CODEWITHSUNDEEP
ruby-on-railsruby-on-rails-3rate-limiting
Chris Bolton
Chris Bolton

Reputation: 2926

rate-limiting a function call in rails per user

Anyone have any idea how I might go about this? Having a pretty hard time finding information online. Best I found is the curbit it gem but I can only think of how to implement that application-wise.

Upvotes: 10

Views: 2631

Answers (2)

Brian Armstrong
Brian Armstrong

Reputation: 19873

Here is an example of how it can be implemented using Redis and timestamps. You'd include this module in user.rb and then you can call user.allowed_to?(:reveal_email)

# Lets you limit the number of actions a user can take per time period
# Keeps an integer timestamp with some buffer in the past and each action increments the timestamp
# If the counter exceeds Time.now the action is disallowed and the user must wait for some time to pass.

module UserRateLimiting

  class RateLimit < Struct.new(:max, :per)
    def minimum
      Time.now.to_i - (step_size * max)
    end

    def step_size
      seconds = case per
                when :month  then 18144000 # 60 * 60 * 24 * 30
                when :week   then 604800   # 60 * 60 * 24 * 7
                when :day    then 86400    # 60 * 60 * 24
                when :hour   then 3600     # 60 * 60
                when :minute then 60
                else raise 'invalid per param (day, hour, etc)'
                end
                seconds / max
    end
  end

  LIMITS = {
    :reveal_email => RateLimit.new(200, :day)
    # add new rate limits here...
  }

  def allowed_to? action
    inc_counter(action) < Time.now.to_i
  end

  private

  def inc_counter action
    rl = LIMITS[action]
    raise "couldn't find that action" if rl.nil?
    val = REDIS_COUNTERS.incrby redis_key(action), rl.step_size
    if val < rl.minimum
      val = REDIS_COUNTERS.set redis_key(action), rl.minimum
    end
    val.to_i
  end

  def redis_key action
    "rate_limit_#{action}_for_user_#{self.id}"
  end
end

Upvotes: 2

Anatoly
Anatoly

Reputation: 15530

It can be handled by: 1) webserver 2) rack-application. All depend on what you need. We use built-in nginx functionality to limit API requests:

     limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
     limit_req zone=one burst=2;

The another solution is rack-throttle.

This is Rack middleware that provides logic for rate-limiting incoming HTTP requests to Rack applications. You can use Rack::Throttle with any Ruby web framework based on Rack, including with Ruby on Rails 3.0 and with Sinatra.

Upvotes: 8

Related Questions