anyllm_proxy 0.9.3

HTTP proxy translating Anthropic Messages API to OpenAI Chat Completions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291

//! Distributed rate limiting via Redis sorted sets.
//!
//! When `REDIS_URL` is set and the `redis` feature is enabled, RPM/TPM
//! checks are performed against Redis so multiple proxy instances share
//! rate limit state. On Redis failure, the proxy falls back to local
//! in-memory rate limiting (each instance limits independently).

/// Policy for handling Redis rate limiter errors.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum RateLimitFailPolicy {
    /// Allow requests when Redis is unavailable (default).
    Open,
    /// Reject requests when Redis is unavailable.
    Closed,
}

impl RateLimitFailPolicy {
    /// Parse a fail-policy string. `"closed"` or `"deny"` maps to `Closed`; anything else is `Open`.
    pub fn from_env_str(s: &str) -> Self {
        match s.to_lowercase().as_str() {
            "closed" | "deny" => Self::Closed,
            _ => Self::Open,
        }
    }

    /// Read `RATE_LIMIT_FAIL_POLICY` from the environment and parse it. Defaults to `Open`.
    pub fn from_env() -> Self {
        std::env::var("RATE_LIMIT_FAIL_POLICY")
            .map(|v| Self::from_env_str(&v))
            .unwrap_or(Self::Open)
    }
}

#[cfg(feature = "redis")]
use redis::aio::ConnectionManager;
#[cfg(feature = "redis")]
use std::sync::{LazyLock, OnceLock};

#[cfg(feature = "redis")]
static REDIS_RATE_LIMITER: OnceLock<RedisRateLimiter> = OnceLock::new();

/// Initialize the global Redis rate limiter. Called once from main.
#[cfg(feature = "redis")]
pub fn set_redis_rate_limiter(limiter: RedisRateLimiter) {
    let _ = REDIS_RATE_LIMITER.set(limiter);
}

/// Get the global Redis rate limiter, if initialized.
#[cfg(feature = "redis")]
pub fn get_redis_rate_limiter() -> Option<&'static RedisRateLimiter> {
    REDIS_RATE_LIMITER.get()
}

/// Stub when redis feature is not enabled.
#[cfg(not(feature = "redis"))]
pub fn get_redis_rate_limiter() -> Option<&'static ()> {
    None
}

/// Redis-backed distributed rate limiter using sorted sets.
///
/// Keys use the format `anyllm:rl:{key_hash_hex}:rpm` and `anyllm:rl:{key_hash_hex}:tpm`.
/// Each request is a member scored by its timestamp in milliseconds.
/// A Lua script atomically trims expired entries, checks the count/sum,
/// and adds the new entry if within limits.
#[cfg(feature = "redis")]
pub struct RedisRateLimiter {
    conn: ConnectionManager,
    fail_policy: RateLimitFailPolicy,
}

#[cfg(feature = "redis")]
impl RedisRateLimiter {
    /// Connect to Redis and create a rate limiter.
    pub async fn new(
        redis_url: &str,
        fail_policy: RateLimitFailPolicy,
    ) -> Result<Self, redis::RedisError> {
        let client = redis::Client::open(redis_url)?;
        let conn = ConnectionManager::new(client).await?;
        Ok(Self { conn, fail_policy })
    }

    /// Get the underlying connection manager for reuse (e.g., by cache layer).
    pub fn connection(&self) -> &ConnectionManager {
        &self.conn
    }

    /// Check RPM limit. Returns Ok(()) if allowed, Err(retry_after_secs) if exceeded.
    /// On Redis error, behavior depends on the configured `RateLimitFailPolicy`.
    pub async fn check_rpm(&self, key_hash_hex: &str, limit: u32, now_ms: u64) -> Result<(), u64> {
        let redis_key = format!("anyllm:rl:{key_hash_hex}:rpm");
        match self.check_rpm_inner(&redis_key, limit, now_ms).await {
            Ok(result) => result,
            Err(e) => match self.fail_policy {
                RateLimitFailPolicy::Open => {
                    tracing::warn!(error = %e, "Redis RPM check failed, allowing request (fail-open)");
                    Ok(())
                }
                RateLimitFailPolicy::Closed => {
                    tracing::error!(error = %e, "Redis RPM check failed, rejecting request (fail-closed)");
                    Err(60)
                }
            },
        }
    }

    async fn check_rpm_inner(
        &self,
        redis_key: &str,
        limit: u32,
        now_ms: u64,
    ) -> Result<Result<(), u64>, redis::RedisError> {
        let mut conn = self.conn.clone();
        let cutoff = now_ms.saturating_sub(60_000);
        let member_id = format!("{now_ms}:{}", uuid::Uuid::new_v4().as_simple());

        // Hashed once at first use; avoids re-computing SHA1 per request.
        static RPM_SCRIPT: LazyLock<redis::Script> = LazyLock::new(|| {
            redis::Script::new(
                r#"
                redis.call('ZREMRANGEBYSCORE', KEYS[1], '-inf', ARGV[1])
                local count = redis.call('ZCARD', KEYS[1])
                if count >= tonumber(ARGV[2]) then
                    local oldest = redis.call('ZRANGE', KEYS[1], 0, 0, 'WITHSCORES')
                    if oldest and #oldest >= 2 then
                        return oldest[2]
                    end
                    return tostring(ARGV[3])
                end
                redis.call('ZADD', KEYS[1], ARGV[3], ARGV[4])
                redis.call('EXPIRE', KEYS[1], 120)
                return 0
                "#,
            )
        });

        let result: i64 = RPM_SCRIPT
            .key(redis_key)
            .arg(cutoff)
            .arg(limit)
            .arg(now_ms)
            .arg(&member_id)
            .invoke_async(&mut conn)
            .await?;

        if result == 0 {
            Ok(Ok(()))
        } else {
            let oldest_ms = result as u64;
            let retry_after_ms = (oldest_ms + 60_000).saturating_sub(now_ms);
            Ok(Err((retry_after_ms / 1000).max(1)))
        }
    }

    /// Check TPM limit. Returns Ok(()) if allowed, Err(retry_after_secs) if exceeded.
    /// On Redis error, behavior depends on the configured `RateLimitFailPolicy`.
    pub async fn check_tpm(&self, key_hash_hex: &str, limit: u32, now_ms: u64) -> Result<(), u64> {
        let redis_key = format!("anyllm:rl:{key_hash_hex}:tpm");
        match self.check_tpm_inner(&redis_key, limit, now_ms).await {
            Ok(result) => result,
            Err(e) => match self.fail_policy {
                RateLimitFailPolicy::Open => {
                    tracing::warn!(error = %e, "Redis TPM check failed, allowing request (fail-open)");
                    Ok(())
                }
                RateLimitFailPolicy::Closed => {
                    tracing::error!(error = %e, "Redis TPM check failed, rejecting request (fail-closed)");
                    Err(60)
                }
            },
        }
    }

    async fn check_tpm_inner(
        &self,
        redis_key: &str,
        limit: u32,
        now_ms: u64,
    ) -> Result<Result<(), u64>, redis::RedisError> {
        let mut conn = self.conn.clone();
        let cutoff = now_ms.saturating_sub(60_000);

        // For TPM, members are scored by timestamp and the member value encodes the token count.
        // We sum member names (which are "{tokens}:{uuid}") to get total tokens.
        static TPM_SCRIPT: LazyLock<redis::Script> = LazyLock::new(|| {
            redis::Script::new(
                r#"
                redis.call('ZREMRANGEBYSCORE', KEYS[1], '-inf', ARGV[1])
                local members = redis.call('ZRANGE', KEYS[1], 0, -1)
                local total = 0
                for _, m in ipairs(members) do
                    local tokens = tonumber(string.match(m, '^(%d+):'))
                    if tokens then total = total + tokens end
                end
                if total >= tonumber(ARGV[2]) then
                    local oldest = redis.call('ZRANGE', KEYS[1], 0, 0, 'WITHSCORES')
                    if oldest and #oldest >= 2 then
                        return oldest[2]
                    end
                    return tostring(ARGV[3])
                end
                return 0
                "#,
            )
        });

        let result: i64 = TPM_SCRIPT
            .key(redis_key)
            .arg(cutoff)
            .arg(limit)
            .arg(now_ms)
            .invoke_async(&mut conn)
            .await?;

        if result == 0 {
            Ok(Ok(()))
        } else {
            let oldest_ms = result as u64;
            let retry_after_ms = (oldest_ms + 60_000).saturating_sub(now_ms);
            Ok(Err((retry_after_ms / 1000).max(1)))
        }
    }

    /// Record TPM tokens after a response is received.
    pub async fn record_tpm(&self, key_hash_hex: &str, now_ms: u64, tokens: u32) {
        let redis_key = format!("anyllm:rl:{key_hash_hex}:tpm");
        let member = format!("{tokens}:{}", uuid::Uuid::new_v4().as_simple());
        let mut conn = self.conn.clone();
        let result: Result<(), redis::RedisError> = redis::pipe()
            .zadd(&redis_key, member, now_ms as f64)
            .expire(&redis_key, 120)
            .query_async(&mut conn)
            .await;
        if let Err(e) = result {
            tracing::warn!(error = %e, "Redis TPM record failed");
        }
    }
}

#[cfg(test)]
mod tests {
    use super::RateLimitFailPolicy;

    #[test]
    fn get_redis_rate_limiter_returns_none_without_init() {
        // When redis feature is not enabled, or when not initialized,
        // the function should return None.
        assert!(super::get_redis_rate_limiter().is_none());
    }

    #[test]
    fn parse_rate_limit_fail_policy() {
        assert!(matches!(
            RateLimitFailPolicy::from_env_str("open"),
            RateLimitFailPolicy::Open
        ));
        assert!(matches!(
            RateLimitFailPolicy::from_env_str("closed"),
            RateLimitFailPolicy::Closed
        ));
        assert!(matches!(
            RateLimitFailPolicy::from_env_str("OPEN"),
            RateLimitFailPolicy::Open
        ));
        assert!(matches!(
            RateLimitFailPolicy::from_env_str("CLOSED"),
            RateLimitFailPolicy::Closed
        ));
        assert!(matches!(
            RateLimitFailPolicy::from_env_str("deny"),
            RateLimitFailPolicy::Closed
        ));
        assert!(matches!(
            RateLimitFailPolicy::from_env_str("DENY"),
            RateLimitFailPolicy::Closed
        ));
        assert!(matches!(
            RateLimitFailPolicy::from_env_str("unknown"),
            RateLimitFailPolicy::Open
        ));
    }

    #[test]
    fn fail_policy_defaults_to_open() {
        // When RATE_LIMIT_FAIL_POLICY is unset, from_env should return Open.
        std::env::remove_var("RATE_LIMIT_FAIL_POLICY");
        let policy = RateLimitFailPolicy::from_env();
        assert_eq!(policy, RateLimitFailPolicy::Open);
    }
}