volos-quota-common - npm Package Compare versions

Comparing version 0.11.8 to 0.11.9

lib/memory_buffer.js

@@ -53,2 +53,3 @@ /****************************************************************************
   this.clockOffset = undefined;
+  this.remoteApplyFailed =  false;
 
@@ -134,2 +135,3 @@ assert(options.timeInterval);
   this.flushing = false;
+  this.remoteExpiryTimestamp =  undefined;
 };
@@ -182,3 +184,4 @@
     isAllowed: (count <= allow),
-    expiryTime: this.expires - now
+    expiryTime: this.expires - now,
+    remoteApplyFailed: this.owner.remoteApplyFailed 
   };
@@ -207,3 +210,9 @@
     self.flushing = false;
-    if (err) { return (cb) ? cb(err) : console.error(err); }
+    if (err) {
+      if (self.owner.options.failOpen === true ) {
+        self.owner.remoteApplyFailed = true;
+      }
+      return (cb) ? cb(err) : console.error(err); 
+    }
+    self.owner.remoteApplyFailed = false;
 
@@ -222,2 +231,7 @@ // sync time with remote if never been synced
                          (!remoteExpires || remoteExpires === self.remoteExpires); // same remote time bucket?
+
+    if ( reply.expiryTimestamp ) { // filter out back dated remote expiry, these are invalid responses from remote
+      sameTimeBucket = sameTimeBucket && ( !self.remoteExpiryTimestamp || reply.expiryTimestamp >= self.remoteExpiryTimestamp );
+    }
+
     if (!sameTimeBucket) {
@@ -230,2 +244,6 @@ debug('new time bucket');
     self.remoteCount = reply.used;
+    if ( reply.expiryTimestamp ) {
+      self.remoteExpiryTimestamp = reply.expiryTimestamp;
+    }
+
     self.count -= options.weight; // subtract applied value
@@ -232,0 +250,0 @@

lib/quota-connect.js

@@ -51,3 +51,3 @@ /****************************************************************************
     var opts = calcOptions(req, options);
-    applyQuota(self, opts, resp, next);
+    applyQuota(self, opts, resp, next, req);
   };
@@ -70,3 +70,3 @@ };
     debug('Quota check:', opts.identifier);
-    applyQuota(self, opts, resp, next);
+    applyQuota(self, opts, resp, next, req);
   };
@@ -84,3 +84,3 @@ };
 
-function applyQuota(self, options, resp, next) {
+function applyQuota(self, options, resp, next, req) {
   debug('Quota check:', options.identifier);
@@ -90,3 +90,20 @@ self.quota.apply(
     function(err, reply) {
-      if (err) { return next(err); }
+      if (err) {
+        if ( self.quota.options.failOpen === true ) {
+          if ( req ) {
+            req['quota-failed-open'] = true; // pass the flag to next plugins
+            debug('bypassing quota checks and setting quota-failed-open for identifier: %s', options.key || options.identifier);
+          }
+          return next();
+        } else {
+          return next(err);
+        }
+      }
+      if ( reply.remoteApplyFailed === true ) {
+        if ( req ) {
+          req['quota-failed-open'] = true; // pass the flag to next plugins
+          debug('remote quota not available so processing locally, setting quota-failed-open for identifier: %s', options.key || options.identifier);
+        }
+      }
+      
       resp.setHeader('X-RateLimit-Limit', reply.allowed);
@@ -93,0 +110,0 @@ resp.setHeader('X-RateLimit-Remaining', reply.allowed - reply.used);

npm-shrinkwrap.json

 {
   "name": "volos-quota-common",
-  "version": "0.11.8",
+  "version": "0.11.9",
   "lockfileVersion": 1,
@@ -5,0 +5,0 @@ "requires": true,

package.json

 {
   "name": "volos-quota-common",
-  "version": "0.11.8",
+  "version": "0.11.9",
   "main": "lib/quota.js",
@@ -5,0 +5,0 @@ "license": "MIT",

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

30520

increased by4.59%

Lines of code

566

increased by5.79%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes