[SOLVED] Yii2 RateLimiter header X-Rate-Limit-Reset has wrong value

Yii2 RateLimiter header X-Rate-Limit-Reset has wrong value

I have been struggling to understand the logic behind Yii2's value for X-Rate-Limit-Reset header that is calculated in this line.

The documentation states:

X-Rate-Limit-Reset, the number of seconds to wait in order to get the maximum number of allowed requests

So, if the rate limit is 100 and the time period/window is 3600 seconds, then I understand it should work like this:

Request #1 at 10:00 returns with header X-Rate-Limit-Reset 3599
Request #2 at 10:30 returns with header X-Rate-Limit-Reset 1800
Request #3 at 10:59 returns with header X-Rate-Limit-Reset 59

Am I misunderstanding something? Or is this a bug?

Solution

Actually it should be something like

Request #1 at 10:00 returns with header X-Rate-Limit-Reset 36
Request #2 at 10:30 returns with header X-Rate-Limit-Reset 36
Request #3 at 10:59 returns with header X-Rate-Limit-Reset 36

It's because with rate limit 100 / 3600 and steady requests number rate it takes hundred 36 seconds gaps to fill the given window (3600) so after 36 seconds from the first request you are getting again 100 requests you can use.

Unfortunately there is the bug with this feature in Yii 2 (it returns 0 every time) but because of your question I was able to find it and propose a fix that should be released in 2.0.14.