Rajska.RateLimiter (Rajska v1.3.2) View Source
Rate limiter absinthe middleware. Uses Hammer.
Usage
First configure Hammer, following its documentation. For example:
config :hammer,
backend: {Hammer.Backend.ETS, [expiry_ms: 60_000 * 60 * 4,
cleanup_interval_ms: 60_000 * 10]}
Add your middleware to the query that should be limited:
field :default_config, :string do
middleware Rajska.RateLimiter
resolve fn _, _ -> {:ok, "ok"} end
end
You can also configure it and use multiple rules for limiting in one query:
field :login_user, :session do
arg :email, non_null(:string)
arg :password, non_null(:string)
middleware Rajska.RateLimiter, limit: 10 # Using the default identifier (user IP)
middleware Rajska.RateLimiter, keys: :email, limit: 5 # Using the value provided in the email arg
resolve &AccountsResolver.login_user/2
end
The allowed configuration are:
scale_ms
: The timespan for the maximum number of actions. Defaults to 60_000.limit
: The maximum number of actions in the specified timespan. Defaults to 10.id
: An atom or string to be used as the bucket identifier. Note that this will always be the same, so by using this the limit will be global instead of by user.keys
: An atom or a list of atoms to get a query argument as identifier. Use a list when the argument is nested.error_msg
: The error message to be displayed when rate limit exceeds. Defaults to"Too many requests"
.
Note that when neither id
or keys
is provided, the default is to use the user's IP. For that, the default behaviour is to use
Rajska.Authorization.get_ip/1
to fetch the IP from the absinthe context. That means you need to manually insert the user's IP in the
absinthe context before using it as an identifier. See the absinthe docs
for more information.
Link to this section Summary
Functions
Callback implementation for Absinthe.Middleware.call/2
.
Link to this section Functions
Callback implementation for Absinthe.Middleware.call/2
.