acube 0.1.0

Security-first server framework optimized for AI code generation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

//! Rate limiting backend trait and in-memory implementation.
//!
//! The [`RateLimitBackend`] trait allows pluggable backends (e.g., Redis for
//! distributed deployments). The default [`InMemoryBackend`] is suitable for
//! single-process deployments only.

use dashmap::DashMap;
use std::future::Future;
use std::pin::Pin;
use std::sync::Arc;
use std::time::{Duration, Instant};

/// Result of a successful rate limit check.
#[derive(Debug, Clone)]
pub struct RateLimitOutcome {
    /// Number of requests remaining in the current window.
    pub remaining: u32,
    /// Maximum requests allowed in the window.
    pub limit: u32,
    /// Seconds until the current window resets.
    pub reset_after: u64,
}

/// Result of a rejected rate limit check.
#[derive(Debug, Clone)]
pub struct RateLimitRejection {
    /// Seconds the client should wait before retrying.
    pub retry_after: u64,
    /// Maximum requests allowed in the window.
    pub limit: u32,
}

/// Trait for rate limit backends.
///
/// Implement this trait to provide a custom rate limiting backend
/// (e.g., Redis for distributed/multi-instance deployments).
///
/// The method is async-ready (returns a boxed future) so that backends
/// using network stores (Redis, Memcached, etc.) can perform non-blocking I/O.
///
/// The default [`InMemoryBackend`] uses a `DashMap` and is suitable for
/// single-process deployments only — rate limits are not shared across
/// multiple instances.
///
/// # Example: Custom Redis Backend
///
/// ```rust,ignore
/// use acube::rate_limit::{RateLimitBackend, RateLimitOutcome, RateLimitRejection};
/// use std::pin::Pin;
/// use std::future::Future;
/// use std::time::Duration;
///
/// struct RedisBackend { /* redis connection pool */ }
///
/// impl RateLimitBackend for RedisBackend {
///     fn check(
///         &self,
///         key: &str,
///         limit: u32,
///         window: Duration,
///     ) -> Pin<Box<dyn Future<Output = Result<RateLimitOutcome, RateLimitRejection>> + Send + '_>> {
///         let key = key.to_string();
///         Box::pin(async move {
///             // Use async Redis client here...
///             todo!()
///         })
///     }
/// }
/// ```
pub trait RateLimitBackend: Send + Sync + 'static {
    /// Check if the request identified by `key` is allowed.
    ///
    /// Returns `Ok(RateLimitOutcome)` if the request is within limits,
    /// or `Err(RateLimitRejection)` if the rate limit has been exceeded.
    fn check(
        &self,
        key: &str,
        limit: u32,
        window: Duration,
    ) -> Pin<Box<dyn Future<Output = Result<RateLimitOutcome, RateLimitRejection>> + Send + '_>>;
}

/// In-memory rate limiter using a sliding window counter.
///
/// **Single-process only.** Rate limit counters are stored in-process memory
/// and are not shared across multiple instances. For distributed deployments,
/// implement [`RateLimitBackend`] with a shared store (e.g., Redis).
#[derive(Debug, Clone)]
pub struct InMemoryBackend {
    entries: Arc<DashMap<String, WindowEntry>>,
}

#[derive(Debug, Clone)]
struct WindowEntry {
    count: u32,
    window_start: Instant,
}

impl InMemoryBackend {
    /// Create a new in-memory rate limit backend.
    pub fn new() -> Self {
        Self {
            entries: Arc::new(DashMap::new()),
        }
    }
}

impl Default for InMemoryBackend {
    fn default() -> Self {
        Self::new()
    }
}

impl RateLimitBackend for InMemoryBackend {
    fn check(
        &self,
        key: &str,
        limit: u32,
        window: Duration,
    ) -> Pin<Box<dyn Future<Output = Result<RateLimitOutcome, RateLimitRejection>> + Send + '_>>
    {
        let now = Instant::now();
        let mut entry = self.entries.entry(key.to_string()).or_insert(WindowEntry {
            count: 0,
            window_start: now,
        });

        // Reset window if expired
        if now.duration_since(entry.window_start) >= window {
            entry.count = 0;
            entry.window_start = now;
        }

        let reset_after = window
            .checked_sub(now.duration_since(entry.window_start))
            .unwrap_or(Duration::ZERO)
            .as_secs()
            .max(1);

        if entry.count >= limit {
            let rejection = RateLimitRejection {
                retry_after: reset_after,
                limit,
            };
            return Box::pin(async move { Err(rejection) });
        }

        entry.count += 1;
        let outcome = RateLimitOutcome {
            remaining: limit - entry.count,
            limit,
            reset_after,
        };
        Box::pin(async move { Ok(outcome) })
    }
}