Skip to content

fix: stop hitting additional rate limit windows once a client is already limited#686

Open
Priyanshubhartistm wants to merge 1 commit into
cameri:mainfrom
Priyanshubhartistm:fix/rate-limiter-continues-after-hit
Open

fix: stop hitting additional rate limit windows once a client is already limited#686
Priyanshubhartistm wants to merge 1 commit into
cameri:mainfrom
Priyanshubhartistm:fix/rate-limiter-continues-after-hit

Conversation

@Priyanshubhartistm

Copy link
Copy Markdown
Collaborator

Description

isRateLimited() in EventMessageHandler (eventetAdapter(message rate limiting) looped through every configured rate limit window and calledrateLimiter.hit()for each one, even after an eop had already reported the client as rate-limited. Both methods nowreturn` as soon as the
first exceeded window is found, instead of continRedis for)
every remaining window.

Related Issue

Fixes #685

Motivation and Context

Both hit() implementations (SlidingWindowRateLexecute a Lua script against Redis on every call (a ZADD/HSET write). Once a client is already known to be rate-limited, continuing to hit everypure waste: a burst of messages/events from an already-limited client multiplies Redis writes by the number of configured windows, for no behavioral beturns true`/rejects the message either way).

How Has This Been Tested?

  • Added a unit test in test/unit/handlers/event-erting that once the first configured rate limit window reports limited, no further hit()` calls are made for subsequent windows.
  • Added an analogous unit test in test/unit/adapters/web-socket-adapter.spec.ts driving the same scenario through the public `onClientMh.
  • Ran the full existing unit suites for both files (pnpm run test:unit) — all 1395 tests pass, confirming no existing test relied on thevior.
  • Ran pnpm lint, pnpm check:deps, pnpm run build, pnpm run build:check,
    pnpm run verify:cli:build, `pnpm run test:cli — all pass.
  • Ran pnpm run docker:test:integration (99 scenarios): 97 passed, including the
    Rate Limiter feature
  • pnpm check:format reports pre-existing formatut the error count is identical with and without this change, and none of the flagged lines are in
    the diff — confirmed against the unmodified bas

Screenshots (if appropriate):

N/A — backend logic change only.

Types of changes

  • Non-functional change (docs, style, minor r
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this proj
  • My change requires a change to the documentation.
  • I have updated the documentation accordingl
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my code changes
  • I added a changeset, or this is docs-only and I added an empty changeset.
  • All new and existing tests passed.

…ady limited

isRateLimited() in EventMessageHandler and WebSocketAdapter iterated every
configured rate limit window and called rateLimiter.hit() even after an
earlier window had already tripped. Each hit() call executes a Lua script
against Redis, so a client already being rate-limited caused N redundant
Redis writes per message instead of one. Both methods now return as soon
as the first exceeded window is found.

Signed-off-by: Priyanshubhartistm <bhartipriyanshustm@gmail.com>
@changeset-bot

changeset-bot Bot commented Jul 14, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 55d770c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
nostream Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@coveralls

Copy link
Copy Markdown
Collaborator

Coverage Status

Coverage is 67.648%Priyanshubhartistm:fix/rate-limiter-continues-after-hit into cameri:main. No base build found for cameri:main.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[BUG] Rate limiter checks all windows even after a hit - excess Redis writes on limited clients

2 participants