Skip to main content

Spring Cloud Gateway - Redis Rate Limiter

The Spring Cloud project is part of the Spring ecosystem. It's a way for developers to easily implement services from patterns that were already implemented in a cloud-native mindset that's scalable, resilient and fault-tolerant.

In this article, we're going to go over the implementation of the AbstractRateLimiter; RedisRateLimiter. We'll create an API that greets the user while rate limiting the greetings!

Let's start by creating a new project with three dependencies:
  • spring-cloud-gateway
  • spring-data-redis
  • spring-security
curl https://start.spring.io/starter.zip -d dependencies=cloud-gateway,data-redis,security -d bootVersion=2.0.5.RELEASE -o request-limiter.zip
view raw RedisRateLimiterDemoCreate.sh hosted with ❤ by GitHub

Create a Default user:

@Bean
public MapReactiveUserDetailsService reactiveUserDetailsService() {
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
UserDetails user = User.builder()
.username("test")
.password(encoder.encode("pass"))
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
view raw UserDetailsService.java hosted with ❤ by GitHub

This bean creates a User with default credentials that will be used for rate limiting.

Create a New Route:

@Bean
public RouteLocator routeLocator(RouteLocatorBuilder builder){
return builder.routes()
.route("ratelimited_hello", route -> route
.path("hi")
.uri("http://localhost:8080/hello")
).build();
}
view raw RouteLocator.java hosted with ❤ by GitHub

This route will match whatever URI that has a path "/hi" and will forward the request to "localhost:8080/hello"

Now that we have the RouteLocator handling the request we can try it out.
curl --user test:pass localhost:8080/hi -vv
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'test'
> GET /hi HTTP/1.1
> Host: localhost:8080
> Authorization: Basic dGVzdDpwYXNz
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: application/json;charset=UTF-8
< Content-Length: 108
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1 ; mode=block
<
* Connection #0 to host localhost left intact
{"timestamp":"2018-10-24T02:32:22.758+0000","path":"/hello","status":404,"error":"Not Found","message":null}%
view raw resultredisrate404.txt hosted with ❤ by GitHub

The 404 is because of the request being routed to /hello that doesn't exist.

Create the Rest Controller:


import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class GreetingApiEndpoint {
@RequestMapping("/hello")
public String sayHello(){
return "Hey!";
}
}
view raw GreetingApiEndpoint.java hosted with ❤ by GitHub

If we run the curl command again we get a successful response now that the request can be routed to the destination.
curl --user test:pass localhost:8080/hi -vv
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'test'
> GET /hi HTTP/1.1
> Host: localhost:8080
> Authorization: Basic dGVzdDpwYXNz
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/plain;charset=UTF-8
< Content-Length: 4
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1 ; mode=block
<
* Connection #0 to host localhost left intact
Hey!%
view raw resultredisrate200.txt hosted with ❤ by GitHub

Add the Rate Limiter:

The rate limiter takes two values:
  • replenishRate: The number of requests allowed by a user every second.
  • burstCapacity: The maximum number of requests allowed by a user every second.
To better understand these values check the docs and the algorithm behind the rate limiting.
@Bean
public RedisRateLimiter rateLimiter(){
return new RedisRateLimiter(1,1);
}
view raw redisRateLimiter.java hosted with ❤ by GitHub

Update The Route To Include The Rate Limiter:

@Bean
public RouteLocator routeLocator(RouteLocatorBuilder builder){
return builder.routes()
.route("ratelimited_hello", route -> route
.path("/hi")
.filters(i -> i.requestRateLimiter(j -> j.setRateLimiter(rateLimiter())))
.uri("http://localhost:8080/hello")
).build();
}
view raw redisratelimiterroutelocator.java hosted with ❤ by GitHub
Now when we try the same curl command again we notice three new headers:

  • X-RateLimit-Remaining (Used by clients to throttle their requests) 
  • X-RateLimit-Burst-Capacity (Defined in the rate limiter above)
  • X-RateLimit-Replenish-Rate (Defined in the rate limiter above)
curl --user test:pass localhost:8080/hi -vv
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
* Server auth using Basic with user 'test'
> GET /hi HTTP/1.1
> Host: localhost:8080
> Authorization: Basic dGVzdDpwYXNz
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< X-RateLimit-Remaining: 0
< X-RateLimit-Burst-Capacity: 1
< X-RateLimit-Replenish-Rate: 1
< Content-Type: text/plain;charset=UTF-8
< Content-Length: 4
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1 ; mode=block
<
* Connection #0 to host localhost left intact
Hey!%
view raw resultredisratewithlimit200.txt hosted with ❤ by GitHub

Test The Rate Limiter:

# With Rate Limiting
while;do curl -I --user test:pass localhost:8080/hi;done
# Without Rate Limiting
while;do curl -I --user test:pass localhost:8080/hello;done
view raw testRedisRateLimit.sh hosted with ❤ by GitHub



The code for this is hosted on GitHub: JadCham/spring-redis-ratelimit-demo

If you're interested to learn more about rate limiting take a look at stripe's article on rate limiters.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Thoughts on Microservices

Microservices architecture has proven to be an efficient and clean way to develop fully scalable, fault-tolerant, and highly available applications. Let’s take for instance a simple tech news website that has three microservices. “Service A” is tasked with serving the main website content with a caching layer, “Service B” handles all the subscription and payments through the website, and “Service C” handles serving articles. Let’s go through a couple of benefits that come with adopting a microservices architecture. Scalability One of the main advantages of using microservices is that you can scale each service separately. We’ll go over two scenarios to demonstrate scaling microservices. Scenario 1 It’s 8 AM and everyone is commuting to work. During their commute users check the latest tech news. In this case, users of the website are reading the trending and latest articles on the homepage. “A” will need to scale to handle all the requests coming from the user...
Post a Comment
Read more