You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sometimes is useful to have a way to reset the RateLimiter, e.g. rate limiting the login and be able to clear the rate limit when user resets his password.
With this, we are identifying by both an namespace and user IP. I see this useful for readability: we use a namespace to better uderstand that we are limiting in one mutation and reseting in another. Without this, it's still possible to implement, but it's harder to see why that reset is there:
Very nice proposal! I would break this into 2 tasks, though.
One to implement the Reset middleware without any breaking changes in the API, and later this general refactoring, which we could wait to bundle with other breaking changes before releasing a new major version.
Another option would be to have the namespace as the query/mutation name by default. That way, we could already implement the concept of namespaces without a breaking change
Yeah, I thought about making 2 PR's for this too. But I also was thinking implementing this new options without breaking changes. The approach would be supporting the old options (informing that they are deprecated) and the new options.
For the namespace I was thinking that if it's not informed, the identification would be something like "query:#{limit_by}" (skipping the namespace concatenation). But your idea of using the name of the query/mutation as default is nice :)
Sometimes is useful to have a way to reset the RateLimiter, e.g. rate limiting the login and be able to clear the rate limit when user resets his password.
For this we can add a function
reset(identifier)
to theRajska.RateLimiter
module that calls the https://hexdocs.pm/hammer/Hammer.html#delete_buckets/2.Besides this low level function, we could also have a middleware for this.
Also, another suggestion is to improve the RateLimiter identifier config. Today we have 3 ways of specifying a identifier:
id
optionkeys
optionIt would be nice, given the idea to have a middleware for limiting and reseting, do something like this:
With this, we are identifying by both an namespace and user IP. I see this useful for readability: we use a namespace to better uderstand that we are limiting in one mutation and reseting in another. Without this, it's still possible to implement, but it's harder to see why that reset is there:
The
limit_by
could be::ip
-> uses user IP{:keys, list}
-> same waykeys
option today works{:id, any_fixed_id}
-> same wayid
option worksThe Hammer id built with this, would be something like
"query:#{namespace}:#{limit_by}"
What do you guys think?
The text was updated successfully, but these errors were encountered: