MetaMask · FrederikBolding · Mar 10, 2022 · Mar 9, 2022 · rekmarks · Mar 10, 2022
@@ -147,4 +147,28 @@ describe('RateLimitController', () => {
       message,
     );
   });
+
+  it('timeout is only applied once per window', async () => {
+    const messenger = getRestrictedMessenger();
+    const controller = new RateLimitController({
+      implementations,
+      messenger,
+      rateLimitCount: 2,
+    });
+    expect(
+      await controller.call(origin, 'showNativeNotification', origin, message),
+    ).toBeUndefined();
+    jest.advanceTimersByTime(2500);
+    expect(
+      await controller.call(origin, 'showNativeNotification', origin, message),
+    ).toBeUndefined();
+    expect(controller.state.requests.showNativeNotification[origin]).toBe(2);
+    jest.advanceTimersByTime(2500);
+    expect(controller.state.requests.showNativeNotification[origin]).toBe(0);
+    expect(
+      await controller.call(origin, 'showNativeNotification', origin, message),
+    ).toBeUndefined();
+    jest.advanceTimersByTime(2500);
+    expect(controller.state.requests.showNativeNotification[origin]).toBe(1);
+  });
 });
@@ -169,13 +169,15 @@ export class RateLimitController<
    */
   private recordRequest(api: keyof RateLimitedApis, origin: string) {
     this.update((state) => {
-      (state as any).requests[api][origin] =
-        ((state as any).requests[api][origin] ?? 0) + 1;
-
-      setTimeout(
-        () => this.resetRequestCount(api, origin),
-        this.rateLimitTimeout,
-      );
+      const previous = (state as any).requests[api][origin] ?? 0;
+      (state as any).requests[api][origin] = previous + 1;
+
+      if (previous === 0) {
+        setTimeout(
+          () => this.resetRequestCount(api, origin),
+          this.rateLimitTimeout,
+        );
+      }
     });
   }