Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Debouncing Middleware Feature to Pode #1467

Draft
wants to merge 3 commits into
base: develop
Choose a base branch
from
Draft

Add Debouncing Middleware Feature to Pode #1467

wants to merge 3 commits into from
+436 −5

Conversation

mdaneri
Copy link
Contributor

@mdaneri mdaneri commented Jan 14, 2025
edited
Loading

Description:

This pull request introduces a new middleware feature to Pode: Debouncing. The Debouncing middleware helps control and limit repeated client requests to specific endpoints within a specified timeout window. This feature enhances server performance by throttling excessive requests and prevents resource overloading.

Key Features:

  1. Debounce Timeout:

    • Prevents repeated requests from the same client within a configurable timeout window.
    • Returns a 429 Too Many Requests response when requests exceed the defined threshold.

  2. Cleanup Mechanism:

    • Includes a timer that periodically cleans up expired debounce entries to ensure efficient memory usage.
    • Configurable cleanup interval for flexibility in different server scenarios.

  3. Expiration Logic:

    • Allows configuration of expiration times for debounce entries to prevent stale or unused data from accumulating.

  4. Thread-Safe Implementation:

    • Uses ConcurrentDictionary for managing debounce entries, ensuring thread safety in high-concurrency environments.

  5. Enable and Disable Functionality:

    • Add-PodeDebounce to enable debouncing middleware with customizable options.
    • Remove-PodeDebounce to disable the middleware and associated timers when no longer needed.

Example Usage:

# Add debouncing with a 500ms timeout
Add-PodeDebounce -DebounceTimeoutMilliseconds 500
# Add advanced configuration with cleanup and expiration
Add-PodeDebounce -DebounceTimeoutMilliseconds 500 -CleanupIntervalSeconds 300 -ExpirationSeconds 60
# Remove debouncing
Remove-PodeDebounce

Purpose:

This feature provides server administrators with a powerful tool to manage client request rates effectively, avoiding potential denial-of-service issues caused by excessive or rapid-fire requests.

Linked Issues:

@mdaneri mdaneri mentioned this pull request Jan 14, 2025
Closed
@Badgerati
Copy link
Owner

I might have another approach for this; I've wanted to overhaul Add-PodeLimitRule and make it more dynamic for quite some time - rather that it being restrictive to just "IP" or just "Route".

I'm just putting something together for it now, and I'll push it in the next couple days.

@Badgerati
Copy link
Owner

Pushed under #1469, to mimic the same functionality of debouncing, this should work:

# Only allow an IP to hit a Route once every 60secs
Add-PodeLimitRateRule -Name 'Example' -Limit 1 -Timeout 60 -Component @(
    New-PodeLimitIPComponent
    New-PodeLimitRouteComponent
)

Or, to add in GET/POST from #1462:

# Only allow an IP to hit a GET/POST Route once every 60secs
Add-PodeLimitRateRule -Name 'Example' -Limit 1 -Timeout 60 -Component @(
    New-PodeLimitIPComponent
    New-PodeLimitRouteComponent
    New-PodeLimitMethodComponent -Method Get, Post
)

@mdaneri mdaneri marked this pull request as draft February 4, 2025 02:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdaneri @Badgerati