ratelimit

package
v0.3.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package ratelimit provides per-token request rate limiting for the API. It wraps github.com/go-chi/httprate (same maintainers as chi) — a sliding window counter, in-memory, keyed by the authenticated token (ADR 0015). The 429 response uses the shared Tinybird error envelope (ADR 0012).

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PerPipe

func PerPipe(defaultRPS int, limitFor func(pipe string) int, opts ...Option) func(http.Handler) http.Handler

PerPipe returns a chi-compatible middleware for /v0/pipes/{name}.json that limits each (token, pipe) pair independently. The effective limit is the pipe's own RATE_LIMIT when limitFor(pipe) > 0, otherwise defaultRPS. An effective limit <= 0 means unlimited (pass-through), so a 0 default combined with a 0 (or unset) pipe limit disables limiting for that pipe — matching PerToken's "0 disables" rule (ADR 0015), but resolved per request so one pipe can opt in to a limit while the rest stay open.

Mount it on the group that has already matched the {name} route param; chi.URLParam(r, "name") supplies the pipe name. The composite key is "<token>:<pipe>", so each pair gets its own sliding window.

ponytail: httprate's middleware bakes the request limit in at construction, so a per-pipe override needs one limiter per distinct effective-rps. We keep a lazily-populated map[rps]*httprate.RateLimiter (guarded by a mutex) and drive the chosen limiter via its OnLimit(w, r, key) primitive with our own composite key — each limiter owns its own counter, and within a limiter the composite key isolates pipes/tokens. The map is bounded by the number of distinct RATE_LIMIT values in use (small).

func PerToken

func PerToken(defaultRPS int, opts ...Option) func(http.Handler) http.Handler

PerToken returns a chi-compatible middleware limiting each token to defaultRPS requests per window. defaultRPS <= 0 disables limiting entirely (self-hosters own their box; ADR 0015 — "0/unset disables it").

ponytail: in-memory + global default only. Per-pipe RATE_LIMIT overrides (the orchestrator wires the pipe's limit later) and a multi-node httprate-redis backend are the upgrade path (ADR 0015 / 0031).

Types

type KeyFn

type KeyFn func(r *http.Request) (string, error)

KeyFn extracts the rate-limit key from a request. It matches httprate's key function shape so the orchestrator can supply its own (e.g. keying on the token it stored in the request context) without this package importing internal/api.

type Option

type Option func(*config)

Option configures the middleware.

func WithKeyFn

func WithKeyFn(fn KeyFn) Option

WithKeyFn overrides how the limiter keys requests (default: bearer token from the Authorization header, falling back to ?token=, then the remote address).

func WithWindow

func WithWindow(d time.Duration) Option

WithWindow sets the sliding-window length (default 1s).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL