# Lets you limit the number of actions a user can take per time period
# Keeps an integer timestamp with some buffer in the past and each action increments the timestamp
# If the counter exceeds Time.now the action is disallowed and the user must wait for some time to pass.
module UserRateLimiting
class RateLimit < Struct.new(:max, :per)
def minimum
Time.now.to_i - (step_size * max)
end
def step_size
seconds = case per
when :month then 18144000 # 60 * 60 * 24 * 30
when :week then 604800 # 60 * 60 * 24 * 7
when :day then 86400 # 60 * 60 * 24
when :hour then 3600 # 60 * 60
when :minute then 60
else raise 'invalid per param (day, hour, etc)'
end
seconds / max
end
end
LIMITS = {
:reveal_email => RateLimit.new(200, :day)
# add new rate limits here...
}
def allowed_to? action
inc_counter(action) < Time.now.to_i
end
private
def inc_counter action
rl = LIMITS[action]
raise "couldn't find that action" if rl.nil?
val = REDIS_COUNTERS.incrby redis_key(action), rl.step_size
if val < rl.minimum
val = REDIS_COUNTERS.set redis_key(action), rl.minimum
end
val.to_i
end
def redis_key action
"rate_limit_#{action}_for_user_#{self.id}"
end
end
2条答案
按热度按时间nzkunb0c1#
可通过以下方式处理:1)网络服务器2)机架应用程序。一切都取决于你需要什么。我们use内置nginx功能来限制API请求:
另一个解决方案是rack-throttle。
这是Rack中间件,它为Rack应用程序的传入HTTP请求提供速率限制逻辑。您可以在任何基于Rack的Ruby Web框架中使用Rack::Throttle,包括Ruby on Rails 3。0和Sinatra
wfypjpf42#
下面是一个如何使用Redis和时间戳实现它的例子。你应该在user中包含这个模块。rb,然后调用
user.allowed_to?(:reveal_email)