fix rate limit validation in alias handler

moleculerjs / moleculer-web

:earth_africa: Official API Gateway service for Moleculer framework

http://moleculer.services/docs/moleculer-web.html

MIT License

292 stars 118 forks source link

fix rate limit validation in alias handler #318

Closed iamorchio88 closed 1 year ago

iamorchio88 commented 1 year ago

In addition to the fix , we have to pass the instance of store . Example: ` module.exports = { name: "api", mixins: [ApiGateway],

settings: { port: process.env.GATEWAY_PORT || 3000,

routes: [
  {
    path: "/test-service",
    rateLimit: {
      window: 10 * 1000,
      limit: 2,
      headers: true,
      key: (req) => req.headers["x-forwarded-for"],
      store: new MemoryStore(), // HERE USE INSTANCE
    },
    whitelist: [
      "test-service.test",
    ],
    bodyParsers: {
      json: { limit: "2MB" },
    },
    aliases: {
      "POST /test": "test-service.testAction",
    },

  },
],

onError(req, res, err) {
  console.error(err);
  res.setHeader("Content-Type", "text/plain");
  res.writeHead(err.code);
  res.end(err.data || err.message);
},

}, methods: {}, }; `

icebob commented 1 year ago

I've checked the code and route.rateLimit is fine. The createRoute method merges the route.opts.rateLimit with the this.settings.rateLimit global config and puts the merged config to route.rateLimit in line 1343, so the route.rateLimit is the final config after merging.

https://github.com/moleculerjs/moleculer-web/blob/acc6c8c194ea6cb04a2bba6abcb3fd84aad81dae/src/index.js#L1329-L1343