New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RateLimiter] Expose the limiter state #38241
Comments
I believe having access to the state would be beneficial for the reasons stated above. The cons could be documented to allow the user to decide whether or not to use. (as an aside) From a DX perspective, I'd prefer if consume would throw a try {
$state = $limiter->consume();
} catch (RateLimitExceededException $e) {
$state = $e->getState();
} |
I thought that all popular services did what GitHub does, which is full disclosure of "rate limiting" state: see https://developer.github.com/v3/#rate-limiting Others with more experience consuming APIs could tell us if this is common or the exception. Thanks! |
I think exposing the rate limit state is the way to go. If you don't, consumers will retry blindly leading to more load for your server while exposing it would allow consumers to only retry at the right time. |
Alright, let's expose this information then on calling I think the best would be to create a new data object (e.g.
Anyone up to volunteer to implement this before the feature freeze at 31 September? |
…method (Valentin, vasilvestre) This PR was merged into the 5.2-dev branch. Discussion ---------- [RateLimiter] Add limit object on RateLimiter consume method | Q | A | ------------- | --- | Branch? | master (should be merged in 5.2 before 31 September if possible) | Bug fix? | no | New feature? | yes <!-- please update src/**/CHANGELOG.md files --> | Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files --> | Tickets | Fix #38241 | License | MIT | Doc PR | Not yet :/ <!-- https://github.com/symfony/symfony-docs/pull/X --> Commits ------- 8f62afc [RateLimiter] Return Limit object on Consume method
… RateLimitExceededException if not accepted (kbond) This PR was merged into the 5.2-dev branch. Discussion ---------- [RateLimiter] add Limit::ensureAccepted() which throws RateLimitExceededException if not accepted | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | Ref #38241 (comment) | License | MIT | Doc PR | todo Example: ```php try { $limit = $limiter->consume()->ensureAccepted(); } catch (RateLimitExceededException $e) { $limit = $e->getLimit(); } ``` Commits ------- a7ecd0e [RateLimiter] add Limit::ensureAccepted() and RateLimitExceededException
… RateLimitExceededException if not accepted (kbond) This PR was merged into the 5.2-dev branch. Discussion ---------- [RateLimiter] add Limit::ensureAccepted() which throws RateLimitExceededException if not accepted | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | Ref symfony/symfony#38241 (comment) | License | MIT | Doc PR | todo Example: ```php try { $limit = $limiter->consume()->ensureAccepted(); } catch (RateLimitExceededException $e) { $limit = $e->getLimit(); } ``` Commits ------- a7ecd0ed08 [RateLimiter] add Limit::ensureAccepted() and RateLimitExceededException
This is something I've considered while working on the original RateLimiter PR, but decided not to do (yet). Yet, ever since the component is merged, I'm wondering if we shouldn't add it.
Currently,
LimiterInterface#consume()
returns a boolean. This means that, in the case offalse
, the process (or client) has no idea when it should retry. The token bucket limiter has the benefit of being able to "reserve" tokens in the future, allowing IO blocking ($limiter->reserve()->wait()
), the fixed window limiter does not have this benefit.Use-cases of exposing rate limiting state
RateLimit-Limit
,RateLimit-Remaining
,RateLimit-Reset
). Exposing the state allows implementing these headers in your application.We can see that for instance the Laravel rate limiter implementation is exposing the state for these cases (ref).
Reasons not to expose rate limiter state
The values should never be trusted. The hitcount can be increased by other clients between fetching it from the limiter and using it to render a response. Also, any wait time returned cannot guarantee that the process will succeed afterwards, maybe other processes already burst the limit before the current process.
Exposing the limiter state to clients can result in malicious usage, as also described by the Internet-Draft:
The DX of the limiter will be a bit less great, as the object needs to be transformed to a boolean:
The text was updated successfully, but these errors were encountered: