Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(API): add basic rate limiter #300

Merged
merged 3 commits into from
Jun 26, 2020
Merged

feat(API): add basic rate limiter #300

merged 3 commits into from
Jun 26, 2020

Conversation

akhilesh26
Copy link
Contributor

@akhilesh26 akhilesh26 commented Aug 19, 2019
edited by MonkeyDo
Loading

Add rate limiting to the API routes.
Slows down the response after X requests in a specifid time window.

Initial settings are:

  • browse and lookup endpoints: 100 requests / 5 minutes, then += 500ms* requests after that
  • search endpoint: 100 requests / 5 minutes, then += 500ms* requests after that

Request # 101 is delayed by 500ms, # 102 is delayed by 1000ms, etc.

This will prevent over server from DOS attacks and control the request traffic

Slow Down configurations are only, for example, We can update those after a discussion on IRC.

Problem

Sever may slow or down on high request traffic.

Solution

Implemented request slow down with configuration. To implement this express-slow-down is used.

Areas of Impact

Server-side

@coveralls
Copy link

coveralls commented Aug 19, 2019
edited
Loading

Coverage Status

Coverage increased (+0.02%) to 62.984% when pulling dae8201 on akhilesh26:rate_limiter into e2bd6de on bookbrainz:master.

@MonkeyDo
Copy link
Member

This look sane and easy to configure, good work!
I tested locally and it's working great.

I need to discuss with other team members what the limits should be, and also do some test as to how to deploy it before I merge this.

@MonkeyDo MonkeyDo force-pushed the rate_limiter branch 2 times, most recently from 190c666 to 0cc160c Compare June 26, 2020 11:18
akhilesh26 and others added 2 commits June 26, 2020 13:33
@akhilesh26 @MonkeyDo
feat(rate_limiter): add basic rate limiter, slow down the response af…
03e9706 
…ter some limitation

This will prevent over server from DOS attacks and control the request traffic
@MonkeyDo
feat(api): Add search endpoint rate limiter
3a91237 
+ small cleanup
@MonkeyDo MonkeyDo changed the title feat(rate_limiter): add basic rate limiter, slow down the response af… feat(API): add basic rate limiter Jun 26, 2020
@MonkeyDo MonkeyDo merged commit 4525d78 into metabrainz:master Jun 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@akhilesh26 @coveralls @MonkeyDo