GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lambdaclass → throttle

lambdaclass / throttle

Licence: MIT license
Erlang/OTP application to rate limit resource access

Programming Languages

erlang
1774 projects
Makefile
30231 projects

Labels

apiotprate-limitingthrottling

Projects that are alternatives of or similar to throttle

Ex rated
ExRated, the Elixir OTP GenServer with the naughty name that allows you to rate-limit calls to any service that requires it.
Stars: ✭ 328 (+720%)
Mutual labels:  otp, rate-limiting
actix-governor
A middleware for actix-web that provides rate-limiting backed by governor.
Stars: ✭ 47 (+17.5%)
Mutual labels:  rate-limiting
angular-code-input
Code (number/chars/otp/password) input component for angular 7, 8, 9, 10, 11, 12+ projects including Ionic 4, 5 +
Stars: ✭ 112 (+180%)
Mutual labels:  otp
nitrokey-storage-firmware
Firmware for the Nitrokey Storage device
Stars: ✭ 53 (+32.5%)
Mutual labels:  otp
supervisorring
otp/supervisor-like interface to supervise distributed processes
Stars: ✭ 15 (-62.5%)
Mutual labels:  otp
php-totp
HOTP and TOTP token generation
Stars: ✭ 33 (-17.5%)
Mutual labels:  otp
otp-authenticator-webapp
A 'Google Authenticator' like Single Page Application
Stars: ✭ 69 (+72.5%)
Mutual labels:  otp
rustotpony
🐴 RusTOTPony — CLI manager of one-time password generators aka Google Authenticator
Stars: ✭ 18 (-55%)
Mutual labels:  otp
freebind
IPv4 and IPv6 address rate limiting evasion tool
Stars: ✭ 88 (+120%)
Mutual labels:  rate-limiting
yubico-rs
Yubikey client API library, Challenge-Response & Configuration
Stars: ✭ 39 (-2.5%)
Mutual labels:  otp
FireflySoft.RateLimit
It is a rate limiting library based on .Net standard.
Stars: ✭ 76 (+90%)
Mutual labels:  rate-limiting
rabbit
Build Elixir applications with RabbitMQ
Stars: ✭ 36 (-10%)
Mutual labels:  otp
spring-boot-otp
Spring Boot OTP technique.
Stars: ✭ 46 (+15%)
Mutual labels:  otp
e-voting-with-django
The Voting System web application using Django is a project that serves as the automated voting system of an organization or school. This system works like the common manual system of election voting system whereas this system must be populated by the list of the positions, candidates, and voters. This system can help a certain organization or s…
Stars: ✭ 54 (+35%)
Mutual labels:  otp
load management
This repository contains Go utilities for managing isolation and improving reliability of multi-tenant systems.
Stars: ✭ 50 (+25%)
Mutual labels:  throttling
MinaOTP
TOTP authenticator implement as a wechat mini program
Stars: ✭ 30 (-25%)
Mutual labels:  otp
elixir-fire-brigade-workshop
Workshop "Join the Elixir Fire Brigade - Level-up Your Elixir Debugging Skills" (ElixirConf US 2017)
Stars: ✭ 14 (-65%)
Mutual labels:  otp
python-redis-rate-limit
Python Rate Limiter implemented based on Redis INCR, EXPIRE, EVALSHA and EVAL.
Stars: ✭ 104 (+160%)
Mutual labels:  rate-limiting
limitrr-php
Better PHP rate limiting using Redis.
Stars: ✭ 19 (-52.5%)
Mutual labels:  rate-limiting
ticker-phoenix
Elixir Phoenix Stock Quotes API (IEX Trading)
Stars: ✭ 15 (-62.5%)
Mutual labels:  otp
View All Similar Projects ➔

throttle

Hex.pm Build Status Coverage Status

An OTP application to implement throttling/rate limiting of resources.

Rebar3 dependency

{throttle, "0.3.0", {pkg, lambda_throttle}}

Build

$ rebar3 compile

Usage

The application allows to limit different resources (scopes) at different rates.

  • throttle:setup(Scope, RateLimit, RatePeriod): setup a rate limit for a given Scope, allowing at most RateLimit requests per RatePeriod. Allowed rate periods are per_second, per_minute, per_hour and per_day.

    Rates can also be set via application environment instead of calling setup:

    {throttle, [{rates, [{my_global_scope, 10, per_second}
                     {my_expensive_endpoint, 2, per_minute}]}]}

  • throttle:check(Scope, Key): attempt to request Scope with a given Key (e.g. user token, IP). The result will be {ok, RemainingAttempts, TimeToReset} if there are attempts left or {limit_exceeded, 0, TimeToReset} if there aren't.

  • throttle:peek(Scope, Key): returns the same result as check without increasing the requests count.

Distributed support

By default, throttle keeps the attempt counters on ETS tables, and therefore those are local to the Erlang node. Mnesia can be used instead to enfore access limits across all connected nodes, by setting the driver configuration parameter to throttle_mnesia:

{throttle, [{driver, throttle_mnesia},
            {rates, [{my_global_scope, 10, per_second}]}]}

When using the Mnesia driver, throttle_mnesia:setup() needs to be called after the cluster is connected (the tables have to be shared across nodes, so the nodes must be visible before intialization):

(n1@127.0.0.1)1> application:set_env(throttle, driver, throttle_mnesia).
ok
(n1@127.0.0.1)2> application:ensure_all_started(throttle).
{ok,[throttle]}
(n1@127.0.0.1)3> net_kernel:connect('[email protected]').
true
(n1@127.0.0.1)4> throttle_mnesia:setup().
ok

When checking for a Key to access a given Scope, an access counter is incremented in Mnesia. The activity access context for that operation can be configured with the access_context parameter:

{throttle, [{driver, throttle_mnesia},
            {access_context, sync_transaction}]}.

By default, the async_dirty context is used, which prioritizes speed over consistency when propagating the counter increment. This means there's a chance of two nodes getting access to a resource when there is one attempt left. Depending the application, it may make more sense to choose a different context (like sync_transaction) to reduce the chances of allowing accesses above the limit.

Examples

Shell

1> application:ensure_all_started(throttle).
{ok,[throttle]}
2> throttle:setup(my_api_endpoint, 3, per_minute).
ok
3> throttle:check(my_api_endpoint, my_token_or_ip).
{ok,2,30362}
4> throttle:check(my_api_endpoint, my_token_or_ip).
{ok,1,29114}
5> throttle:check(my_api_endpoint, my_token_or_ip).
{ok,0,27978}
6> throttle:check(my_api_endpoint, my_token_or_ip).
{limit_exceeded,0,26722}

Cowboy 2.0 limit by IP

Middleware module:

-module(throttling_middleware).

-behavior(cowboy_middleware).

-export([execute/2]).

execute(Req, Env) ->
  {{IP, _}, Req2} = cowboy_req:peer(Req),

  case throttle:check(my_api_rate, IP) of
    {limit_exceeded, _, _} ->
      lager:warning("IP ~p exceeded api limit", [IP]),
      Req3 = cowboy_req:reply(429, Req2),
      {stop, Req3};
    _ ->
      {ok, Req2, Env}
  end.

Using it:

cowboy:start_clear(my_http_listener, [{port, 8080}], #{
		env => #{dispatch => Dispatch},
		middlewares => [cowboy_router, throttling_middleware, cowboy_handler]
	}),

Cowboy 2.0 limit by Authorization header

-module(throttling_middleware).

-behavior(cowboy_middleware).

-export([execute/2]).

execute(Req, Env) ->
  Authorization = cowboy_req:header(<<"authorization">>, Req),

  case throttle:check(my_api_rate, Authorization) of
    {limit_exceeded, _, _} ->
      lager:warning("Auth ~p exceeded api limit", [Authorization]),
      Req3 = cowboy_req:reply(429, Req),
      {stop, Req2};
    _ ->
      {ok, Req, Env}
  end.

Note that assumes all requests have an authorization header. A more realistic approach would be to fallback to an IP limit when Authorization is not present.

Cowboy 1.0 limit by IP

Middleware module:

-module(throttling_middleware).

-behavior(cowboy_middleware).

-export([execute/2]).

execute(Req, Env) ->
  {{IP, _}, Req2} = cowboy_req:peer(Req),

  case throttle:check(my_api_rate, IP) of
    {limit_exceeded, _, _} ->
      lager:warning("IP ~p exceeded api limit", [IP]),
      {error, 429, Req2};
    _ ->
      {ok, Req2, Env}
  end.

Using it:

cowboy:start_http(my_http_listener, 100, [{port, 8080}],
                    [{env, [{dispatch, Dispatch}]},
                     {middlewares, [cowboy_router, throttling_middleware, cowboy_handler]}]
                   ),

A more detailed example, choosing the rate based on the path, can be found here.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].