composite user API rate limiting

2020-05-03 13:16:57 -06:00 · 2020-05-03 13:16:57 -06:00 · 3deaafe989
parent f66a25c0b9
commit 3deaafe989
1 changed files with 11 additions and 18 deletions
--- a/app/controllers/Api.scala
+++ b/app/controllers/Api.scala
@ -55,18 +55,13 @@ final class Api(
    userApi.extended(name, ctx.me) map toApiResult
  }

-  private[controllers] val UsersRateLimitGlobal = new lila.memo.RateLimit[String](
-    credits = 1000,
-    duration = 1.minute,
-    name = "team users API global",
-    key = "team_users.api.global"
-  )
-
-  private[controllers] val UsersRateLimitPerIP = new lila.memo.RateLimit[IpAddress](
-    credits = 1000,
-    duration = 10.minutes,
-    name = "team users API per IP",
-    key = "team_users.api.ip"
+  private[controllers] val UsersRateLimitPerIP = lila.memo.RateLimit.composite[IpAddress](
+    key = "users.api.ip",
+    name = "users API per IP",
+    enforce = env.net.rateLimit.value
+  )(
+    ("fast", 1000, 10.minutes),
+    ("slow", 30000, 1.day)
  )

  def usersByIds = Action.async(parse.tolerantText) { req =>
@ -74,12 +69,10 @@ final class Api(
    val ip        = HTTPRequest lastRemoteAddress req
    val cost      = usernames.size / 4
    UsersRateLimitPerIP(ip, cost = cost) {
-      UsersRateLimitGlobal("-", cost = cost, msg = ip.value) {
-        lila.mon.api.users.increment(cost)
-        env.user.repo nameds usernames map {
-          _.map { env.user.jsonView(_, none) }
-        } map toApiResult map toHttp
-      }
+      lila.mon.api.users.increment(cost)
+      env.user.repo nameds usernames map {
+        _.map { env.user.jsonView(_, none) }
+      } map toApiResult map toHttp
    }
  }