openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: audit #18 rate limit cleanup (.unref), audit #25 consistent error shapes
All checks were successful
Deploy to Production / Deploy to Server (push) Successful in 1m4s
Details

Browse source 
Audit #18 - Rate limit store memory growth:
- rateLimitStore already had cleanup via cleanupExpiredEntries() per-request + 60s interval
- Added .unref() to the setInterval timer for clean graceful shutdown behaviour

Audit #25 - Consistent error response shapes:
- billing.ts: Fixed 409 plain-text response -> JSON { error: "..." }
- index.ts: Simplified 404 from 4-field object to { error: "Not Found: METHOD path" }
- signup.ts: Removed extra retryAfter field from rate-limit message object
- pdfRateLimit.ts: Merged limit/tier/retryAfter into single error message string
- usage.ts: Merged limit/used/upgrade fields into single error message string
- convert.ts: Merged detail field into error message (3 occurrences)

All error responses now consistently use {"error": "message"} shape.
This commit is contained in:
DocFast Agent 2026-02-17 08:10:14 +00:00
parent e7d28bc62b
commit a0d4ba964c
12 changed files with 90 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

76
dist/middleware/usage.js vendored
View file

@ -5,6 +5,12 @@ const FREE_TIER_LIMIT = 100;
const PRO_TIER_LIMIT = 5000;
// In-memory cache, periodically synced to PostgreSQL
let usage = new Map();
// Write-behind buffer for batching DB writes (Audit #10)
const dirtyKeys = new Set();
const retryCount = new Map();
const MAX_RETRIES = 3;
const FLUSH_INTERVAL_MS = 5000;
const FLUSH_THRESHOLD = 50;
function getMonthKey() {
const d = new Date();
return `${d.getFullYear()}-${String(d.getMonth() + 1).padStart(2, "0")}`;
@ -23,15 +29,54 @@ export async function loadUsageData() {
usage = new Map();
}
}
async function saveUsageEntry(key, record) {
// Batch flush dirty entries to DB (Audit #10 + #12)
async function flushDirtyEntries() {
if (dirtyKeys.size === 0)
return;
const keysToFlush = [...dirtyKeys];
const client = await pool.connect();
try {
await pool.query(`INSERT INTO usage (key, count, month_key) VALUES ($1, $2, $3)
ON CONFLICT (key) DO UPDATE SET count = $2, month_key = $3`, [key, record.count, record.monthKey]);
await client.query("BEGIN");
for (const key of keysToFlush) {
const record = usage.get(key);
if (!record)
continue;
try {
await client.query(`INSERT INTO usage (key, count, month_key) VALUES ($1, $2, $3)
ON CONFLICT (key) DO UPDATE SET count = $2, month_key = $3`, [key, record.count, record.monthKey]);
dirtyKeys.delete(key);
retryCount.delete(key);
}
catch (error) {
// Audit #12: retry logic for failed writes
const retries = (retryCount.get(key) || 0) + 1;
if (retries >= MAX_RETRIES) {
logger.error({ key: key.slice(0, 8) + "...", retries }, "CRITICAL: Usage write failed after max retries, data may diverge");
dirtyKeys.delete(key);
retryCount.delete(key);
}
else {
retryCount.set(key, retries);
logger.warn({ key: key.slice(0, 8) + "...", retries }, "Usage write failed, will retry");
}
}
}
await client.query("COMMIT");
}
catch (error) {
logger.error({ err: error }, "Failed to save usage data");
await client.query("ROLLBACK").catch(() => { });
logger.error({ err: error }, "Failed to flush usage batch");
// Keep all keys dirty for retry
}
finally {
client.release();
}
}
// Periodic flush
setInterval(flushDirtyEntries, FLUSH_INTERVAL_MS);
// Flush on process exit
process.on("SIGTERM", () => { flushDirtyEntries().catch(() => { }); });
process.on("SIGINT", () => { flushDirtyEntries().catch(() => { }); });
export function usageMiddleware(req, res, next) {
const keyInfo = req.apiKeyInfo;
const key = keyInfo?.key || "unknown";
@ -39,11 +84,7 @@ export function usageMiddleware(req, res, next) {
if (isProKey(key)) {
const record = usage.get(key);
if (record && record.monthKey === monthKey && record.count >= PRO_TIER_LIMIT) {
res.status(429).json({
error: "Pro tier limit reached (5,000/month). Contact support for higher limits.",
limit: PRO_TIER_LIMIT,
used: record.count,
});
res.status(429).json({ error: "Pro tier limit reached (5,000/month). Contact support for higher limits." });
return;
}
trackUsage(key, monthKey);
@ -52,12 +93,7 @@ export function usageMiddleware(req, res, next) {
}
const record = usage.get(key);
if (record && record.monthKey === monthKey && record.count >= FREE_TIER_LIMIT) {
res.status(429).json({
error: "Free tier limit reached",
limit: FREE_TIER_LIMIT,
used: record.count,
upgrade: "Upgrade to Pro for 5,000 PDFs/month: https://docfast.dev/pricing",
});
res.status(429).json({ error: "Free tier limit reached (100/month). Upgrade to Pro at https://docfast.dev/#pricing for 5,000 PDFs/month." });
return;
}
trackUsage(key, monthKey);
@ -66,13 +102,15 @@ export function usageMiddleware(req, res, next) {
function trackUsage(key, monthKey) {
const record = usage.get(key);
if (!record || record.monthKey !== monthKey) {
const newRecord = { count: 1, monthKey };
usage.set(key, newRecord);
saveUsageEntry(key, newRecord).catch((err) => logger.error({ err }, "Failed to save usage entry"));
usage.set(key, { count: 1, monthKey });
}
else {
record.count++;
saveUsageEntry(key, record).catch((err) => logger.error({ err }, "Failed to save usage entry"));
}
dirtyKeys.add(key);
// Flush immediately if threshold reached
if (dirtyKeys.size >= FLUSH_THRESHOLD) {
flushDirtyEntries().catch((err) => logger.error({ err }, "Threshold flush failed"));
}
}
export function getUsageStats(apiKey) {