governor/
state.rs

1//! State stores for rate limiters
2
3use std::{marker::PhantomData, prelude::v1::*};
4
5pub mod direct;
6mod in_memory;
7pub mod keyed;
8
9pub use self::in_memory::InMemoryState;
10
11use crate::nanos::Nanos;
12use crate::{clock, Quota};
13use crate::{
14    gcra::Gcra,
15    middleware::{NoOpMiddleware, RateLimitingMiddleware},
16};
17
18pub use direct::*;
19
20/// A way for rate limiters to keep state.
21///
22/// There are two important kinds of state stores: Direct and keyed. The direct kind have only
23/// one state, and are useful for "global" rate limit enforcement (e.g. a process should never
24/// do more than N tasks a day). The keyed kind allows one rate limit per key (e.g. an API
25/// call budget per client API key).
26///
27/// A direct state store is expressed as [`StateStore::Key`] = [`NotKeyed`].
28/// Keyed state stores have a
29/// type parameter for the key and set their key to that.
30pub trait StateStore {
31    /// The type of key that the state store can represent.
32    type Key;
33
34    /// Updates a state store's rate limiting state for a given key, using the given closure.
35    ///
36    /// The closure parameter takes the old value (`None` if this is the first measurement) of the
37    /// state store at the key's location, checks if the request an be accommodated and:
38    ///
39    /// * If the request is rate-limited, returns `Err(E)`.
40    /// * If the request can make it through, returns `Ok(T)` (an arbitrary positive return
41    ///   value) and the updated state.
42    ///
43    /// It is `measure_and_replace`'s job then to safely replace the value at the key - it must
44    /// only update the value if the value hasn't changed. The implementations in this
45    /// crate use `AtomicU64` operations for this.
46    fn measure_and_replace<T, F, E>(&self, key: &Self::Key, f: F) -> Result<T, E>
47    where
48        F: Fn(Option<Nanos>) -> Result<(T, Nanos), E>;
49}
50
51/// A rate limiter.
52///
53/// This is the structure that ties together the parameters (how many cells to allow in what time
54/// period) and the concrete state of rate limiting decisions. This crate ships in-memory state
55/// stores, but it's possible (by implementing the [`StateStore`] trait) to make others.
56#[derive(Debug)]
57pub struct RateLimiter<K, S, C, MW = NoOpMiddleware>
58where
59    S: StateStore<Key = K>,
60    C: clock::Clock,
61    MW: RateLimitingMiddleware<C::Instant>,
62{
63    state: S,
64    gcra: Gcra,
65    clock: C,
66    start: C::Instant,
67    middleware: PhantomData<MW>,
68}
69
70impl<K, S, C, MW> RateLimiter<K, S, C, MW>
71where
72    S: StateStore<Key = K>,
73    C: clock::Clock,
74    MW: RateLimitingMiddleware<C::Instant>,
75{
76    /// Creates a new rate limiter from components.
77    ///
78    /// This is the most generic way to construct a rate-limiter; most users should prefer
79    /// [`direct`] or other methods instead.
80    pub fn new(quota: Quota, state: S, clock: &C) -> Self {
81        let gcra = Gcra::new(quota);
82        let start = clock.now();
83        let clock = clock.clone();
84        RateLimiter {
85            state,
86            clock,
87            gcra,
88            start,
89            middleware: PhantomData,
90        }
91    }
92
93    /// Consumes the `RateLimiter` and returns the state store.
94    ///
95    /// This is mostly useful for debugging and testing.
96    pub fn into_state_store(self) -> S {
97        self.state
98    }
99}
100
101impl<K, S, C, MW> RateLimiter<K, S, C, MW>
102where
103    S: StateStore<Key = K>,
104    C: clock::Clock,
105    MW: RateLimitingMiddleware<C::Instant>,
106{
107    /// Convert the given rate limiter into one that uses a different middleware.
108    pub fn with_middleware<Outer: RateLimitingMiddleware<C::Instant>>(
109        self,
110    ) -> RateLimiter<K, S, C, Outer> {
111        RateLimiter {
112            middleware: PhantomData,
113            state: self.state,
114            gcra: self.gcra,
115            clock: self.clock,
116            start: self.start,
117        }
118    }
119}
120
121#[cfg(feature = "std")]
122impl<K, S, C, MW> RateLimiter<K, S, C, MW>
123where
124    S: StateStore<Key = K>,
125    C: clock::ReasonablyRealtime,
126    MW: RateLimitingMiddleware<C::Instant>,
127{
128    pub(crate) fn reference_reading(&self) -> C::Instant {
129        self.clock.reference_point()
130    }
131}
132
133#[cfg(all(feature = "std", test))]
134mod test {
135    use super::*;
136    use crate::Quota;
137    use all_asserts::assert_gt;
138    use nonzero_ext::nonzero;
139
140    #[test]
141    fn ratelimiter_impl_coverage() {
142        let lim = RateLimiter::direct(Quota::per_second(nonzero!(3u32)));
143        assert_gt!(format!("{:?}", lim).len(), 0);
144    }
145}