feat(comlink): Per-route rate limiters for candles, orders, fills, ... (backport #3199) (#3205)

Added dedicated RateLimiterRedis instances in
src/caches/rate-limiters.ts for:

/orders → ordersRateLimiter
/fills → fillsRateLimiter
/candles → candlesRateLimiter
/sparklines → sparklinesRateLimiter
/historical-pnl → historicalPnlRateLimiter
/pnl → pnlRateLimiter
/fundingPayments → fundingRateLimiter

Each limiter uses its own configurable key prefix and rate parameters.

Extended configSchema with new per-route rate-limit parameters:
RATE_LIMIT_<ENDPOINT>_POINTS
RATE_LIMIT_<ENDPOINT>_DURATION_SECONDS

Each limiter is tested and verified to be configurable

Author: mergify[bot]

indexer/services/comlink/__tests__/lib/rate-limit.test.ts

@@ -11,27 +11,114 @@ export const ratelimitRedis: {
   config.RATE_LIMIT_REDIS_URL, config.REDIS_RECONNECT_TIMEOUT_MS,
 );
 
+export function getDefaultRateLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_GET_POINTS,
+    duration: config.RATE_LIMIT_GET_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/get`,
+  });
+}
+
 // Generic rate limiter for all GET requests, limits per IP
-export const getReqRateLimiter: RateLimiterRedis = new RateLimiterRedis({
-  storeClient: ratelimitRedis.client,
-  points: config.RATE_LIMIT_GET_POINTS,
-  duration: config.RATE_LIMIT_GET_DURATION_SECONDS,
-  keyPrefix: `${config.SERVICE_NAME}/get`,
-});
+export const defaultRateLimiter: RateLimiterRedis = getDefaultRateLimiter();
 
 // Rate-limiter for /screen endpoint querying a compliance provider, limits per IP
-export const screenProviderLimiter: RateLimiterRedis = new RateLimiterRedis({
-  storeClient: ratelimitRedis.client,
-  points: config.RATE_LIMIT_SCREEN_QUERY_PROVIDER_POINTS,
-  duration: config.RATE_LIMIT_SCREEN_QUERY_PROVIDER_DURATION_SECONDS,
-  keyPrefix: `${config.SERVICE_NAME}/screen_providers`,
-});
+export function getScreenProviderLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_SCREEN_QUERY_PROVIDER_POINTS,
+    duration: config.RATE_LIMIT_SCREEN_QUERY_PROVIDER_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/screen_providers`,
+  });
+}
+export const screenProviderLimiter: RateLimiterRedis = getScreenProviderLimiter();
 
 // Rate-limiter for /screen endpoint querying a compliance provider, limits the total calls made
 // across all IPs
-export const screenProviderGlobalLimiter: RateLimiterRedis = new RateLimiterRedis({
-  storeClient: ratelimitRedis.client,
-  points: config.RATE_LIMIT_SCREEN_QUERY_PROVIDER_GLOBAL_POINTS,
-  duration: config.RATE_LIMIT_SCREEN_QUERY_PROVIDER_GLOBAL_DURATION_SECONDS,
-  keyPrefix: `${config.SERVICE_NAME}/screen_providers_global`,
-});
+export function getScreenProviderGlobalLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_SCREEN_QUERY_PROVIDER_GLOBAL_POINTS,
+    duration: config.RATE_LIMIT_SCREEN_QUERY_PROVIDER_GLOBAL_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/screen_providers_global`,
+  });
+}
+export const screenProviderGlobalLimiter: RateLimiterRedis = getScreenProviderGlobalLimiter();
+
+// Rate-limiter for /orders endpoint, limits per IP
+export function getOrdersRateLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_ORDERS_POINTS,
+    duration: config.RATE_LIMIT_ORDERS_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/orders`,
+  });
+}
+export const ordersRateLimiter: RateLimiterRedis = getOrdersRateLimiter();
+
+// Rate-limiter for /fills endpoint, limits per IP
+export function getFillsRateLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_FILLS_POINTS,
+    duration: config.RATE_LIMIT_FILLS_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/fills`,
+  });
+}
+export const fillsRateLimiter: RateLimiterRedis = getFillsRateLimiter();
+
+// Rate-limiter for /candles endpoint, limits per IP
+export function getCandlesRateLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_CANDLES_POINTS,
+    duration: config.RATE_LIMIT_CANDLES_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/candles`,
+  });
+}
+export const candlesRateLimiter: RateLimiterRedis = getCandlesRateLimiter();
+
+// Rate-limiter for /sparklines endpoint, limits per IP
+export function getSparklinesRateLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_SPARKLINES_POINTS,
+    duration: config.RATE_LIMIT_SPARKLINES_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/sparklines`,
+  });
+}
+export const sparklinesRateLimiter: RateLimiterRedis = getSparklinesRateLimiter();
+
+// Rate-limiter for /historical-pnl endpoint, limits per IP
+export function getHistoricalPnlRateLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_HISTORICAL_PNL_POINTS,
+    duration: config.RATE_LIMIT_HISTORICAL_PNL_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/historical_pnl`,
+  });
+}
+export const historicalPnlRateLimiter: RateLimiterRedis = getHistoricalPnlRateLimiter();
+
+// Rate-limiter for /pnl endpoint, limits per IP
+export function getPnlRateLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_PNL_POINTS,
+    duration: config.RATE_LIMIT_PNL_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/pnl`,
+  });
+}
+export const pnlRateLimiter: RateLimiterRedis = getPnlRateLimiter();
+
+// Rate-limiter for /funding endpoint, limits per IP
+export function getFundingRateLimiter(): RateLimiterRedis {
+  return new RateLimiterRedis({
+    storeClient: ratelimitRedis.client,
+    points: config.RATE_LIMIT_FUNDING_POINTS,
+    duration: config.RATE_LIMIT_FUNDING_DURATION_SECONDS,
+    keyPrefix: `${config.SERVICE_NAME}/funding`,
+  });
+}
+export const fundingRateLimiter: RateLimiterRedis = getFundingRateLimiter();

indexer/services/comlink/src/caches/rate-limiters.ts

@@ -57,6 +57,23 @@ export const configSchema = {
   // Expose setting compliance status, only set to true in dev/staging.
   EXPOSE_SET_COMPLIANCE_ENDPOINT: parseBoolean({ default: false }),
 
+  // TODO review and finalize per-route rate limits
+  // Rate limits for costly endpoints
+  RATE_LIMIT_ORDERS_POINTS: parseInteger({ default: 100 }),
+  RATE_LIMIT_ORDERS_DURATION_SECONDS: parseInteger({ default: 10 }),
+  RATE_LIMIT_FILLS_POINTS: parseInteger({ default: 100 }),
+  RATE_LIMIT_FILLS_DURATION_SECONDS: parseInteger({ default: 10 }),
+  RATE_LIMIT_CANDLES_POINTS: parseInteger({ default: 1000 }),
+  RATE_LIMIT_CANDLES_DURATION_SECONDS: parseInteger({ default: 10 }),
+  RATE_LIMIT_SPARKLINES_POINTS: parseInteger({ default: 100 }),
+  RATE_LIMIT_SPARKLINES_DURATION_SECONDS: parseInteger({ default: 10 }),
+  RATE_LIMIT_HISTORICAL_PNL_POINTS: parseInteger({ default: 100 }),
+  RATE_LIMIT_HISTORICAL_PNL_DURATION_SECONDS: parseInteger({ default: 10 }),
+  RATE_LIMIT_PNL_POINTS: parseInteger({ default: 100 }),
+  RATE_LIMIT_PNL_DURATION_SECONDS: parseInteger({ default: 10 }),
+  RATE_LIMIT_FUNDING_POINTS: parseInteger({ default: 100 }),
+  RATE_LIMIT_FUNDING_DURATION_SECONDS: parseInteger({ default: 10 }),
+
   // Affiliates config
   VOLUME_ELIGIBILITY_THRESHOLD: parseInteger({ default: 10_000 }),
 

indexer/services/comlink/src/config.ts

@@ -47,7 +47,7 @@ import {
   Route,
 } from 'tsoa';
 
-import { getReqRateLimiter } from '../../../caches/rate-limiters';
+import { defaultRateLimiter } from '../../../caches/rate-limiters';
 import config from '../../../config';
 import { AccountVerificationRequiredAction, validateSignature, validateSignatureKeplr } from '../../../helpers/compliance/compliance-utils';
 import { complianceAndGeoCheck } from '../../../lib/compliance-and-geo-check';
@@ -378,7 +378,7 @@ class AddressesController extends Controller {
 
 router.get(
   '/:address',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   addressesCacheControlMiddleware,
   ...CheckAddressSchema,
   handleValidationErrors,
@@ -418,7 +418,7 @@ router.get(
 
 router.get(
   '/:address/subaccountNumber/:subaccountNumber',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   addressesCacheControlMiddleware,
   ...CheckSubaccountSchema,
   handleValidationErrors,
@@ -463,7 +463,7 @@ router.get(
 
 router.get(
   '/:address/parentSubaccountNumber/:parentSubaccountNumber',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   addressesCacheControlMiddleware,
   ...CheckParentSubaccountSchema,
   handleValidationErrors,
@@ -563,7 +563,7 @@ router.post(
 
 router.post(
   '/:address/testNotification',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   noCacheControlMiddleware,
   ...CheckAddressSchema,
   handleValidationErrors,

indexer/services/comlink/src/controllers/api/v4/addresses-controller.ts

@@ -16,7 +16,7 @@ import {
   Post,
 } from 'tsoa';
 
-import { getReqRateLimiter } from '../../../caches/rate-limiters';
+import { defaultRateLimiter } from '../../../caches/rate-limiters';
 import config from '../../../config';
 import { AccountVerificationRequiredAction, validateSignature, validateSignatureKeplr } from '../../../helpers/compliance/compliance-utils';
 import { InvalidParamError, NotFoundError, UnexpectedServerError } from '../../../lib/errors';
@@ -282,7 +282,7 @@ class AffiliatesController extends Controller {
 
 router.get(
   '/metadata',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   affiliatesMetadataCacheControlMiddleware,
   ...checkSchema({
     address: {
@@ -322,7 +322,7 @@ router.get(
 
 router.get(
   '/address',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   affiliatesCacheControlMiddleware,
   ...checkSchema({
     referralCode: {
@@ -468,7 +468,7 @@ router.post(
 
 router.get(
   '/snapshot',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   affiliatesCacheControlMiddleware,
   ...checkSchema({
     addressFilter: {
@@ -554,7 +554,7 @@ router.get(
 
 router.get(
   '/total_volume',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   affiliatesCacheControlMiddleware,
   ...checkSchema({
     address: {

indexer/services/comlink/src/controllers/api/v4/affiliates-controller.ts

@@ -23,7 +23,7 @@ import {
   Controller, Get, Query, Route,
 } from 'tsoa';
 
-import { getReqRateLimiter } from '../../../caches/rate-limiters';
+import { defaultRateLimiter } from '../../../caches/rate-limiters';
 import config from '../../../config';
 import { complianceAndGeoCheck } from '../../../lib/compliance-and-geo-check';
 import { NotFoundError } from '../../../lib/errors';
@@ -281,7 +281,7 @@ async function adjustAssetPositionsWithFunding(
 
 router.get(
   '/',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   assetPositionsCacheControlMiddleware,
   ...CheckSubaccountSchema,
   handleValidationErrors,
@@ -324,7 +324,7 @@ router.get(
 
 router.get(
   '/parentSubaccountNumber',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   assetPositionsCacheControlMiddleware,
   ...CheckParentSubaccountSchema,
   handleValidationErrors,

indexer/services/comlink/src/controllers/api/v4/asset-positions-controller.ts

@@ -8,7 +8,7 @@ import {
   Controller, Get, Path, Query, Route,
 } from 'tsoa';
 
-import { getReqRateLimiter } from '../../../caches/rate-limiters';
+import { candlesRateLimiter } from '../../../caches/rate-limiters';
 import config from '../../../config';
 import { handleControllerError } from '../../../lib/helpers';
 import { rateLimiterMiddleware } from '../../../lib/rate-limit';
@@ -52,7 +52,7 @@ class CandleController extends Controller {
 
 router.get(
   '/perpetualMarkets/:ticker',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(candlesRateLimiter),
   candlesCacheControlMiddleware,
   ...CheckLimitSchema,
   ...CheckTickerParamSchema,

indexer/services/comlink/src/controllers/api/v4/candles-controller.ts

@@ -18,7 +18,7 @@ import {
 } from 'tsoa';
 
 import {
-  getReqRateLimiter,
+  defaultRateLimiter,
   screenProviderGlobalLimiter,
   screenProviderLimiter,
 } from '../../../caches/rate-limiters';
@@ -120,7 +120,7 @@ export class ComplianceControllerHelper extends Controller {
 
 router.get(
   '/',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   ...checkSchema({
     address: {
       in: ['query'],

indexer/services/comlink/src/controllers/api/v4/compliance-controller.ts

@@ -24,7 +24,7 @@ import {
   Controller, Get, Path, Route,
 } from 'tsoa';
 
-import { getReqRateLimiter } from '../../../caches/rate-limiters';
+import { defaultRateLimiter } from '../../../caches/rate-limiters';
 import config from '../../../config';
 import { complianceProvider } from '../../../helpers/compliance/compliance-clients';
 import {
@@ -133,7 +133,7 @@ class ComplianceV2Controller extends Controller {
 
 router.get(
   '/screen/:address',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(defaultRateLimiter),
   ...CheckAddressSchema,
   handleValidationErrors,
   ExportResponseCodeStats({ controllerName }),

indexer/services/comlink/src/controllers/api/v4/compliance-v2-controller.ts

@@ -21,7 +21,7 @@ import {
   Controller, Get, Query, Route,
 } from 'tsoa';
 
-import { getReqRateLimiter } from '../../../caches/rate-limiters';
+import { fillsRateLimiter } from '../../../caches/rate-limiters';
 import config from '../../../config';
 import { complianceAndGeoCheck } from '../../../lib/compliance-and-geo-check';
 import { NotFoundError } from '../../../lib/errors';
@@ -183,7 +183,7 @@ class FillsController extends Controller {
 
 router.get(
   '/',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(fillsRateLimiter),
   fillsCacheControlMiddleware,
   ...CheckSubaccountSchema,
   ...CheckLimitAndCreatedBeforeOrAtSchema,
@@ -265,7 +265,7 @@ router.get(
 
 router.get(
   '/parentSubaccountNumber',
-  rateLimiterMiddleware(getReqRateLimiter),
+  rateLimiterMiddleware(fillsRateLimiter),
   fillsCacheControlMiddleware,
   ...CheckParentSubaccountSchema,
   ...CheckLimitAndCreatedBeforeOrAtSchema,