summaryrefslogblamecommitdiff
path: root/lib/Plack/Middleware/APIRateLimit.pm
blob: e94407ce661bb7c2cee41e01cf927a853907f57a (plain) (tree) 
98d2a0a


46fc47d






98d2a0a


46fc47d
























































































98d2a0a





46fc47d

98d2a0a



46fc47d








98d2a0a



46fc47d




































98d2a0a



46fc47d

98d2a0a









1
2

3
4
5
6
7
8

9
10

11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98

99
100
101
102
103

104

105
106
107

108
109
110
111
112
113
114
115

116
117
118

119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

155
156
157

158

159
160
161
162
163
164
165
166
167


                                        





                 

                      























































































                                                                          




           
                                                                       


               







                                                                                                               


                  



































                                                                             


             
                                            








                                                                    
package Plack::Middleware::APIRateLimit;

use Moose;
use Carp;
use Scalar::Util;
use Plack::Util;
use DateTime;

our $VERSION = '0.01';

extends 'Plack::Middleware';

has backend =>
    ( is => 'rw', isa => 'Plack::Middleware::APIRateLimit::Backend', );
has requests_per_hour =>
    ( is => 'rw', isa => 'Int', lazy => 1, default => 60 );
has key => ( is => 'rw', isa => 'Str', predicate => 'has_key' );

sub prepare_app {
    my $self = shift;
    $self->backend( $self->_create_backend( $self->backend ) );
}

sub _create_backend {
    my ( $self, $backend ) = @_;

    return $backend if defined $backend && Scalar::Util::blessed $backend;

    my ( $backend_name, $backend_options ) = ( undef, {} );

    if ( !defined $backend ) {
        $backend_name = "Hash";
    }
    elsif ( ref $backend eq 'ARRAY' ) {
        $backend_name    = shift @$backend;
        $backend_options = shift @$backend;
    }
    else {
        $backend_name = $backend;
    }

    Plack::Util::load_class(
        "Plack::Middleware::APIRateLimit::Backend::" . $backend_name )
        ->new($backend_options);
}

sub call {
    my ( $self, $env ) = @_;

    my $res = $self->app->($env);

    my $key = $self->_generate_key($env);

    $self->backend->incr($key);
    my $request_done = $self->backend->get($key);

    return $self->over_rate_limit()
        if $request_done > $self->requests_per_hour;

    my $headers = $res->[1];
    Plack::Util::header_set( $headers, 'X-RateLimit-Limit',
        $self->requests_per_hour );
    Plack::Util::header_set( $headers, 'X-RateLimit-Remaining',
        ( $self->requests_per_hour - $request_done ) );
    Plack::Util::header_set( $headers, 'X-RateLimit-Reset',
        $self->_reset_time );
    return $res;
}

sub _generate_key {
    my ( $self, $env ) = @_;
    return $self->key if $self->has_key;
    if ( $env->{REMOTE_USER} ) {
        return $env->{REMOTE_USER} . "_"
            . DateTime->now->strftime("%Y-%m-%d-%H");
    }
    else {
        return $env->{REMOTE_ADDR} . "_"
            . DateTime->now->strftime("%Y-%m-%d-%H");
    }
}

sub _reset_time {
    my $reset = time + ( 60 - DateTime->now->minute ) * 60;
}

sub over_rate_limit {
    my ($self) = @_;
    return [
        503,
        [
            'Content-Type'      => 'text/plain',
            'X-RateLimit-Reset' => $self->_reset_time
        ],
        ['Over Rate Limit']
    ];
}

1;
__END__

=head1 NAME

Plack::Middleware::APIRateLimit - A Plack Middleware for API Throttling

=head1 SYNOPSIS

  my $handler = builder {
    enable "APIRateLimit";
    # or
    enable "APIRateLimit", requests_per_hour => 2, backend => "Hash";
    # or
    enable "APIRateLimit", requests_per_hour => 2, backend => ["Redis", {port => 6379, server => '127.0.0.1'}];
    sub { [ '200', [ 'Content-Type' => 'text/html' ], ['hello world'] ] };
  };

=head1 DESCRIPTION

Plack::Middleware::APIRateLimit is a Plack middleware for controlling API
access.

Set a limit on how many requests per hour is allowed on your API. In the case
of a authorized request, 3 headers are added:

=over 2

=item B<X-RateLimit-Limit>

How many requests are authorized by hours

=item B<X-RateLimit-Remaining>

How many remaining requests 

=item B<X-RateLimit-Reset>

When will the counter be reseted (in epoch)

=back

=head2 VARIABLES

=over 4

=item B<backend>

Which backend to use. Currently only Hash and Redis are supported. If no
backend is specified, Hash is used by default.

=item B<requests_per_hour>

How many requests is allowed by hour.

=back

=head1 AUTHOR

franck cuny E<lt>franck@linkfluence.netE<gt>

=head1 SEE ALSO

=head1 LICENSE

This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.

=cut
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 09:15:23 +0000