I'm using https://github.com/kickstarter/rack-attack/#throttles to throttle request to certain url's.
Rack-attack docs show how to throttle by request IP or request parameters, but what I'd like to do is throttle requests per user. So no matter the IP, user should be able to make no more than n request in certain time frame.
We use devise for authentication and I cannot think of a simple way to uniquely identify users based on request.
Should I store user id in the session/cookie? Maybe a uniq hash? What's you opinion on the best way to go about doing that?
The term throttle has come to refer, informally, to any mechanism by which the power or speed of an engine is regulated, such as a car's accelerator pedal. What is often termed a throttle (in an aviation context) is also called a thrust lever, particularly for jet engine powered aircraft.
A throttle has come to be associated with any part that controls the power of an engine – such as the accelerator pedal – but in actual fact it is a hydraulically operated mechanism used to increase or decrease inlet gases to the engine.
The Throttle System regulates the amount of air entering the engine, indirectly controlling the fuel-air mixture needed for engine power. When you press your foot on the accelerator lightly, the throttle valve opens slightly to let in a small amount of air.
To throttle someone means to kill or injure them by squeezing their throat or tightening something around it and preventing them from breathing. The gang tried to throttle the victim with a rope. Synonyms: strangle, choke, garrotte, strangulate More Synonyms of throttle. countable noun.
throttle, Valve for regulating the supply of a fluid (as steam) to an engine, especially the valve controlling the volume of vaporized fuel delivered to the cylinders of an internal-combustion engine.
full throttle (comparative more full throttle, superlative most full throttle) All out; at maximum speed, effort, or risk.
Figured it out. Devise already stores user id in the session. The code would look something like:
Rack::Attack.throttle('something', limit: 6, period: 60.seconds) do |req|
req.env['rack.session']["warden.user.user.key"][0][0] if some_condition?
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With