Gathering detailed insights and metrics for timeout-middleware
Gathering detailed insights and metrics for timeout-middleware
Gathering detailed insights and metrics for timeout-middleware
Gathering detailed insights and metrics for timeout-middleware
npm install timeout-middleware
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
3 Stars
32 Commits
2 Forks
2 Watching
2 Branches
3 Contributors
Updated on 21 Apr 2020
Minified
Minified + Gzipped
JavaScript (100%)
Cumulative downloads
Total Downloads
Last day
90.9%
21
Compared to previous day
Last week
60.8%
82
Compared to previous week
Last month
-17.8%
435
Compared to previous month
Last year
-16.4%
5,969
Compared to previous year
#timeout-middleware#
Express middleware that intercepts the res.status
, res.sendStatus
and res.send
functions and checks for whether the response has timed out or not.
##Why
The res object in Express is a subclass of Node.js's http.ServerResponse
.
It is possible to call res.setHeader(name, value)
as often as needed until res.writeHead(statusCode)
is called.
After writeHead
, the headers are baked in and you can only call res.write(data)
, and finally res.end(data)
.
Because of the way middleware processing works, once a module passes the request to the next middleware, it can no longer stop the flow, so we need to check if the request has timed out before we can continue to act on the request.
The express module for request timeout connect-timeout
does this with a middleware that checks for req.timedout
.
Which would be used (as top-level middleware) like this:
var express = require('express');
var timeout = require('connect-timeout');
// example of using this top-level; note the use of haltOnTimedout
// after every middleware; it will stop the request flow on a timeout
var app = express();
app.use(timeout('5s'));
app.use(bodyParser());
app.use(haltOnTimedout);
app.use(cookieParser());
app.use(haltOnTimedout);
// Add your routes here, etc.
function haltOnTimedout(req, res, next){
if (!req.timedout) next();
}
app.listen(3000);
Above codesnippet is copied from: https://github.com/expressjs/timeout
Since we want to set a timeout on the response and try to keep ourselves DRY:
We intercept the usage of res.status
, res.sendStatus
and res.send
with a wrapper that checks for the res.timedout
bool that we put on the res
object.
If res.timedout
is true
we return res
.
Else we simply return the res function that was called with its arguments:
function wrap(res, fn) {
return function(...args) {
if (res.timedout) {
console.log({res: args, fn: fn.name});
return res;
} else {
return fn.apply(res, args);
}
};
}
This will then be used in the actual middleware function:
export default (timeoutValue) => {
return (req, res, next) => {
const {send, sendStatus, status} = res;
res.setTimeout(timeoutValue);
res.on('timeout', () => {
res.timedout = true;
if (!res.headersSent) {
console.log({req, message: 'Request Timeout'});
res.statusCode = 503;
res.type('txt');
send.apply(res, ['Request Timeout']);
}
});
res.on('error'), error => {
console.log(error);
});
res.send = wrap(res, send);
res.sendStatus = wrap(res, sendStatus);
res.status = wrap(res, status);
next();
};
};
First we use destructuring to extract the send
, sendStatus
and status
functions from res
.
Then we set a timeout on the res object (see https://nodejs.org/api/http.html#http_class_http_serverresponse).
On timeout we set a boolean
attribute called res.timedout
to true.
Then we check for the res.headersSent
and if it return false
we set the res.statusCode
to 503, res.type
to 'txt'
and applies the [Request Timeout]
to send
.
On error we simply log the error to the console. This is needed since the request object is an EventEmitter and if you don't have a listener for the error event, an error will be thrown, which could crash your program.
Outside of the timeout
listener we let the res.send
use the wrapper function to intercept any timeouts for that function. We do the same with res.sendStatus
and res.status
.
Finally we proceed with next()
.
Now we can use it as a top-level middleware like this:
import express from 'express';
import timeout from 'timeout-middleware';
const app = express();
app.use(timeout(30000)); //timeout in milliseconds
app.use(bodyParser());
app.use(cookieParser());
app.listen(3000);
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
Found 2/20 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
security policy file not detected
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More