-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Deny List Feature & Add Reasons to limit
Response
#109
Conversation
can take timeout or cacheBlocked values depending on how the response was returned.
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
I think we can go ahead with this PR even though the tests are not passing because they are flaky. Here are two runs with two different tests failing even though the code didn't change between them: 1, 2. I looked into recording network traffic like langchain does but that's only in python. I want to fix the tests but let's do it another time |
Deny List
In redis, we keep sets of denied values. One set each for identifiers, ips, countries and user agents. Finally, there is a set of all blocked values. Upstash console is responsible for managing these sets. Ratelimit sdk is only interested in the set of all blocked values stored in key
<prefix>:denyList:all
.Enabling deny list in the sdk:
Passing ip, user agent or country in
limit
:all three fields are optional. One can pass none/some/all.
Inside limit, we check if any of the three fields or the identifier is in the deny list. If so, we return
{success: false, reason: "denyList", ...}
Deny List Cache
When a value is found in the deny list at redis, we store the value for a minute in a local cache. If that value is passed to the
limit
method in the next minute, we block the request withreason: "denyList"
without making any requests to Redis.reason
field inlimit
responseWe add a new field to the response of
limit
, which can be either "timeout", "cacheBlock" or "denyList". In the case of "denyList", there is an additional field_deniedValue
which denotes the value in deny list.Deny List Analytics
When a request is denied, we submit increment
{identifier: <deniedValue>, success:"denied"}
by one.Previously:
limit
. Now it can be one of the 4 parameters.Todo:
denied
in responses and rename blocked as ratelimited core-analytics#37