go-chi/httprate go-chi/httprate

  • Stars
    star
    207
  • Rank 183,017 (Top 4 %)
  • Language
    Go
  • License
    MIT License
  • Created almost 4 years ago
  • Updated 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
go-chi/httprate
github

go-chi

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

net/http rate limiter middleware

httprate

net/http request rate limiter based on the Sliding Window Counter pattern inspired by CloudFlare https://blog.cloudflare.com/counting-things-a-lot-of-different-things/.

The sliding window counter pattern is accurate, smooths traffic and offers a simple counter design to share a rate-limit among a cluster of servers. For example, if you'd like to use redis to coordinate a rate-limit across a group of microservices you just need to implement the httprate.LimitCounter interface to support an atomic increment and get.

Example

package main

import (
  "net/http"

  "github.com/go-chi/chi/v5"
  "github.com/go-chi/chi/v5/middleware"
  "github.com/go-chi/httprate"
)

func main() {
  r := chi.NewRouter()
  r.Use(middleware.Logger)

  // Enable httprate request limiter of 100 requests per minute.
  //
  // In the code example below, rate-limiting is bound to the request IP address
  // via the LimitByIP middleware handler.
  //
  // To have a single rate-limiter for all requests, use httprate.LimitAll(..).
  //
  // Please see _example/main.go for other more, or read the library code.
  r.Use(httprate.LimitByIP(100, 1*time.Minute))

  r.Get("/", func(w http.ResponseWriter, r *http.Request) {
    w.Write([]byte("."))
  })

  http.ListenAndServe(":3333", r)
}

Common use cases

Rate limit by IP and URL path (aka endpoint)

  r.Use(httprate.Limit(
  	10,             // requests
  	10*time.Second, // per duration
  	httprate.WithKeyFuncs(httprate.KeyByIP, httprate.KeyByEndpoint),
  ))

Rate limit by arbitrary keys

  r.Use(httprate.Limit(
    100,           // requests
    1*time.Minute, // per duration
    // an oversimplified example of rate limiting by a custom header
    httprate.WithKeyFuncs(func(r *http.Request) (string, error) {
    	return r.Header.Get("X-Access-Token"), nil
    }),
  ))

Send specific response for rate limited requests

  r.Use(httprate.Limit(
    10,            // requests
    1*time.Second, // per duration
    httprate.WithLimitHandler(func(w http.ResponseWriter, r *http.Request) {
      http.Error(w, "some specific response here", http.StatusTooManyRequests)
    }),
  ))

Related packages

Redis backend for httprate: https://github.com/go-chi/httprate-redis

LICENSE

MIT

More Repositories

1

chi

lightweight, idiomatic and composable router for building Go HTTP services
Go
16,803
star
2

jwtauth

JWT authentication middleware for Go HTTP services
Go
499
star
3

cors

CORS net/http middleware for Go
Go
284
star
4

render

easily manage HTTP request / response payloads of Go HTTP services
Go
263
star
5

httplog

Go HTTP request logger with structured logging capabilities built on "log/slog" package
Go
174
star
6

httpcoala

Go http middleware handler for request coalescing
Go
127
star
7

docgen

auto-generate routing documentation in JSON or Markdown for a `chi` Router from your app source
Go
103
star
8

hostrouter

Little package to map hosts to a variety of http routers for Go API services
Go
59
star
9

stampede

Function and HTTP request coalescer
Go
55
star
10

oauth

OAuth 2.0 middleware service for chi (ported from gin by community member)
Go
25
star
11

valve

graceful server shutdown via context signalling for Go servers
Go
21
star
12

httptracer

Tracing middleware for go-chi
Go
18
star
13

telemetry

Telemetry middleware for Go services via Prometheus
Go
14
star
14

jsonp

JSONP Go http middleware
Go
14
star
15

httprate-redis

httprate.LimitCounter implementation with Redis backend
Go
12
star
16

docs

chi docs
CSS
7
star