Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

duration vs blockDuration

See original GitHub issue

I’m not understanding the relationship between duration and blockDuration. Using the example “Login endpoint protection” in the wiki if I set my RateLimiterRedis configuration as:

const limiterConsecutiveFailsByUsernameAndIP = new RateLimiterRedis({
  storeClient: redisClient,
  keyPrefix: 'login_fail_consecutive_username_and_ip',
  points: 5,
  duration: 60 * 60 * 24 * 90, // Store number for 90 days since first fail
  blockDuration: 30
});

after 5 failed login attempts I’m locked out for 90 days-- the calculated retrySec is ~ 7776000 and any subsequent login attempts are blocked (until I delete my redis keys). I’m purposely setting the blockDuration to 30 (i.e. 30 seconds) for testing. Once it’s working as expected I’ll change to 1 hour (60 * 60) or something reasonable.

How do these 2 settings work together? For testing and understanding how this works I’ve set duration to 60 and blockDuration to 30, but only duration seems to matter and I reset 60 seconds after the first failed attempt. Once max points have been consumed in duration that appears to be it. How does blockDuration matter at all?

Issue Analytics

State:
Created 4 years ago
Comments:9 (5 by maintainers)

Top GitHub Comments

1reaction

hburrowscommented, Jul 11, 2019

@animir That works. Thanks!! Feel free to close this issue. Hopefully, I helped lower the barrier for the next user. Thanks for this great library and your outstanding support maintaining it.

1reaction

animircommented, Jul 11, 2019

@hburrows You’re right, good catch. It never reaches consume, since get returns remainingPoints === 0 and 429 error.

We can check consumedPoints instead of remaining I’ve modified the example

  if (resSlowByIP !== null && resSlowByIP.consumedPoints > maxWrongAttemptsByIPperDay) {
    retrySecs = Math.round(resSlowByIP.msBeforeNext / 1000) || 1;
  } else if (resUsernameAndIP !== null && resUsernameAndIP.consumedPoints > maxConsecutiveFailsByUsernameAndIP) {
    retrySecs = Math.round(resUsernameAndIP.msBeforeNext / 1000) || 1;
  }

In this case it reaches one more consume and blocks it for blockDuration seconds. So all next get calls returns it as expected

Top Results From Across the Web

New – EC2 Spot Blocks for Defined-Duration Workloads - AWS

New Spot Block Model Pricing is based on the requested duration and the available capacity, and is typically 30% to 45% less than...

[1% mepivacaine and axillary block: duration of the sensory ...

Duration of paralysis was 144 +/- 40 minutes and duration of paresis was 190 +/- 51 minutes. Pain occurred in three out of...

Evaluation of Block Duration in Type 2 Diabetes Patients

refusal of sciatic nerve block,; age < 50 yr or > 80 yr,; American Society of Anesthesiologists state > IV,; presence of contraindications...

The effects of block duration and tasks demands on the ...

Two experiments investigated the relationship between task irrelevant thinking and block duration in 2 types of task. In Experiment 1, a vigilance task...

The Effects of Block Duration and Task Demands on the ...

Two experiments investigated the relationship between task irrelevant thinking and block duration in two types of task. In Experiment One, a vigilance task ......