pub struct BoundedKeyedLimiter<K: Eq + Hash + Clone> { /* private fields */ }Expand description
Memory-bounded keyed rate limiter.
Cheaply cloneable; clones share state.
Implementations§
Source§impl<K: Eq + Hash + Clone + Send + Sync + 'static> BoundedKeyedLimiter<K>
impl<K: Eq + Hash + Clone + Send + Sync + 'static> BoundedKeyedLimiter<K>
Sourcepub fn with_per_minute(
requests_per_minute: u32,
max_tracked_keys: usize,
idle_eviction: Duration,
) -> Self
pub fn with_per_minute( requests_per_minute: u32, max_tracked_keys: usize, idle_eviction: Duration, ) -> Self
Construct a BoundedKeyedLimiter with a per-minute quota.
Convenience constructor that builds a per-minute Quota from
requests_per_minute. The rate is clamped to a minimum of 1
request/min so a misconfigured 0 does not panic at startup.
requests_per_minute– per-key rate, clamped to>= 1.max_tracked_keys– hard cap on simultaneously tracked keys. When reached, an insert first prunes idle entries then falls back to LRU eviction.idle_eviction– entries whoselast_seenis older than this are eligible for opportunistic pruning.
Sourcepub fn with_per_second(
requests_per_second: u32,
max_tracked_keys: usize,
idle_eviction: Duration,
) -> Self
pub fn with_per_second( requests_per_second: u32, max_tracked_keys: usize, idle_eviction: Duration, ) -> Self
Construct a BoundedKeyedLimiter with a per-second quota.
Convenience constructor that builds a per-second Quota from
requests_per_second. The rate is clamped to a minimum of 1
request/sec so a misconfigured 0 does not panic at startup.
requests_per_second– per-key rate, clamped to>= 1.max_tracked_keys– hard cap on simultaneously tracked keys. When reached, an insert first prunes idle entries then falls back to LRU eviction.idle_eviction– entries whoselast_seenis older than this are eligible for opportunistic pruning.
Sourcepub fn check_key(&self, key: &K) -> Result<(), BoundedLimiterError>
pub fn check_key(&self, key: &K) -> Result<(), BoundedLimiterError>
Test the per-key quota for key.
Returns Ok(()) if the request is allowed. The last_seen
timestamp is updated on every call – including rate-limit
rejections – so an actively firing attacker cannot age out into
a fresh quota by appearing idle.
When inserting a new key into a full table, idle entries are pruned
first; if the table is still full, the entry with the oldest
last_seen is evicted (LRU). The new key is always inserted –
honest new clients are never rejected because the table is full.
§Errors
Returns BoundedLimiterError::RateLimited when key has
exceeded its per-key quota for the current window.
Sourcepub fn check_key_wait(&self, key: &K) -> Result<(), Duration>
pub fn check_key_wait(&self, key: &K) -> Result<(), Duration>
Test the per-key quota for key, returning the wait time on deny.
Identical admission semantics to check_key
(same last_seen refresh, idle-prune, and LRU-eviction behavior);
the two methods share one code path.
§Errors
On deny, returns the best-effort current wait until the next
request for this key could be admitted, measured against
governor’s default clock at the moment of the failed check. The
value is a raw Duration; rounding (e.g. ceiling to whole
seconds for a Retry-After header) is the caller’s concern.