All Projects → martini-contrib → throttle

martini-contrib / throttle

Licence: MIT License
Throttling Middleware for Martini

Programming Languages

go
31211 projects - #10 most used programming language

Projects that are alternatives of or similar to throttle

Aspnetcoreratelimit
ASP.NET Core rate limiting middleware
Stars: ✭ 2,199 (+3390.48%)
Mutual labels:  middleware, rate-limiting
Guzzle Advanced Throttle
A Guzzle middleware that can throttle requests according to (multiple) defined rules. It is also possible to define a caching strategy, e.g. get the response from cache when the rate limit is exceeded or always get a cached value to spare your rate limits. Using wildcards in host names is also supported.
Stars: ✭ 120 (+90.48%)
Mutual labels:  middleware, rate-limiting
Speedbump
A Redis-backed rate limiter in Go
Stars: ✭ 107 (+69.84%)
Mutual labels:  middleware, rate-limiting
Laravel Rate Limited Job Middleware
A job middleware to rate limit jobs
Stars: ✭ 166 (+163.49%)
Mutual labels:  middleware, rate-limiting
restana
Super fast and minimalist framework for building REST micro-services.
Stars: ✭ 380 (+503.17%)
Mutual labels:  middleware
falcon-policy
Policy Middleware for Falcon APIs
Stars: ✭ 30 (-52.38%)
Mutual labels:  middleware
oak-middleware-jwt
Oak middleware for JWT
Stars: ✭ 24 (-61.9%)
Mutual labels:  middleware
dictator
Dictates what your users see. Plug-based authorization.
Stars: ✭ 77 (+22.22%)
Mutual labels:  middleware
polix
🚀 Node.js Web Framework
Stars: ✭ 32 (-49.21%)
Mutual labels:  middleware
limes
OpenStack-compatible quota/usage tracking service
Stars: ✭ 18 (-71.43%)
Mutual labels:  quota
geggleto-acl
PSR-7 Zend ACL implementation - Permission Library [ slim, psr7, acl, permissions, zend ]
Stars: ✭ 33 (-47.62%)
Mutual labels:  middleware
koa-rest-router
Most powerful, flexible and composable router for building enterprise RESTful APIs easily!
Stars: ✭ 67 (+6.35%)
Mutual labels:  middleware
think-trace
Error trace for ThinkJS 3.x
Stars: ✭ 12 (-80.95%)
Mutual labels:  middleware
fjage
Framework for Java and Groovy Agents
Stars: ✭ 19 (-69.84%)
Mutual labels:  middleware
redux-tools
Redux tools to speed up development.
Stars: ✭ 16 (-74.6%)
Mutual labels:  middleware
use
Easily add plugin support to your node.js application.
Stars: ✭ 25 (-60.32%)
Mutual labels:  middleware
access-log
PSR-15 middleware to generate access logs
Stars: ✭ 21 (-66.67%)
Mutual labels:  middleware
DevOps
DevOps code to deploy eScience services
Stars: ✭ 19 (-69.84%)
Mutual labels:  middleware
cute
An event-centric publisher/subscribe model for objects inspired by the Qt framework
Stars: ✭ 37 (-41.27%)
Mutual labels:  middleware
ASPNETcoreAngularJWT
Angular in ASP.NET Core with JWT solution by systemjs
Stars: ✭ 48 (-23.81%)
Mutual labels:  middleware

throttle wercker status

Simple throttling for martini, negroni or Macaron.

API Reference

Description

Package throttle provides quota-based throttling.

Policy

throttle.Policy is a middleware that allows you to throttle by the given quota.

Quota

throttle.Quota is a quota type with a limit and a duration

Usage

This package provides a way to install rate limit or interval policies for throttling:

m := martini.Classic()

// A Rate Limit Policy
m.Use(throttle.Policy(&throttle.Quota{
	Limit: 1000,
	Within: time.Hour,
}))

// An Interval Policy
m.Use(throttle.Policy(&throttle.Quota{
	Limit: 1,
	Within: time.Second,
}))

m.Any("/test", func() int {
	return http.StatusOK
})

// A Policy local to a given route
adminPolicy := Policy(&throttle.Quota{
	Limit: 100,
	Within: time.Hour,
})

m.Get("/admin", adminPolicy, func() int {
	return http.StatusOK
})

...

Options

You can configure the options for throttling by passing in throttle.Options as the second argument to throttle.Policy. Use it to configure the following options (defaults are used here):

&throttle.Options{
	// The Status Code returned when the client exceeds the quota. Defaults to 429 Too Many Requests
	StatusCode int

	// The response body returned when the client exceeds the quota
	Message string

	// A function to identify a request, must satisfy the interface func(*http.Request)string
	// Defaults to a function identifying the request by IP or X-Forwarded-For Header if provided
	// So if you want to identify by an API key given in request headers or something else, configure this option
	IdentificationFunction func(*http.Request) string

	// The key prefix to use in any key value store
	KeyPrefix string

	// The store to use. The key value store has to satisfy the throttle.KeyValueStorer interface
	// For further explanation, see below
	Store KeyValueStorer

	// If the throttle is disabled or not
	// defaults to false
	Disabled bool
}

State Storage

Throttling relies on storage of one key per Policy and user in a (KeyValue) Storage. The interface the store has to satisfy is throttle.KeyValueStorer, or, more explicit:

type KeyValueStorer interface {
	Get(key string) ([]byte, error)
	Set(key string, value []byte) error
}

This allows for drop in replacement of the store with most common go libraries for key value stores like redis.go

var client redis.Client

m.Use(throttle.Policy(&throttle.Quota{
	Limit: 10,
	Within: time.Minute,
}, &throttle.Options{
	Store: &client,
}))

Adapters are also very easy to write. throttle prefixes every key, your adapter does not have to care about it, and the stored value is stringified JSON.

The default state storage is in memory via a concurrent-safe map[string][]byte cleaning up every 15 minutes. While this works fine for clients running one instance of a martini server, for all other uses you should obviously opt for a proper key value store.

Headers & Status Codes

throttle adds the following X-RateLimit-*-Headers to every response it controls:

  • X-RateLimit-Limit: The maximum number of requests that the consumer is permitted to make within the given time window
  • X-RateLimit-Remaining: The number of requests remaining in the current rate limit window
  • X-RateLimit-Reset: The time at which the current rate limit window resets in UTC epoch seconds

No Retry-After Header is added to the response, since the X-RateLimit-Reset makes it redundant. Also it is not recommended to use a 503 Service Unavailable Status Code when Limiting the rate of requests, since the 5xx Status Code Family indicates an error on the servers side.

Authors

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].