discourse/lib/rate_limiter.rb

require_dependency 'rate_limiter/limit_exceeded'
require_dependency 'rate_limiter/on_create_record'

# A redis backed rate limiter.
class RateLimiter

  attr_reader :max, :secs, :user, :key

  def self.key_prefix
    "l-rate-limit2:"
  end

  def self.disable
    @disabled = true
  end

  def self.enable
    @disabled = false
  end

  # We don't observe rate limits in test mode
  def self.disabled?
    @disabled
  end

  # Only used in test, only clears current namespace, does not clear globals
  def self.clear_all!
    $redis.delete_prefixed(RateLimiter.key_prefix)
  end

  def build_key(type)
    "#{RateLimiter.key_prefix}:#{@user && @user.id}:#{type}"
  end

  def initialize(user, type, max, secs, global: false)
    @user = user
    @type = type
    @key = build_key(type)
    @max = max
    @secs = secs
    @global = false
  end

  def clear!
    redis.del(prefixed_key)
  end

  def can_perform?
    rate_unlimited? || is_under_limit?
  end

  # reloader friendly
  unless defined? PERFORM_LUA
    PERFORM_LUA = <<~LUA
      local now = tonumber(ARGV[1])
      local secs = tonumber(ARGV[2])
      local max = tonumber(ARGV[3])

      local key = KEYS[1]


      if ((tonumber(redis.call("LLEN", key)) < max) or
          (now - tonumber(redis.call("LRANGE", key, -1, -1)[1])) > secs) then
        redis.call("LPUSH", key, now)
        redis.call("LTRIM", key, 0, max - 1)
        redis.call("EXPIRE", key, secs * 2)

        return 1
      else
        return 0
      end
    LUA

    PERFORM_LUA_SHA = Digest::SHA1.hexdigest(PERFORM_LUA)
  end

  def performed!
    return if rate_unlimited?
    now = Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i
    if eval_lua(PERFORM_LUA, PERFORM_LUA_SHA, [prefixed_key], [now, @secs, @max]) == 0
      raise RateLimiter::LimitExceeded.new(seconds_to_wait, @type)
    end
  rescue Redis::CommandError => e
    if e.message =~ /READONLY/
      # TODO,switch to in-memory rate limiter
    else
      raise
    end
  end

  def rollback!
    return if RateLimiter.disabled?
    redis.lpop(prefixed_key)
  end

  def remaining
    return @max if @user && @user.staff?

    arr = redis.lrange(prefixed_key, 0, @max) || []
    t0 = Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i
    arr.reject! { |a| (t0 - a.to_i) > @secs }
    @max - arr.size
  end

  private

  def prefixed_key
    if @global
      "GLOBAL::#{key}"
    else
      $redis.namespace_key(key)
    end
  end

  def redis
    $redis.without_namespace
  end

  def seconds_to_wait
    @secs - age_of_oldest
  end

  def age_of_oldest
    # age of oldest event in buffer, in seconds
    Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i - redis.lrange(prefixed_key, -1, -1).first.to_i
  end

  def is_under_limit?
    # number of events in buffer less than max allowed? OR
    (redis.llen(prefixed_key) < @max) ||
    # age bigger than silding window size?
    (age_of_oldest > @secs)
  end

  def rate_unlimited?
    !!(RateLimiter.disabled? || (@user && @user.staff?))
  end

  def eval_lua(lua, sha, keys, args)
    redis.evalsha(sha, keys, args)
  rescue Redis::CommandError => e
    if e.to_s =~ /^NOSCRIPT/
      redis.eval(lua, keys, args)
    else
      raise
    end
  end
end
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`require_dependency 'rate_limiter/limit_exceeded'`
			`require_dependency 'rate_limiter/on_create_record'`

			`# A redis backed rate limiter.`
			`class RateLimiter`

FEATURE: scale up likes per day as users increase trust level tl2 = 1.5 times the likes tl3 = 2 times the likes tl4 = 3 times the likes configurable via tl[234]_additional_likes_per_day_multiplier site setting 2015-04-15 19:44:30 -04:00			`attr_reader :max, :secs, :user, :key`

FIX: The "too similar" check happened when trying to make a post a wiki 2015-02-02 12:44:21 -05:00			`def self.key_prefix`
FIX: regression around rate limiter 2017-12-04 05:44:16 -05:00			`"l-rate-limit2:"`
FIX: The "too similar" check happened when trying to make a post a wiki 2015-02-02 12:44:21 -05:00			`end`
FIX: Should flush rate limit keys before testing it 2015-01-29 11:44:51 -05:00
add current_user_provider so people can override current_user bevior cleanly, see http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278 2013-10-09 00:10:37 -04:00			`def self.disable`
			`@disabled = true`
			`end`

			`def self.enable`
			`@disabled = false`
			`end`

Initial release of Discourse 2013-02-05 14:16:51 -05:00			`# We don't observe rate limits in test mode`
			`def self.disabled?`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`@disabled`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`# Only used in test, only clears current namespace, does not clear globals`
FIX: Should flush rate limit keys before testing it 2015-01-29 11:44:51 -05:00			`def self.clear_all!`
FIX: The "too similar" check happened when trying to make a post a wiki 2015-02-02 12:44:21 -05:00			`$redis.delete_prefixed(RateLimiter.key_prefix)`
FIX: Should flush rate limit keys before testing it 2015-01-29 11:44:51 -05:00			`end`

Add better error messages for rate limits. 2015-09-24 13:52:32 -04:00			`def build_key(type)`
			`"#{RateLimiter.key_prefix}:#{@user && @user.id}:#{type}"`
			`end`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`def initialize(user, type, max, secs, global: false)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`@user = user`
Add better error messages for rate limits. 2015-09-24 13:52:32 -04:00			`@type = type`
			`@key = build_key(type)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`@max = max`
			`@secs = secs`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`@global = false`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`def clear!`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`redis.del(prefixed_key)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`def can_perform?`
small refactor of RateLimiter for clarity 2013-05-23 20:18:59 -04:00			`rate_unlimited? \|\| is_under_limit?`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`# reloader friendly`
			`unless defined? PERFORM_LUA`
			`PERFORM_LUA = <<~LUA`
			`local now = tonumber(ARGV[1])`
			`local secs = tonumber(ARGV[2])`
			`local max = tonumber(ARGV[3])`
Revert "PERF: improve speed of rate limiter" This reverts commit a9bcdd7f279827e86ec474bcf4c9ed96bc1c0060. 2017-12-04 05:19:28 -05:00
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`local key = KEYS[1]`
Revert "PERF: improve speed of rate limiter" This reverts commit a9bcdd7f279827e86ec474bcf4c9ed96bc1c0060. 2017-12-04 05:19:28 -05:00
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00
			`if ((tonumber(redis.call("LLEN", key)) < max) or`
			`(now - tonumber(redis.call("LRANGE", key, -1, -1)[1])) > secs) then`
			`redis.call("LPUSH", key, now)`
			`redis.call("LTRIM", key, 0, max - 1)`
			`redis.call("EXPIRE", key, secs * 2)`

			`return 1`
			`else`
			`return 0`
			`end`
			`LUA`

			`PERFORM_LUA_SHA = Digest::SHA1.hexdigest(PERFORM_LUA)`
			`end`

			`def performed!`
			`return if rate_unlimited?`
FIX: regression around rate limiter 2017-12-04 05:44:16 -05:00			`now = Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`if eval_lua(PERFORM_LUA, PERFORM_LUA_SHA, [prefixed_key], [now, @secs, @max]) == 0`
Revert "PERF: improve speed of rate limiter" This reverts commit a9bcdd7f279827e86ec474bcf4c9ed96bc1c0060. 2017-12-04 05:19:28 -05:00			`raise RateLimiter::LimitExceeded.new(seconds_to_wait, @type)`
PERF: improve speed of rate limiter Also - adds a global rate limiter option - cleans up usage in tests - fixes freeze_time so it handles clock_gettime 2017-12-04 02:17:18 -05:00			`end`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`rescue Redis::CommandError => e`
			`if e.message =~ /READONLY/`
			`# TODO,switch to in-memory rate limiter`
			`else`
			`raise`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

			`def rollback!`
			`return if RateLimiter.disabled?`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`redis.lpop(prefixed_key)`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`

FEATURE: Warn a user when they have few likes remaining 2016-03-18 11:17:51 -04:00			`def remaining`
			`return @max if @user && @user.staff?`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`arr = redis.lrange(prefixed_key, 0, @max) \|\| []`
FIX: regression around rate limiter 2017-12-04 05:44:16 -05:00			`t0 = Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i`
Add rubocop to our build. (#5004) 2017-07-27 21:20:09 -04:00			`arr.reject! { \|a\| (t0 - a.to_i) > @secs }`
FEATURE: Warn a user when they have few likes remaining 2016-03-18 11:17:51 -04:00			`@max - arr.size`
			`end`

small refactor of RateLimiter for clarity 2013-05-23 20:18:59 -04:00			`private`

Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`def prefixed_key`
			`if @global`
			`"GLOBAL::#{key}"`
			`else`
			`$redis.namespace_key(key)`
			`end`
			`end`

			`def redis`
			`$redis.without_namespace`
			`end`

Sliding window rate limiting Switched the algorithm to use a circular buffer based on a redis list 2013-05-25 15:37:28 -04:00			`def seconds_to_wait`
			`@secs - age_of_oldest`
			`end`

			`def age_of_oldest`
			`# age of oldest event in buffer, in seconds`
FIX: regression around rate limiter 2017-12-04 05:44:16 -05:00			`Process.clock_gettime(Process::CLOCK_MONOTONIC).to_i - redis.lrange(prefixed_key, -1, -1).first.to_i`
Sliding window rate limiting Switched the algorithm to use a circular buffer based on a redis list 2013-05-25 15:37:28 -04:00			`end`

small refactor of RateLimiter for clarity 2013-05-23 20:18:59 -04:00			`def is_under_limit?`
FIX: Should flush rate limit keys before testing it 2015-01-29 11:44:51 -05:00			`# number of events in buffer less than max allowed? OR`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00			`(redis.llen(prefixed_key) < @max) \|\|`
FIX: Should flush rate limit keys before testing it 2015-01-29 11:44:51 -05:00			`# age bigger than silding window size?`
			`(age_of_oldest > @secs)`
small refactor of RateLimiter for clarity 2013-05-23 20:18:59 -04:00			`end`

			`def rate_unlimited?`
FIX: rate limit password reset email 2014-08-17 20:55:30 -04:00			`!!(RateLimiter.disabled? \|\| (@user && @user.staff?))`
small refactor of RateLimiter for clarity 2013-05-23 20:18:59 -04:00			`end`
Revert "Revert "PERF: improve speed of rate limiter"" This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb. 2017-12-04 05:23:11 -05:00
			`def eval_lua(lua, sha, keys, args)`
			`redis.evalsha(sha, keys, args)`
			`rescue Redis::CommandError => e`
			`if e.to_s =~ /^NOSCRIPT/`
			`redis.eval(lua, keys, args)`
			`else`
			`raise`
			`end`
			`end`
Initial release of Discourse 2013-02-05 14:16:51 -05:00			`end`