Feature/Rate Limiter
Summary
- Adds rate limiter plug.
- Implements rate limit for the search endpoints (10req/s for unauthenticated and 30req/s for authenticated users). Closes #943 (closed).
- Replaces
MastodonAPIController.account_register/2
rate limiter.
Rate Limiter Configuration
A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:
- The first element:
scale
(Integer). The time scale in milliseconds. - The second element:
limit
(Integer). How many requests to limit in the time scale provided.
It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated.
Example
config :pleroma, :rate_limit,
one: {1000, 10},
two: [{10_000, 10}, {10_000, 50}]
Here we have two limiters: one
which is not over 10req/1s and two
which has two limits 10req/10s for unauthenticated users and 50req/10s for authenticated users.
Usage
Inside a controller:
plug(Pleroma.Plugs.RateLimiter, :one when action == :one)
plug(Pleroma.Plugs.RateLimiter, :two when action in [:two, :three])
or inside a router pipiline:
pipeline :api do
...
plug(Pleroma.Plugs.RateLimiter, :one)
...
end