I've implemented one before using Postgres but now that I think of it, Redis is probably a better option. This is how I did itWhen a request is made, create a record with the URL endpoint, IP address, email address (for routes that requires user log in), last request at timestamp with current time, count at 1, and release at timestamp, say 1 minute from current timestampWhen subsequent request is made, retrieve the record, check the last request at timestamp with the request (current) timestamp.If it's 1 second apart, increase the count and update the last request at timestamp.If it's not, reset the count back to 1 and update the last request at timestamp.If the count reaches say, 10, check the timestamp of subsequent requests with the release at timstamp.If it's before, throw error. If after, process request and reset count back to 1 and update last request at timestamp.Should I rate limit all URL endpoints?Should all URL endpoints have the same window between requests?And should all URL endpoints have the same number of requests before reaching its limit and locking out subsequent requests?If you guys do it differently or have done it differently, please share.
Submitted July 30, 2020 at 10:54AM by eggtart_prince
No comments:
Post a Comment