Hi there,
I've just been pointed to your package by @dunglas after submitting a PR for rate limits to the api-platform/core package.
I like the look of your offering, as it's more complete than the PR I submitted to the api-platform/core, however I think that it could be improved to better handle race conditions.
In the RateLimitHandler you read from the cache, check, and update. You would be better of using a cache key that includes all the rate limit details, and a timeframe string for the desired timeframe, incrementing the cache (first trying to add it, but ignoring errors when it already exists), and then verifying whether the resulting value is greater than the rate limit. This avoids issues with the cache value being updated between the read & the write.
I'm happy to submit a PR to update, if you're happy with me doing so?
Hi there,
I've just been pointed to your package by @dunglas after submitting a PR for rate limits to the api-platform/core package.
I like the look of your offering, as it's more complete than the PR I submitted to the api-platform/core, however I think that it could be improved to better handle race conditions.
In the
RateLimitHandleryou read from the cache, check, and update. You would be better of using a cache key that includes all the rate limit details, and a timeframe string for the desired timeframe, incrementing the cache (first trying to add it, but ignoring errors when it already exists), and then verifying whether the resulting value is greater than the rate limit. This avoids issues with the cache value being updated between the read & the write.I'm happy to submit a PR to update, if you're happy with me doing so?