rok-rate-limit 0.3.0

Rate limiting Tower middleware and programmatic Limiter API for the rok ecosystem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

use std::{sync::Arc, time::Duration};

use crate::backend::MemoryBackend;

// ── LimitResult ───────────────────────────────────────────────────────────────

/// Result of a single rate-limit check.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum LimitResult {
    /// Request is within the limit.
    Allowed {
        /// Remaining requests in the current window.
        remaining: u64,
        /// Unix timestamp (seconds) when the window resets.
        reset_epoch: u64,
    },
    /// Limit exceeded — caller should return 429.
    Exceeded {
        /// Seconds until the current window resets.
        retry_after_secs: u64,
    },
}

impl LimitResult {
    pub fn is_allowed(&self) -> bool {
        matches!(self, Self::Allowed { .. })
    }

    pub fn is_exceeded(&self) -> bool {
        matches!(self, Self::Exceeded { .. })
    }
}

// ── Limiter ───────────────────────────────────────────────────────────────────

/// Shared rate-limiter handle. Cheap to clone — all state lives behind an
/// `Arc`.
///
/// # Example
///
/// ```rust,ignore
/// let limiter = Limiter::memory();
///
/// let result = limiter.for_key("user:123")
///     .requests(10)
///     .per(Duration::from_secs(60))
///     .check();
///
/// match result {
///     LimitResult::Allowed { remaining, .. } => { /* proceed */ }
///     LimitResult::Exceeded { retry_after_secs } => { /* 429 */ }
/// }
/// ```
#[derive(Clone)]
pub struct Limiter {
    backend: Arc<MemoryBackend>,
    /// Secondary in-memory guard used by `block_in_memory_after`.  Kept
    /// separate so that the primary backend can be swapped for Redis in future
    /// while the block guard always stays in-process.
    block_backend: Arc<MemoryBackend>,
}

impl Default for Limiter {
    fn default() -> Self {
        Self::memory()
    }
}

impl Limiter {
    /// Create a new limiter backed by an in-memory fixed-window counter.
    pub fn memory() -> Self {
        Self {
            backend: Arc::new(MemoryBackend::new()),
            block_backend: Arc::new(MemoryBackend::new()),
        }
    }

    /// Start building a rate-limit check for `key`.
    pub fn for_key(&self, key: impl Into<String>) -> LimitBuilder {
        LimitBuilder {
            limiter: self.clone(),
            key: key.into(),
            requests: 60,
            window_secs: 60,
            block_after: None,
        }
    }
}

// ── LimitBuilder ──────────────────────────────────────────────────────────────

/// Fluent builder for a single rate-limit check produced by [`Limiter::for_key`].
pub struct LimitBuilder {
    limiter: Limiter,
    key: String,
    requests: u64,
    window_secs: u64,
    block_after: Option<u64>,
}

impl LimitBuilder {
    /// Maximum number of requests allowed in the window.
    pub fn requests(mut self, n: u64) -> Self {
        self.requests = n;
        self
    }

    /// Window duration.
    pub fn per(mut self, d: Duration) -> Self {
        self.window_secs = d.as_secs().max(1);
        self
    }

    /// Short-circuit and return `Exceeded` immediately once the in-process
    /// counter hits `n`, without consulting any external storage.  Useful for
    /// shielding Redis from clearly abusive traffic when Redis is the primary
    /// backend.
    pub fn block_in_memory_after(mut self, n: u64) -> Self {
        self.block_after = Some(n);
        self
    }

    /// Run the check and return a [`LimitResult`].  Synchronous — the
    /// in-memory backend requires no I/O.
    pub fn check(self) -> LimitResult {
        let now_epoch = epoch_secs();

        // Fast-path: secondary in-memory block guard
        if let Some(block_limit) = self.block_after {
            let (block_count, reset_epoch) = self
                .limiter
                .block_backend
                .increment(&format!("block:{}", self.key), self.window_secs);

            if block_count > block_limit {
                let retry_after_secs = reset_epoch.saturating_sub(now_epoch).max(1);
                return LimitResult::Exceeded { retry_after_secs };
            }
        }

        let (count, reset_epoch) = self.limiter.backend.increment(&self.key, self.window_secs);

        if count > self.requests {
            let retry_after_secs = reset_epoch.saturating_sub(now_epoch).max(1);
            LimitResult::Exceeded { retry_after_secs }
        } else {
            LimitResult::Allowed {
                remaining: self.requests.saturating_sub(count),
                reset_epoch,
            }
        }
    }
}

fn epoch_secs() -> u64 {
    use std::time::{SystemTime, UNIX_EPOCH};
    SystemTime::now()
        .duration_since(UNIX_EPOCH)
        .unwrap_or_default()
        .as_secs()
}