Draft: feat: rate limiting
based on: https://en.wikipedia.org/wiki/Generic_cell_rate_algorithm
Benefits of using this algorithm:
- Only requires mutually exclusive lock when we encounter new clients
- 8 bytes of state of client
- Extremely accurate
retry_afterdurations, measured error was 0.578181 milliseconds Drawbacks: - Requires either proxy with
X-Forwarded-Forheader, otherwiseConnectInfo<SocketAddr>
Another thing I'm not happy about is per_minute. Measurement should be configurable per second/minute/hour/day.
Do we want to permanently refuse requests after a certain thresholds in case a client refuses to respect the cooldown period?
Maybe this should be in globals instead of being a service on its own?
proof-of-concept: https://files.catbox.moe/liujw4.mp4
Closes #4
-
I agree to release my code and all other changes of this MR under the Apache-2.0 license
Edited by avdb