From 96f4154ac8c29773393e2d3e4f6fa79b546a117a Mon Sep 17 00:00:00 2001 From: desperatee <25407971+desperatee@users.noreply.github.com> Date: Sat, 27 Jun 2026 10:18:40 +0000 Subject: [PATCH] fix(middleware): DefaultErrorHandler responds 503 instead of panicking on store error --- drivers/middleware/fasthttp/options.go | 9 ++++++++- drivers/middleware/gin/options.go | 7 ++++++- drivers/middleware/stdlib/options.go | 7 ++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/drivers/middleware/fasthttp/options.go b/drivers/middleware/fasthttp/options.go index 65382f2..5a63e33 100644 --- a/drivers/middleware/fasthttp/options.go +++ b/drivers/middleware/fasthttp/options.go @@ -1,6 +1,8 @@ package fasthttp import ( + "log" + "github.com/valyala/fasthttp" ) @@ -26,8 +28,13 @@ func WithErrorHandler(handler ErrorHandler) Option { } // DefaultErrorHandler is the default ErrorHandler used by a new Middleware. +// It logs the store error and responds with 503 so that store outages do not +// crash the request pipeline. Override via WithErrorHandler for custom behavior +// (e.g. fail-open). func DefaultErrorHandler(ctx *fasthttp.RequestCtx, err error) { - panic(err) + log.Printf("limiter: store error: %v", err) + ctx.SetStatusCode(fasthttp.StatusServiceUnavailable) + ctx.Response.SetBodyString("Service Unavailable") } // LimitReachedHandler is an handler used to inform when the limit has exceeded. diff --git a/drivers/middleware/gin/options.go b/drivers/middleware/gin/options.go index 604c6bc..8bef242 100644 --- a/drivers/middleware/gin/options.go +++ b/drivers/middleware/gin/options.go @@ -1,6 +1,7 @@ package gin import ( + "log" "net/http" "github.com/gin-gonic/gin" @@ -28,8 +29,12 @@ func WithErrorHandler(handler ErrorHandler) Option { } // DefaultErrorHandler is the default ErrorHandler used by a new Middleware. +// It logs the store error and responds with 503 so that store outages do not +// crash the request pipeline. Override via WithErrorHandler for custom behavior +// (e.g. fail-open). func DefaultErrorHandler(c *gin.Context, err error) { - panic(err) + log.Printf("limiter: store error: %v", err) + c.String(http.StatusServiceUnavailable, "Service Unavailable") } // LimitReachedHandler is an handler used to inform when the limit has exceeded. diff --git a/drivers/middleware/stdlib/options.go b/drivers/middleware/stdlib/options.go index 4d980b4..d81f028 100644 --- a/drivers/middleware/stdlib/options.go +++ b/drivers/middleware/stdlib/options.go @@ -1,6 +1,7 @@ package stdlib import ( + "log" "net/http" "github.com/ulule/limiter/v3" @@ -28,8 +29,12 @@ func WithErrorHandler(handler ErrorHandler) Option { } // DefaultErrorHandler is the default ErrorHandler used by a new Middleware. +// It logs the store error and responds with 503 so that store outages do not +// crash the request pipeline. Override via WithErrorHandler for custom behavior +// (e.g. fail-open). func DefaultErrorHandler(w http.ResponseWriter, r *http.Request, err error) { - panic(err) + log.Printf("limiter: store error: %v", err) + http.Error(w, "Service Unavailable", http.StatusServiceUnavailable) } // LimitReachedHandler is an handler used to inform when the limit has exceeded.