoundException('Redis insurance limiter not set up'); + } else { + // If there is no error, rateLimiterRedis promise rejected with number of ms before next request allowed + const secs = Math.round(rejRes.msBeforeNext / 1000) || 1; + res.set('Retry-After', String(secs)); + res.status(429).send('Too Many Requests'); + throw new HitRateLimitException(`Too many requests, retry after ${secs}.`); + } + }); }; export default rateLimiter;