Proposal: add function to reset a rate limit set by the Rajska.RateLimiter #38
Description
Sometimes is useful to have a way to reset the RateLimiter, e.g. rate limiting the login and be able to clear the rate limit when user resets his password.
For this we can add a function reset(identifier) to the Rajska.RateLimiter module that calls the https://hexdocs.pm/hammer/Hammer.html#delete_buckets/2.
Besides this low level function, we could also have a middleware for this.
Also, another suggestion is to improve the RateLimiter identifier config. Today we have 3 ways of specifying a identifier:
- specifying an
idoption - specifying a
keysoption - not specifying anything and fallbacks to the IP
It would be nice, given the idea to have a middleware for limiting and reseting, do something like this:
field :login, :session do
...
middleware Rajska.RateLimiter, namespace: :login, limit_by: :ip
resolve &AccountsResolver.login/2
end
field :reset_password, :session do
...
resolve &AccountsResolver.reset_password/2
middleware Rajska.RateLimiter.Reset, namespace: :login, limit_by: :ip
endWith this, we are identifying by both an namespace and user IP. I see this useful for readability: we use a namespace to better uderstand that we are limiting in one mutation and reseting in another. Without this, it's still possible to implement, but it's harder to see why that reset is there:
field :login, :session do
...
middleware Rajska.RateLimiter
resolve &AccountsResolver.login/2
end
field :reset_password, :session do
...
resolve &AccountsResolver.reset_password/2
middleware Rajska.RateLimiter.Reset
endThe limit_by could be:
:ip-> uses user IP{:keys, list}-> same waykeysoption today works{:id, any_fixed_id}-> same wayidoption works
The Hammer id built with this, would be something like "query:#{namespace}:#{limit_by}"
What do you guys think?