rok-rate-limit 0.3.0

Rate limiting Tower middleware and programmatic Limiter API for the rok ecosystem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

#![cfg(feature = "axum")]

use axum::{
    body::Body,
    http::{Request, StatusCode},
    routing::get,
    Router,
};
use rok_rate_limit::{Limiter, ThrottleLayer, ThrottleRule};
use tower::ServiceExt;

// ── helpers ───────────────────────────────────────────────────────────────────

fn ok_handler() -> Router {
    Router::new().route("/", get(|| async { "ok" }))
}

// ── ThrottleLayer::global ────────────────────────────────────────────────────

#[tokio::test]
async fn global_layer_allows_within_limit() {
    // Use a unique limiter per test to avoid inter-test state pollution.
    let limiter = Limiter::memory();
    let layer = ThrottleLayer::new(limiter, vec![ThrottleRule::global("test:allow", 10, 60)]);

    let app = ok_handler().layer(layer);
    let resp = app
        .oneshot(Request::builder().uri("/").body(Body::empty()).unwrap())
        .await
        .unwrap();

    assert_eq!(resp.status(), StatusCode::OK);
}

#[tokio::test]
async fn global_layer_returns_429_when_exceeded() {
    let limiter = Limiter::memory();
    // Limit of 1, then we make 2 requests.
    let layer = ThrottleLayer::new(
        limiter.clone(),
        vec![ThrottleRule::global("test:exceed-gl", 1, 60)],
    );

    // First request — allowed (consumes the 1 slot)
    let app = ok_handler().layer(layer.clone());
    let resp = app
        .oneshot(Request::builder().uri("/").body(Body::empty()).unwrap())
        .await
        .unwrap();
    assert_eq!(resp.status(), StatusCode::OK);

    // Second request — exceeded
    let app = ok_handler().layer(layer);
    let resp = app
        .oneshot(Request::builder().uri("/").body(Body::empty()).unwrap())
        .await
        .unwrap();
    assert_eq!(resp.status(), StatusCode::TOO_MANY_REQUESTS);
}

#[tokio::test]
async fn response_contains_ratelimit_headers_when_allowed() {
    let limiter = Limiter::memory();
    let layer = ThrottleLayer::new(limiter, vec![ThrottleRule::global("test:headers", 5, 60)]);

    let app = ok_handler().layer(layer);
    let resp = app
        .oneshot(Request::builder().uri("/").body(Body::empty()).unwrap())
        .await
        .unwrap();

    assert_eq!(resp.status(), StatusCode::OK);
    assert!(
        resp.headers().contains_key("x-ratelimit-limit"),
        "should have x-ratelimit-limit"
    );
    assert!(
        resp.headers().contains_key("x-ratelimit-remaining"),
        "should have x-ratelimit-remaining"
    );
    assert!(
        resp.headers().contains_key("x-ratelimit-reset"),
        "should have x-ratelimit-reset"
    );
}

#[tokio::test]
async fn response_contains_retry_after_when_exceeded() {
    let limiter = Limiter::memory();
    // Exhaust the limiter before attaching it to the router
    for _ in 0..=1 {
        limiter
            .for_key("test:retry-hdr")
            .requests(1)
            .per(std::time::Duration::from_secs(60))
            .check();
    }
    let layer = ThrottleLayer::new(limiter, vec![ThrottleRule::global("test:retry-hdr", 1, 60)]);

    let app = ok_handler().layer(layer);
    let resp = app
        .oneshot(Request::builder().uri("/").body(Body::empty()).unwrap())
        .await
        .unwrap();

    assert_eq!(resp.status(), StatusCode::TOO_MANY_REQUESTS);
    assert!(
        resp.headers().contains_key("retry-after"),
        "should have Retry-After header"
    );
}

// ── ThrottleLayer::by_ip ────────────────────────────────────────────────────

#[tokio::test]
async fn by_ip_layer_uses_forwarded_for_header() {
    let limiter = Limiter::memory();
    let layer = ThrottleLayer::new(limiter.clone(), vec![ThrottleRule::by_ip("test:ip", 1, 60)]);

    // First request from 1.1.1.1 — allowed
    let app = ok_handler().layer(layer.clone());
    let resp = app
        .oneshot(
            Request::builder()
                .uri("/")
                .header("x-forwarded-for", "1.1.1.1")
                .body(Body::empty())
                .unwrap(),
        )
        .await
        .unwrap();
    assert_eq!(resp.status(), StatusCode::OK);

    // First request from 2.2.2.2 — also allowed (different IP bucket)
    let app = ok_handler().layer(layer.clone());
    let resp = app
        .oneshot(
            Request::builder()
                .uri("/")
                .header("x-forwarded-for", "2.2.2.2")
                .body(Body::empty())
                .unwrap(),
        )
        .await
        .unwrap();
    assert_eq!(resp.status(), StatusCode::OK);

    // Second request from 1.1.1.1 — exceeded
    let app = ok_handler().layer(layer);
    let resp = app
        .oneshot(
            Request::builder()
                .uri("/")
                .header("x-forwarded-for", "1.1.1.1")
                .body(Body::empty())
                .unwrap(),
        )
        .await
        .unwrap();
    assert_eq!(resp.status(), StatusCode::TOO_MANY_REQUESTS);
}