A rate-limiter using Durable Objects on CF Workers that actually doesn't rate limit anything.

Overview

Rate Limiter - built for Cloudflare Workers, using Durable Objects

Features

  • Supports fixed or sliding window algorithms
  • Scoped rate-limiting
  • Caching
  • Cleanup of stale DO data using alarm
  • Responses provide all information needed to take actions (or not)
  • Tested in production (well, not actually)

FAQ

How to use

You can use it as a subworker as described here.

Deploy to Cloudflare Workers

But it doesn't rate limit anything

Yeah, that's the sad truth. The code is there to decide whether or not a request should be rate-limited, but currently it just outputs the results in a JSON response. The reason is because this is how it's being used as part of another project I'm working on. That said, I think it's a good starting point as it would require minimal changes from you to send the right responses back.

What about pricing? How it compares with CF's own rate-limiter?

Well, it all depends in the use-case. You can check out the cost calculator.

Description of JSON Body (usage)

  • type: type can be one of sliding or fixed and describes the algorithm that will be used.
  • scope: the value of this header is used as the rate-limit scope.
  • key: the key is the client information, can be an IP (most of the time), or a network, a username, or even a user-agent. In general, feel free to use whatever you like.
  • limit: the value of this header provides the request limit (e.g. 10).
  • interval: the interval (in seconds) upon which all calculations are based.

Responses

Response status will be one of:

  • 200, meaning that the request was processed without problems
  • 400, JSON input error
  • 500, any other error, info can be found at response body

Response body on successful requests depends on the type of the algorithm used and the outcome.

If the request should be rate-limited, you would find an error property, with a value of rate-limited, if not, depending on the algorithm used, you will find quota information:

  • The sliding type might return one of the two following bodies:
{
    "rate": "number, rate of the incoming requests"
}

or

{
    "rate": "number, rate of the incoming requests",
    "error": "rate-limited"
}
  • The fixed type might return one of the following bodies:
{ 
    "resets": "number, seconds since epoch",
    "remaining": "number, remaining requests until rate-limiting"
}

or

{
    "resets": "number, seconds since epoch",
    "error": "rate-limited"
}
You might also like...

Annotation tools for the web. Select text, images, or (nearly) anything else, and add your notes.

Annotator Annotator is a JavaScript library for building annotation applications in browsers. It provides a set of interoperable tools for annotating

Dec 23, 2022

Blog-webapp - A simple webapp prototype that serves tech news, blogs, and anything else a developer might want to learn or get help with

Blog-webapp - A simple webapp prototype that serves tech news, blogs, and anything else a developer might want to learn or get help with

Blog Web app A simple webapp prototype that serves tech news, blogs, and anythin

Nov 3, 2022

Check your device when you have anything to change on your PC or mobile.

Check your device when you have anything to change on your PC or mobile.

opgg-use-device-detector Check your device when you have anything to change on your PC or mobile. ❤️ it? ⭐️ it on GitHub opgg-use-device-detector basi

Aug 6, 2022

JSON Visio is data visualization tool for your json data which seamlessly illustrates your data on graphs without having to restructure anything, paste directly or import file.

JSON Visio is data visualization tool for your json data which seamlessly illustrates your data on graphs without having to restructure anything, paste directly or import file.

JSON Visio is data visualization tool for your json data which seamlessly illustrates your data on graphs without having to restructure anything, paste directly or import file.

Jan 4, 2023

📈 AI powered web scraper that let's you scrape anything you want from the web including google search results

AI powered web scraper that let's you scrape anything you want from the web including google web search results from your terminal. And at the same ti

Dec 27, 2022

HackFest is a 36-hour long hackathon wherein you have to put on your hacker hats and build anything that falls in either or both the domain of full-stack web development

HackFest is a 36-hour long hackathon wherein you have to put on your hacker hats and build anything that falls in either or both the domain of full-stack web development

HackFest is a 36-hour long hackathon wherein you have to put on your hacker hats and build anything that falls in either or both the domain of full-stack web development (the stack we learn in full-stack web developer roadmap on codedamn).

Jun 6, 2022

Create a new project with Next.js, TypeScript, Eslint, Prettier in just 1 second and you don't need to setup anything.

Create a new project with Next.js, TypeScript, Eslint, Prettier in just 1 second and you don't need to setup anything.

Next + TypeScript + Eslint + Prettier Template 🔥 Create a new project with Next.js, TypeScript, Eslint, Prettier in just 1 second and you don't need

Oct 2, 2022

Self-Sovereign Anything

SSX SSX is a library that enables you to easily add user authentication, session management, and more to your dapp. Documentation https://docs.ssx.id

Dec 24, 2022
Comments
  • For your durable object alarm are you calculating ts_less_than correctly?

    For your durable object alarm are you calculating ts_less_than correctly?

    I maybe completely misunderstanding this so forgive me if this is the case, but say we take:

    ts_less_than: Math.floor(now / 1000 / parseInt(interval)) - parseInt(interval) * 2

    This is number of intervals - the interval seconds * 2.

    Shouldn't you be doing number of intervals -2 intervals aka:

    Math.floor(now / 1000 / parseInt(interval)) - 2

    bug 
    opened by OultimoCoder 12
  • cost effectiveness

    cost effectiveness

    There are scenarios where this code is more cost-effective than CF's rate limiter and other scenarios where it could kill your budget.

    Maybe using some on-the-fly calculations (like the cost calculator) on the traffic patterns, we could identify these scenarios effectively and integrate with the CF API to push the rate-limit rule closer to the edge. An alarm also could be used to trigger the rule's deletion every 1h, as if needed it would be automatically re-provisioned.

    wontfix idea 
    opened by honzabit 1
  • cache rate-limited responses from DO

    cache rate-limited responses from DO

    Responses can be stored/returned from the cache when the fixed window algorithm is used. Any rate-limited response can be safely stored in and returned from the cache, until the timestamp returned in the resets property.

    On the other hand, the sliding window algorithm is not so cache-friendly, but I guess an approximation of cache time can possibly be computed here too using the distance of rate from limit and the interval.

    enhancement 
    opened by honzabit 1
  • cleanup old keys from DO storage

    cleanup old keys from DO storage

    Old keys need to be cleaned up to avoid unneeded storage charges.

    The keys need to be restructured to also include the interval, and together with the window, stale keys can be identified and removed.

    enhancement 
    opened by honzabit 1
Owner
Ian
Ian
Simple rate-limiter NPM Module used for blocking IPs that exceeds certain number of requests per second in a specific time frame.

API Rate Limiter Zero-Dependencies Simple rate-limiter NPM Module used for blocking IPs that exceeds certain number of requests per second in a specif

Khaldon 7 Oct 7, 2022
Transactional Inbox/Outbox pattern for Durable Objects

do-transactional-outbox One of the challenges that many event-driven systems face is the fact that they have to write to the database and send out an

Erwin van der Koogh 5 Sep 27, 2022
⚖️ Limit an async function's concurrency with ease!

limit-concur Limit an async function's concurrency with ease! Install $ npm i limit-concur Usage import got from 'got' import limitConcur from 'limit-

Tomer Aberbach 19 Apr 8, 2022
Read Medium content without limit!

Medium Unlocker Read Medium content without limit! Aka replacer for Medium Unlimited. Get more information Please visit Wiki page Features Unlock grap

und3fined 303 Dec 24, 2022
Ajax library with XHR2, promises and request limit

qwest 4.5.0 ⚠ I finally decided to archive this repository. ⚠ At first, I developed Qwest because at the time other libraries were lacking of a proper

Aurélien Delogu 718 Sep 14, 2022
FrontendMasters Course Downloader That actually works.

Frontend Masters Downloader Features Download episodes sorted by their lesson/section Option to include subtitles/captions to the episodes Support mul

Abdulrahman Salah 16 Dec 22, 2022
Jaime Gómez-Obregón 119 Dec 24, 2022
Unlocks all brainly answers and bypasses one answer per day limit. Gives infinite free answers & unlocks all textbooks 🔐 ∞

Brainly-LockPick ?? Unlocks all brainly answers and bypasses one answer per day limit. Gives infinite free answers & unlocks textbooks ?? ∞ Note: refr

null 7 Dec 9, 2022
Allows the public to easily report and track the geolocation of anyone or anything they spot outside, using a mobile app or web frontend.

LIVE DEMO: https://armytracker.com/ (tracking the invading Russian army in Ukraine) Attention: - If you'd like to help the project either as a program

Michal Certicky 9 Mar 27, 2022
Want to preserve your loved one's voices for eternity? Narrate anything using the a voice imprint that can be made in as little as 10 minutes of audio samples. Easy as pie.

Want to preserve your loved one's voices for eternity? Narrate anything using the a voice imprint that can be made in as little as 10 minutes of audio samples. Easy as pie.

Ari 15 Nov 29, 2022