Giters

vbrazo / rate_limiter

Rate Limiter engine for Rails APIs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Rate Limiter for Rails APIs

CircleCI Gem Version

Rate Limiter is a Rails engine that can easily limit requests per client in your Rails APIs.

Problem

Rate limiting is the act of limiting the number of requests sent to or from a system. It's most often used to limit the number of incoming requests in order to prevent DoS attacks and can be enforced at the IP-address level, at the user-account level, or at the region level, for example.

DoS attack

Short for "denial-of-service attack", a DoS attack is an attack in which a malicious user tries to bring down or damage a system in order to render it unavailable to users. Much of the time, it consists of flooding it with traffic. Some DoS attacks are easily preventable with rate limiting, while others can be far trickier to defend against.

DDoS attack

Short for "distributed denial-of-service attack", a DDoS attack is a DoS attack in which the traffic flooding the target system comes from many different sources (like thousands of machines), making it much harder to defend against.

Approach

In order to control the Rate Limiting, this Rails Engine proposes to use Redis and its in-memory key-value store. Redis offers some persistent storage options but is typically used as a really fast, best-effort caching solution. Redis is also often used to implement rate limiting.

Installation

  • Add this line to your application's Gemfile:
gem 'rate_limiter_engine', 'X.Y.Z'

and run bundle to install your dependencies.

  • Create an initializer for your Rate Limiter engine and set the default properties:
RateLimiter.configure do |config|
  config.rate_default = 2
  config.period_default = 2
  config.force_rate_limit = 100
  config.force_period = 2
end

Usage

To add a Rate Limiter, all you have to do is include RateLimiter::RateLimit in ApplicationController to have it on all your controllers using default settings of 100 request per hour (100 seconds).

You can also add it directly to the controller you want to be rate limited.

To customize, just use helper methods rate and period, as following:

class ApplicationController < ActionController::Base
  include RateLimiter::RateLimit

  rate 100
  period 100

  
end

Available Docker commands

I built this engine with Docker so I'd suggest using it. All available commands are:

Command Description
make build Build the application
make specs Run all the specs
make bash access the bash inside the container

About

Rate Limiter engine for Rails APIs

Languages

Language:Ruby 64.3%Language:HTML 34.1%Language:Makefile 0.8%Language:Dockerfile 0.8%