4492610dfe
Rework the rate limit implementation to make it more flexible: * Allow setting different rate limits for different actions. Before we had a single rate limit for all write actions. Now different controller endpoints can have different limits. * Allow actions to be rate limited by user ID, by IP address, or both. Before actions were only limited by user ID, which meant non-logged-in actions like creating new accounts or attempting to login couldn't be rate limited. Also, because actions were limited by user ID only, you could use multiple accounts with the same IP to get around limits. Other changes: * Remove the API Limit field from user profile pages. * Remove the `remaining_api_limit` field from the `/profile.json` endpoint. * Rename the `X-Api-Limit` header to `X-Rate-Limit` and change it from a number to a JSON object containing all the rate limit info (including the refill rate, the burst factor, the cost of the call, and the current limits). * Fix a potential race condition where, if you flooded requests fast enough, you could exceed the rate limit. This was because we checked and updated the rate limit in two separate steps, which was racy; simultaneous requests could pass the check before the update happened. The new code uses some tricky SQL to check and update multiple limits in a single statement.
54 lines
2.0 KiB
Ruby
54 lines
2.0 KiB
Ruby
class RateLimit < ApplicationRecord
|
|
scope :expired, -> { where("updated_at < ?", 1.hour.ago) }
|
|
|
|
def self.prune!
|
|
expired.delete_all
|
|
end
|
|
|
|
# `action` is the action being limited. Usually a controller endpoint.
|
|
# `keys` is who is being limited. Usually a [user, ip] pair, meaning the action is limited both by the user's ID and their IP.
|
|
# `cost` is the number of points the action costs.
|
|
# `rate` is the number of points per second that are refilled.
|
|
# `burst` is the maximum number of points that can be saved up.
|
|
def self.create_or_update!(action:, keys:, cost:, rate:, burst:)
|
|
# { key0: keys[0], ..., keyN: keys[N] }
|
|
key_params = keys.map.with_index { |key, i| [:"key#{i}", key] }.to_h
|
|
|
|
# (created_at, updated_at, action, keyN, points)
|
|
values = keys.map.with_index { |key, i| "(:now, :now, :action, :key#{i}, :points)" }
|
|
|
|
# Do an upsert, creating a new rate limit object for each key that doesn't
|
|
# already exist, and updating the limit for each limit that already exists.
|
|
#
|
|
# https://www.postgresql.org/docs/current/sql-insert.html#SQL-ON-CONFLICT
|
|
sql = <<~SQL
|
|
INSERT INTO rate_limits (created_at, updated_at, action, key, points)
|
|
VALUES #{values.join(", ")}
|
|
ON CONFLICT (action, key) DO UPDATE SET
|
|
updated_at = :now,
|
|
limited = rate_limits.points + :rate * EXTRACT(epoch FROM (:now - rate_limits.updated_at)) < 0,
|
|
points =
|
|
CASE
|
|
WHEN rate_limits.points + :rate * EXTRACT(epoch FROM (:now - rate_limits.updated_at)) < 0 THEN
|
|
LEAST(:burst, rate_limits.points + :rate * EXTRACT(epoch FROM (:now - rate_limits.updated_at)))
|
|
ELSE
|
|
LEAST(:burst, rate_limits.points + :rate * EXTRACT(epoch FROM (:now - rate_limits.updated_at))) - :cost
|
|
END
|
|
RETURNING *
|
|
SQL
|
|
|
|
sql_params = {
|
|
now: Time.zone.now,
|
|
action: action,
|
|
rate: rate,
|
|
burst: burst,
|
|
cost: cost,
|
|
points: burst - cost,
|
|
**key_params
|
|
}
|
|
|
|
rate_limits = RateLimit.find_by_sql([sql, sql_params])
|
|
rate_limits
|
|
end
|
|
end
|