grempe / ex_rated Goto Github PK

Hey!

At the moment it appears that every request is serialized through a single genserver. This can easily introduce a bottleneck, and also produces a lot more GC pressure on that one process than is necessary.

This blog post sketches the basics of doing rate limiting via concurrent access to an ets table. https://dockyard.com/blog/2017/05/19/optimizing-elixir-and-phoenix-with-ets. The design of ExRated is such that this would be a relatively small change. It's already using the update_counter function, but from within the genserver itself. This could just be moved to the client side, and a default supplied.

Firstly thanks for your great work on this library. Been using it to lots of success in production thus far. I'm currently trying to get multiple nodes to work, but I noticed in the code that the Genserver calls are hardcoded to use the tuple :ex_rated, regardless of the configuration passed into the Genserver start.

https://github.com/grempe/ex_rated/blob/master/lib/ex_rated.ex

Thanks

Hi all,

I implement ExRated in my Phoenix app today using https://dev.to/mnishiguchi/rate-limiter-for-phoenix-app-3j2n

Does this mean 86400 secs from the first ever check_rate? :

ExRated.check_rate("my-1000-per-day-bucket", 86400000, 1000)
{:ok, 1}
iex(3)> ExRated.check_rate("my-1000-per-day-bucket", 86400000, 1000)
{:ok, 2}
iex(4)> ExRated.check_rate("my-1000-per-day-bucket", 86400000, 1000)
{:ok, 3}
iex(5)> ExRated.check_rate("my-1000-per-day-bucket", 86400000, 1000)
{:ok, 4}
iex(6)> ExRated.check_rate("my-1000-per-day-bucket", 86400000, 1000)
{:ok, 5}
iex(7)> ExRated.check_rate("my-1000-per-day-bucket", 86400000, 1000)
{:ok, 6}
iex(8)> ExRated.inspect_bucket("my-1000-per-day-bucket", 86400000, 1000)
{6, 994, 14412292, 1682020774747, 1682020781003}
iex(9)> ExRated.inspect_bucket("my-1000-per-day-bucket", 86400000, 1000)
{6, 994, 14408229, 1682020774747, 1682020781003}

Shouldn't I see ms_to_next_bucket to be very close to 86400000?

Thanks.

I'm using tuples for bucket names and they seem to work fine, however the README and typespecs explicitly say string. I briefly looked through the code and didn't see anything that required bucket names to be strings, but I may have missed something.

If they're not restricted to strings it might be helpful to update the docs and typespecs.

I would like to be able to use ex_rated for login attempts.

On successful login I would like to delete/reset the bucket

Would you be interested in a pull request adding a function like

ExRated.clear_rate("LOGIN:192.168.1.20", 60_000)

Right now, if ExRated.check_rate returns an error, it returns {:error, limit}. This makes it difficult to efficiently handle actions that get rejected due to rate limits. If we instead return a tuple like {:error, limit, time_until_next_bucket_reset}, then it would be possible for the caller to schedule the action for the earliest possible point that it may next succeed at.

I'm happy to take a stab at this if you let me know what specific interface you'd like to support, or if you have any other ideas on handling this use-case.

Thanks! I love the hex :)

In our new and fancy world of LLMs and OpenAI, we have rate limits by number of message-tokens per minute, which means the bucket needs to be increased by a somewhat arbitrary number. Obviously, I could just call "check_rate" sequentially in a loop a few hundred times, but that seems... A little silly.

Would it be possible to expand the public API a little, and allow us to pass in an optional number-by-which-to-increase-the-number-of-tokens-in-the-bucket?

https://github.com/grempe/ex_rated/blob/master/lib/ex_rated.ex#L214

^this line assumes that the request limit is always >= 1, so it always returns ok. If the request limit is 0, we should return {:error, :limit}

My use case for this was testing logic that doesn't call an external API if we are out of requests. We could test this by making the time period long, the limit = 1, and making two requests, but tests that are time-based should be avoided in general.

The new URL appears to be https://blog.danielberkompas.com/2015/06/16/rate-limiting-a-phoenix-api/

Is there a way to list the buckets that are currently defined? I guess I can read them from the ETS table, but maybe there's a cleaner way to do that, something like ExRated.list_buckets.

I need this because I'm going to be scraping web sites, so I want to limit the number of requests to each site. Each site will have a temporary bucket with a dynamic name ("example.com", "github.com") that will be deleted when finished, but I want to know, at a given time, how many buckets are defined and their state.

Hey!
Thanks for a great library.
We use it in production under high load, but after one month or so we experienced out of memory on the server. We found that the reason is this library.
Our usage example (it's a plug):

# SKIP
  defp check_rate(conn, options) do
    interval_milliseconds = options[:interval_seconds] * 1000
    max_requests = options[:max_requests]
    ExRated.check_rate(bucket_name(conn), interval_milliseconds, max_requests)
  end

  # Bucket name should be a combination of ip address and request path, like so:
  #
  # "127.0.0.1:/api/v1/authorizations"
  defp bucket_name(conn) do
    path = Enum.join(conn.path_info, "/")
    ip   = conn.remote_ip |> Tuple.to_list |> Enum.join(".")
    "#{ip}:#{path}"
  end
# SKIP

And configurations: config :ex_rated, :timeout, 600_000
In my controller: plug MyApp.Plug.RateLimit, max_requests: 5, interval_seconds: 60

Maybe you have any ideas what might be a problem? Of course I'll try to investigate it and if I find a solution, will create a PR.

Hey there!

Are you open to a PR that pulls the datastore (ets) usage into an adapter style? We're looking to implement rate limiting, but would like something that works across nodes in our cluster.

We'd probably pull the ets implementation into an included adapter, and write another adapter for something like redis as a separate repo.

ex2ms requires an older version of Elixir. mix deps.get shows this:

warning: the dependency :ex2ms requires Elixir "<= 1.3.0" but you are running on v1.3.4

http://www.erlang.org/doc/apps/erts/time_correction.html#Dos_and_Donts_Retrieve_Erlang_System_Time

Timex does this:
https://github.com/bitwalker/timex/blob/master/lib/utils/utils.ex#L8
https://github.com/bitwalker/timex/blob/141fff64f0c806f523ef0b8b0d66b5d14c002ab1/lib/time/time.ex#L237

if something like that sounds good to you, I can give it a shot :)

Rather self explanatory.

It would be great if ex_rated could support Elixir >= 1.1

If I wanted to do both a daily and a per-second limit, do I need two separate buckets?

👋 @grempe

I wonder if you'd be open to accepting a PR improving performance ~5x by using the approach similar to ExHammer/hammer#72?

https://github.com/ruslandoga/rate_limit contains some benchmarks, the "new" approach is counters which is based on plug_attack