Why is express-rate-limit not working as expected?-CodePudding

The problem is that the rate limit is not enforced for the amount of time I specify. Instead of lasting 35 minutes, it lasts for only about 20 seconds. Also, if I keep making the request, the limit is always enforced, so that seems to refresh the time limit, which I think is also unexpected.

Apart from these issues, it works as expected, limiting the number of requests I specify in "max", as long as I make them quickly enough. I have tested locally, and on a Heroku server.

Here is the relevant code:

app.js

var express = require('express');
var dbRouter = require('./routes/db');

var limiter = require('express-rate-limit');
var app = express();

app.set('trust proxy', 1);

// This is a global limiter, not the one I'm having issues with. 
// I've tried removing it, but the issue remained.
app.use(limiter({
  windowMs: 10000,
  max: 9
}));

app.use('/db', dbRouter);

module.exports = app;

db.js

var express = require('express');
var router = express.Router();

var level_controller = require('../controllers/levelController');

var limiter = require('express-rate-limit');

var level_upload_limiter = limiter({
    windowMS: 35 * 60 * 1000,
    max: 1,
    message: 'Too many level uploads. Please try again in about 30 minutes.'
});

router.post('/level/create', level_upload_limiter, level_controller.level_create_post);

module.exports = router;

levelController.js

exports.level_create_post = [
    (req, res, next) => {
        
        // ...
        
    }
];

CodePudding user response：

It's the typo you made in your settings: ~~windowMS~~ -> windowMs