Description:
In rate-limit.ts , the reset() method attempts to clear a rate limit record using a prefixed key:
await this.cache.delete(ratelimit:${ip});
But records are stored under the plain ip key (no prefix). This means reset() silently does nothing — the rate limit is never actually cleared.
Steps to reproduce:
- Trigger rate limiting for an IP
- Call rateLimiter.reset(ip)
- The IP remains rate limited
Expected:
Record is cleared, subsequent requests succeed Actual: Record persists, IP stays blocked
File:
rate-limit.ts
~line 120 Fix: Change to this.cache.delete(ip)
Description:
In rate-limit.ts , the reset() method attempts to clear a rate limit record using a prefixed key:
await this.cache.delete(
ratelimit:${ip});But records are stored under the plain ip key (no prefix). This means reset() silently does nothing — the rate limit is never actually cleared.
Steps to reproduce:
Expected:
Record is cleared, subsequent requests succeed Actual: Record persists, IP stays blocked
File:
rate-limit.ts
~line 120 Fix: Change to this.cache.delete(ip)