feat: Put request rate limit at application server (#3857)

* feat: Put request rate limit at application server This PR contains implementation for a blanket rate limiter at application server level. Currently the allowed throughput is set high only to be changed later as per the actual data gathered. * Simplify implementation 1. Remove shutdown handler to purge rate limiter keys 2. Have separate keys for default and custom(route-based) rate limiters 3. Do not kill default rate limiter because it is not needed anymore due to (2) above * Set 60s as default for rate limiting window * Fix env types
2022-08-11 15:40:30 +05:30
parent 593cf73118
commit 7eaa8eb961
9 changed files with 148 additions and 0 deletions
--- a/server/env.ts
+++ b/server/env.ts
@@ -495,6 +495,37 @@ export class Environment {
    process.env.SOURCE_COMMIT || process.env.SOURCE_VERSION
  );

+  /**
+   * A boolean switch to toggle the rate limiter
+   * at application web server.
+   */
+  @IsOptional()
+  @IsBoolean()
+  public RATE_LIMITER_ENABLED = this.toBoolean(
+    process.env.RATE_LIMITER_ENABLED ?? "false"
+  );
+
+  /**
+   * Set max allowed requests in a given duration for
+   * default rate limiter to trigger throttling.
+   */
+  @IsOptional()
+  @IsNumber()
+  @CannotUseWithout("RATE_LIMITER_ENABLED")
+  public RATE_LIMITER_REQUESTS =
+    this.toOptionalNumber(process.env.RATE_LIMITER_REQUESTS) ?? 5000;
+
+  /**
+   * Set fixed duration window(in secs) for
+   * default rate limiter, elapsing which the request
+   * quota is reset(the bucket is refilled with tokens).
+   */
+  @IsOptional()
+  @IsNumber()
+  @CannotUseWithout("RATE_LIMITER_ENABLED")
+  public RATE_LIMITER_DURATION_WINDOW =
+    this.toOptionalNumber(process.env.RATE_LIMITER_DURATION_WINDOW) ?? 60;
+
  private toOptionalString(value: string | undefined) {
    return value ? value : undefined;
  }