CODEWITHSUNDEEP
yii2
Muhammad Shahzad
Muhammad Shahzad

Reputation: 9652

Yii2 Rate Limiting Api

I'm worried about Yii2 Rate limiting api?

What is Rate limiting api, why this used?

Here are some methods from Yii2 Can a yii guru explain in simple words about these methods, where and when I should use rate limiting in my api?

public function getRateLimit($request, $action)
{
    return [$this->rateLimit, 1]; // $rateLimit requests per second
}

public function loadAllowance($request, $action)
{
    return [$this->allowance, $this->allowance_updated_at];
}

public function saveAllowance($request, $action, $allowance, $timestamp)
{
    $this->allowance = $allowance;
    $this->allowance_updated_at = $timestamp;
    $this->save();
}

Upvotes: 4

Views: 6368

Answers (5)

barry white
barry white

Reputation: 1

public function getRateLimit($request, $action) {
    $id = $action->getUniqueId();
    $limits = [
          'user/login' => [20,10],
          'article/index' => [100,10],
          .......
           'other' => [50,10]
    ];
   if(!array_key_existe($id,$limits)) $id = 'other';
    return $limits[$id];
}

Upvotes: -1

Vijay Makwana
Vijay Makwana

Reputation: 921

you can use rate limithing composer.

add :"ethercreative/yii2-ip-ratelimiter": "1.*"

public function behaviors()
{
    $behaviors = parent::behaviors();
    $behaviors['rateLimiter'] = [
        // Use class
        'class' => RateLimiter::className(),

        'rateLimit' => 1,
        'timePeriod' => 2,

        'separateRates' => false,
        'enableRateLimitHeaders' => false,
    ];
    return $behaviors;
}

Upvotes: 0

cui cui
cui cui

Reputation: 71

Maybe Yii2 document could help you a lot,and link following, http://www.yiiframework.com/doc-2.0/guide-rest-rate-limiting.html you need to alter your user table in Database.The rate limiting takes effect for user loginned

Upvotes: 2

John Parra T
John Parra T

Reputation: 11

I implemented each step but not show the headers

X-Rate-Limit-Limit, the maximum number of requests allowed with a time period X-Rate-Limit-Remaining, the number of remaining requests in the current time period X-Rate-Limit-Reset, the number of seconds to wait in order to get the maximum number of allowed requests `

Upvotes: 1

giovaZ
giovaZ

Reputation: 1470

THE METHODS

getRateLimit(), loadAllowance() and saveAllowance() are three methods contained in the \yii\filters\RateLimitInterface Inteface that the user identity class should implement for enable rate limiting of your api.

getRateLimit() is the first method and it returns the maximum number of api calls that you can do in x seconds:

public function getRateLimit($request, $action) {
    return [1,20]; // There can be 1 api call every 20 seconds
}

loadAllowance() return the number of the remaining allowed requests with the corresponding UNIX timestamp of the last time these where checked.

public function loadAllowance($request, $action)
{
    return [$this->allowance, $this->allowance_updated_at]; 
}

saveAllowance() assign to $this->allowance the value of remaining allowed requests and save the timestamp in $this->allowance_updated_at.

public function saveAllowance($request, $action, $allowance, $timestamp)
{
    $this->allowance = $allowance; //Saving Remaining Requests
    $this->allowance_updated_at = $timestamp; // Saving Timestamp
    $this->save(); //Save the model
}

IMPLEMENTATION

This is how implemented the Rate Limiting in my example application (using advanced template):

1 Set the user identity class

In the config/main.php of your api application set the user component.

'user' => [
        'identityClass' => 'api\models\User', // User Model for your api
        'enableSession' => false, 
        'loginUrl' => null,        
    ],

2 Create a user model

This is model should implement the \yii\filters\RateLimitInterface:

This is mine:

class User extends \common\models\User implements \yii\filters\RateLimitInterface
{

    public $rateLimit = 1;
    public $allowance;
    public $allowance_updated_at;

    public function getRateLimit($request, $action) {
        return [$this->rateLimit,1];
    }

    public function loadAllowance($request, $action)
    {
        return [$this->allowance, $this->allowance_updated_at];
    }

    public function saveAllowance($request, $action, $allowance, $timestamp)
    {
        $this->allowance = $allowance;
        $this->allowance_updated_at = $timestamp;
        $this->save();
    }

}

After these two step Yii will automatically use yii\filters\RateLimiter configured as an action filter for yii\rest\Controller to perform rate limiting check (as cited in the documentation).

The last thing you have to do is disable the Rate limit header in your rest controller behaviors:

public function behaviors()
{
    $behaviors = parent::behaviors();
    $behaviors['rateLimiter']['enableRateLimitHeaders'] = false;
    return $behaviors;
}

WHEN YOU SHOULD USE RATE LIMITING IN YOUR APPLICATION

Api calls return data (with your filters) from your database so when they're called the server execute queries. More are the calls more are also the number of queries that are execute,

You must limit the number of the calls in order to prevent Server heavy works and a resulting fallout of your system.

Hope this will help. I'm not going far from the Yii2 Guide, but i don't think i can explain this in a simplier way.

Upvotes: 13

Related Questions