replace the custom ratelimiter strategy with a fixed window

apis/middlewares_rate_limit.go

@@ -108,28 +108,6 @@ func checkCollectionRateLimit(e *core.RequestEvent, collection *core.Collection,
 
 // -------------------------------------------------------------------
 
-// @todo consider exporting as helper?
-//
-//nolint:unused
-func isClientRateLimited(e *core.RequestEvent, rtId string) bool {
-	rateLimiters, ok := e.App.Store().Get(rateLimitersStoreKey).(*store.Store[string, *rateLimiter])
-	if !ok || rateLimiters == nil {
-		return false
-	}
-
-	rt, ok := rateLimiters.GetOk(rtId)
-	if !ok || rt == nil {
-		return false
-	}
-
-	client, ok := rt.getClient(e.RealIP())
-	if !ok || client == nil {
-		return false
-	}
-
-	return client.available <= 0 && time.Now().Unix()-client.lastConsume < client.interval
-}
-
 // @todo consider exporting as helper?
 func checkRateLimit(e *core.RequestEvent, rtId string, rule core.RateLimitRule) error {
 	switch rule.Audience {
@@ -154,7 +132,7 @@ func checkRateLimit(e *core.RequestEvent, rtId string, rule core.RateLimitRule)
 	}
 
 	rt := rateLimiters.GetOrSet(rtId, func() *rateLimiter {
-		return newRateLimiter(rule.MaxRequests, rule.Duration, rule.Duration+1800)
+		return newRateLimiter(rule.MaxRequests, rule.Duration, 1800)
 	})
 	if rt == nil {
 		e.App.Logger().Warn("Failed to retrieve app rate limiter", "id", rtId)
@@ -311,30 +289,27 @@ func newRateClient(maxAllowed int, intervalInSec int64) *rateClient {
 	}
 }
 
-// @todo evaluate swiching to a more traditional fixed window or sliding window counter
-// implementations since some users complained that it is not intuitive (see #7329).
+// @todo evaluate swiching to sliding window with approximation counter similar to Cloudflare.
 //
-// rateClient is a mixture of token bucket and fixed window rate limit strategies
-// that refills the allowance only after at least "interval" seconds
-// has elapsed since the last request.
+// rateClient implements fixed window rate limit strategy.
 type rateClient struct {
 	// use plain Mutex instead of RWMutex since the operations are expected
 	// to be mostly writes (e.g. consume()) and it should perform better
 	sync.Mutex
 
-	maxAllowed  int   // the max allowed tokens per interval
-	available   int   // the total available tokens
-	interval    int64 // in seconds
-	lastConsume int64 // the time of the last consume
+	maxAllowed int   // the max allowed tokens per interval
+	available  int   // the total available tokens
+	start      int64 // the start time of the current window
+	interval   int64 // in seconds
 }
 
-// hasExpired checks whether it has been at least minElapsed seconds since the lastConsume time.
+// hasExpired checks whether it has been at least minElapsed seconds after the last active window.
 // (usually used to perform periodic cleanup of staled instances).
 func (l *rateClient) hasExpired(relativeNow int64, minElapsed int64) bool {
 	l.Lock()
 	defer l.Unlock()
 
-	return relativeNow-l.lastConsume > minElapsed
+	return relativeNow-(l.start+l.interval) > minElapsed
 }
 
 // consume decreases the current allowance with 1 (if not exhausted already).
@@ -347,15 +322,14 @@ func (l *rateClient) consume() bool {
 
 	nowUnix := time.Now().Unix()
 
-	// reset consumed counter
-	if nowUnix-l.lastConsume >= l.interval {
+	// reset
+	if nowUnix-l.start >= l.interval {
 		l.available = l.maxAllowed
+		l.start = nowUnix
 	}
 
 	if l.available > 0 {
 		l.available--
-		l.lastConsume = nowUnix
-
 		return true
 	}
 

apis/middlewares_rate_limit_test.go

@@ -74,7 +74,7 @@ func TestDefaultRateLimitMiddleware(t *testing.T) {
 
 	scenarios := []struct {
 		url            string
-		wait           float64
+		wait           float64 // ms
 		authenticated  bool
 		expectedStatus int
 	}{
@@ -85,10 +85,13 @@ func TestDefaultRateLimitMiddleware(t *testing.T) {
 		{"/norate", 0, false, 200},
 
 		{"/rate/a", 0, false, 200},
+		{"/rate/a", 800, false, 200}, // (fixed window check) wait enough to ensure that it can't fit 2 requests in 1s
+		{"/rate/a", 800, false, 200},
+		{"/rate/a", 800, false, 200},
 		{"/rate/a", 0, false, 200},
 		{"/rate/a", 0, false, 429},
 		{"/rate/a", 0, false, 429},
-		{"/rate/a", 1.1, false, 200},
+		{"/rate/a", 1000, false, 200},
 		{"/rate/a", 0, false, 200},
 		{"/rate/a", 0, false, 429},
 
@@ -96,7 +99,7 @@ func TestDefaultRateLimitMiddleware(t *testing.T) {
 		{"/rate/b", 0, false, 200},
 		{"/rate/b", 0, false, 200},
 		{"/rate/b", 0, false, 429},
-		{"/rate/b", 1.1, false, 200},
+		{"/rate/b", 1000, false, 200},
 		{"/rate/b", 0, false, 200},
 		{"/rate/b", 0, false, 200},
 		{"/rate/b", 0, false, 429},
@@ -118,7 +121,7 @@ func TestDefaultRateLimitMiddleware(t *testing.T) {
 		{"/rate/guest", 0, false, 429},
 
 		// "guest" rule with regular user (should fallback to the /rate/ rule)
-		{"/rate/guest", 1.1, true, 200},
+		{"/rate/guest", 1000, true, 200},
 		{"/rate/guest", 0, true, 200},
 		{"/rate/guest", 0, true, 429},
 		{"/rate/guest", 0, true, 429},
@@ -126,10 +129,6 @@ func TestDefaultRateLimitMiddleware(t *testing.T) {
 
 	for _, s := range scenarios {
 		t.Run(s.url, func(t *testing.T) {
-			if s.wait > 0 {
-				time.Sleep(time.Duration(s.wait) * time.Second)
-			}
-
 			rec := httptest.NewRecorder()
 			req := httptest.NewRequest("GET", s.url, nil)
 
@@ -147,6 +146,10 @@ func TestDefaultRateLimitMiddleware(t *testing.T) {
 				req.Header.Add("Authorization", token)
 			}
 
+			if s.wait > 0 {
+				time.Sleep(time.Duration(s.wait) * time.Millisecond)
+			}
+
 			mux.ServeHTTP(rec, req)
 
 			result := rec.Result()