memorylimiter

func (*Limiter) AllowNamed ¶

func (l *Limiter) AllowNamed(bucket, key string) (bool, error)

AllowNamed matches the auth adapter's RateLimiter interface. It uses a simple sliding window over the configured duration, pruning expired entries for the touched bucket on each call.

Note that per-call pruning only ever touches buckets that are still being hit; buckets for keys that go idle (e.g. a one-off request from an IP that never returns) are never revisited and would otherwise live forever. Hosts exposing this limiter on attacker-influenced keys (per-IP, per-identifier) should run StartCleanup so idle buckets are reclaimed. See Cleanup.

func (*Limiter) AllowNamedResult ¶ added in v0.9.4

func (l *Limiter) AllowNamedResult(bucket, key string) (ratelimit.Result, error)

func (*Limiter) AllowNamedWithRetryAfter ¶ added in v0.9.1

func (l *Limiter) AllowNamedWithRetryAfter(bucket, key string) (bool, time.Duration, error)

func (*Limiter) Cleanup ¶ added in v0.31.0

func (l *Limiter) Cleanup() int

Cleanup prunes expired timestamps from every bucket and deletes buckets that have no live timestamps left, then returns the number of buckets still retained. It is safe to call concurrently with AllowNamed* and is the mechanism that bounds memory when the limiter is keyed on a high-cardinality, attacker-influenced dimension (per-IP, per-identifier): without it, every distinct key leaves behind a bucket that is never revisited.

func (*Limiter) StartCleanup ¶ added in v0.31.0

func (l *Limiter) StartCleanup(ctx context.Context, interval time.Duration)

StartCleanup runs Cleanup on the given interval until ctx is cancelled. It returns immediately, spawning a single background goroutine; cancel ctx to stop it. A non-positive interval is treated as a no-op (returns without starting a goroutine) so misconfiguration can't spin a hot loop.