Fail-Open Rate Limit Service

Build a small Express application that exposes a single GET endpoint guarded by rate limiting middleware. The middleware must tolerate backend store failures when configured to fail-open, and must pass runtime errors through Express error handling rather than hiding them.

Capabilities

Continue traffic when the store fails

• With a provided store whose increment call rejects, the GET route still responds with HTTP 200 and a JSON body containing { "ok": true, "fallback": "store-unavailable" } when fail-open mode is enabled, and the supplied logger is invoked once with the store error. @test

Surface store failure when fail-open is off

• Using the same failing store but disabling fail-open mode, the GET route hands the store error to Express error handling so the response becomes HTTP 503 with a JSON body { "error": "store failure" }. @test

Propagate handler errors

• When the request rate exceeds the configured limit, the custom over-limit handler throws an Error("limit failure") and that error is forwarded to Express error handling, producing an HTTP 500 response whose body includes "limit failure". @test

Implementation

@generates

API

export interface StoreLike {
  increment(key: string): Promise<{ totalHits: number; resetTime?: Date }>;
  decrement?(key: string): Promise<void>;
  resetKey?(key: string): Promise<void>;
}

export interface BuildOptions {
  store: StoreLike;
  failOpen?: boolean;
  logger?: (error: unknown) => void;
  limit?: number;
  windowMs?: number;
}

export function createApp(options: BuildOptions): import("express").Express;

Dependencies { .dependencies }

express { .dependency }

HTTP server and routing framework to expose the endpoint and error middleware.

express-rate-limit { .dependency }

Rate limiting middleware that supports fail-open behavior for store errors and passes custom handler errors through Express.