Merge pull request #90 from oslabs-beta/fw/fixedWindow

Fw/fixed window

Author: feiw101

src/@types/rateLimit.d.ts

@@ -24,11 +24,13 @@ export interface RedisBucket {
     timestamp: number;
 }
 
-export interface RedisWindow {
+export interface FixedWindow {
     currentTokens: number;
-    previousTokens: number;
     fixedWindowStart: number;
 }
+export interface RedisWindow extends FixedWindow {
+    previousTokens: number;
+}
 
 export type RedisLog = RedisBucket[];
 

src/rateLimiters/fixedWindow.ts

@@ -0,0 +1,134 @@
+import Redis from 'ioredis';
+import { RateLimiter, RateLimiterResponse, FixedWindow as Window } from '../@types/rateLimit';
+
+/**
+ * The FixedWindow instance of a RateLimiter limits requests based on a unique user ID and a fixed time window.
+ * Whenever a user makes a request the following steps are performed:
+ *  1. Define the time window with fixed amount of queries.
+ *  2. Update the timestamp of the last request.
+ *  3. Allow the request and decrease the allowed amount of requests if the user has enough at this time window.
+ *  4. Otherwise, disallow the request until the next time window opens.
+ */
+
+class FixedWindow implements RateLimiter {
+    private capacity: number;
+
+    private windowSize: number;
+
+    private client: Redis;
+
+    /**
+     * Create a new instance of a FixedWindow rate limiter that can be connected to any database store
+     * @param capacity max requests capacity in one time window
+     * @param windowSize rate at which the token bucket is refilled
+     * @param client redis client where rate limiter will cache information
+     */
+
+    constructor(capacity: number, windowSize: number, client: Redis) {
+        this.capacity = capacity;
+        this.windowSize = windowSize;
+        this.client = client;
+        if (windowSize <= 0 || capacity <= 0)
+            throw Error('FixedWindow windowSize and capacity must be positive');
+    }
+
+    /**
+     * @function processRequest - Fixed Window algorithm to allow or block
+     * based on the depth/complexity (in amount of tokens) of incoming requests.
+     *               Fixed Window
+     *     _________________________________
+     *    |         *full capacity          |
+     *    |                                 |  move to next time window
+     *    |    token adds up until full     |       ---------->
+     *____._________________________________.____
+     *    |<--        window size        -->|
+     *current timestamp              next timestamp
+     *
+     * First, checks if a window exists in the redis cache.
+     * If not, then `fixedWindowStart` is set as the current timestamp, and `currentTokens` is checked against `capacity`.
+     * If enough room exists for the request, returns success as true and tokens as how many tokens remain in the current fixed window.
+     *
+     * If a window does exist in the cache, we first check if the timestamp is greater than the fixedWindowStart + windowSize.
+     * If it isn't, we update currentToken with the incoming token until reach the capcity
+     *
+     * @param {string} uuid - unique identifer used to throttle requests
+     * @param {number} timestamp - time the request was recieved
+     * @param {number} [tokens=1]  - complexity of the query for throttling requests
+     * @return {*}  {Promise<RateLimiterResponse>}
+     * @memberof FixedWindow
+     */
+    async processRequest(
+        uuid: string,
+        timestamp: number,
+        tokens = 1
+    ): Promise<RateLimiterResponse> {
+        // set the expiry of key-value pairs in the cache to 24 hours
+        const keyExpiry = 86400000;
+
+        // attempt to get the value for the uuid from the redis cache
+        const windowJSON = await this.client.get(uuid);
+
+        if (windowJSON === null) {
+            const newUserWindow: Window = {
+                currentTokens: tokens > this.capacity ? 0 : tokens,
+                fixedWindowStart: timestamp,
+            };
+
+            if (tokens > this.capacity) {
+                await this.client.setex(uuid, keyExpiry, JSON.stringify(newUserWindow));
+                return { success: false, tokens: this.capacity };
+            }
+            await this.client.setex(uuid, keyExpiry, JSON.stringify(newUserWindow));
+            return { success: true, tokens: this.capacity - newUserWindow.currentTokens };
+        }
+        const window: Window = await JSON.parse(windowJSON);
+
+        const updatedUserWindow = this.updateTimeWindow(window, timestamp);
+        updatedUserWindow.currentTokens += tokens;
+        // update the currentToken until reaches its capacity
+        if (updatedUserWindow.currentTokens > this.capacity) {
+            updatedUserWindow.currentTokens -= tokens;
+            return {
+                success: false,
+                tokens: this.capacity - updatedUserWindow.currentTokens,
+            };
+        }
+
+        // update a new time window, check the current capacity situation
+        // if (tokens > this.capacity) {
+        //     await this.client.setex(uuid, keyExpiry, JSON.stringify(updatedUserWindow));
+        //     return { success: false, tokens: this.capacity };
+        // }
+        await this.client.setex(uuid, keyExpiry, JSON.stringify(updatedUserWindow));
+        return {
+            success: true,
+            tokens: this.capacity - updatedUserWindow.currentTokens,
+        };
+    }
+
+    /**
+     * Resets the rate limiter to the intial state by clearing the redis store.
+     */
+    public reset(): void {
+        this.client.flushall();
+    }
+
+    private updateTimeWindow = (window: Window, timestamp: number): Window => {
+        const updatedUserWindow: Window = {
+            currentTokens: window.currentTokens,
+            fixedWindowStart: window.fixedWindowStart,
+        };
+        if (timestamp >= window.fixedWindowStart + this.windowSize) {
+            if (timestamp >= window.fixedWindowStart + this.windowSize * 2) {
+                updatedUserWindow.fixedWindowStart = timestamp;
+                updatedUserWindow.currentTokens = 0;
+            } else {
+                updatedUserWindow.fixedWindowStart = window.fixedWindowStart + this.windowSize;
+                updatedUserWindow.currentTokens = 0;
+            }
+        }
+        return updatedUserWindow;
+    };
+}
+
+export default FixedWindow;

test/rateLimiters/fixedWindow.test.ts

@@ -0,0 +1,171 @@
+import * as ioredis from 'ioredis';
+import { FixedWindow as Window } from '../../src/@types/rateLimit';
+import FixedWindow from '../../src/rateLimiters/fixedWindow';
+
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const RedisMock = require('ioredis-mock');
+
+const CAPACITY = 10;
+const WINDOW_SIZE = 6000;
+
+let limiter: FixedWindow;
+let client: ioredis.Redis;
+let timestamp: number;
+const user1 = '1';
+const user2 = '2';
+const user3 = '3';
+
+async function getWindowFromClient(redisClient: ioredis.Redis, uuid: string): Promise<Window> {
+    const res = await redisClient.get(uuid);
+    // if no uuid is found, return -1 for tokens and timestamp, which are both impossible
+    if (res === null) return { currentTokens: -1, fixedWindowStart: -1 };
+    return JSON.parse(res);
+}
+
+async function setTokenCountInClient(
+    redisClient: ioredis.Redis,
+    uuid: string,
+    currentTokens: number,
+    fixedWindowStart: number
+) {
+    const value: Window = { currentTokens, fixedWindowStart };
+    await redisClient.set(uuid, JSON.stringify(value));
+}
+describe('Test FixedWindow Rate Limiter', () => {
+    beforeEach(async () => {
+        client = new RedisMock();
+        limiter = new FixedWindow(CAPACITY, WINDOW_SIZE, client);
+        timestamp = new Date().valueOf();
+    });
+    describe('FixedWindow returns correct number of tokens and updates redis store as expected', () => {
+        describe('after an ALLOWED request...', () => {
+            afterEach(() => {
+                client.flushall();
+            });
+            test('current time window has no token initially', async () => {
+                // zero token used in this time window
+                const withdraw5 = 5;
+                expect((await limiter.processRequest(user1, timestamp, withdraw5)).tokens).toBe(
+                    CAPACITY - withdraw5
+                );
+                const tokenCountFull = await getWindowFromClient(client, user1);
+                expect(tokenCountFull.currentTokens).toBe(5);
+            });
+            test('reached 40% capacity in current time window and still can pass request', async () => {
+                const initial = 5;
+                await setTokenCountInClient(client, user2, initial, timestamp);
+                const partialWithdraw = 2;
+                expect(
+                    (
+                        await limiter.processRequest(
+                            user2,
+                            timestamp + WINDOW_SIZE * 0.4,
+                            partialWithdraw
+                        )
+                    ).tokens
+                ).toBe(CAPACITY - initial - partialWithdraw);
+
+                const tokenCountPartial = await getWindowFromClient(client, user2);
+                expect(tokenCountPartial.currentTokens).toBe(initial + partialWithdraw);
+            });
+
+            test('window is partially full and request has no leftover tokens', async () => {
+                const initial = 6;
+                const partialWithdraw = 4;
+                await setTokenCountInClient(client, user2, initial, timestamp);
+                expect(
+                    (await limiter.processRequest(user2, timestamp, partialWithdraw)).success
+                ).toBe(true);
+                expect(
+                    (await limiter.processRequest(user2, timestamp, partialWithdraw)).tokens
+                ).toBe(0);
+            });
+
+            test('window is partially full and request exceeds tokens in availability', async () => {
+                const initial = 6;
+                const partialWithdraw = 5;
+                await setTokenCountInClient(client, user2, initial, timestamp);
+                expect(
+                    (await limiter.processRequest(user2, timestamp, partialWithdraw)).success
+                ).toBe(false);
+                expect(
+                    (await limiter.processRequest(user2, timestamp, partialWithdraw)).tokens
+                ).toBe(4);
+            });
+        });
+        describe('after a BLOCKED request...', () => {
+            afterEach(() => {
+                client.flushall();
+            });
+            test('initial request is greater than capacity', async () => {
+                // expect remaining tokens to be 10, b/c the 11 token request should be blocked
+                expect((await limiter.processRequest(user1, timestamp, 11)).success).toBe(false);
+                // expect current tokens in the window to still be 0
+                expect((await getWindowFromClient(client, user1)).currentTokens).toBe(0);
+            });
+            test('window is partially full but not enough time elapsed to reach new window', async () => {
+                const requestedTokens = 9;
+
+                await setTokenCountInClient(client, user2, requestedTokens, timestamp);
+                // expect remaining tokens to be 1, b/c the 2-token-request should be blocked
+                const result = await limiter.processRequest(user2, timestamp + WINDOW_SIZE - 1, 2);
+
+                expect(result.success).toBe(false);
+                expect(result.tokens).toBe(1);
+
+                // expect current tokens in the window to still be 9
+                expect((await getWindowFromClient(client, user2)).currentTokens).toBe(9);
+            });
+        });
+        describe('updateTimeWindow function works as expect', () => {
+            afterEach(() => {
+                client.flushall();
+            });
+            test('New window is initialized after reaching the window size', async () => {
+                const fullRequest = 10;
+                await setTokenCountInClient(client, user3, fullRequest, timestamp);
+                const noAccess = await limiter.processRequest(
+                    user3,
+                    timestamp + WINDOW_SIZE - 1,
+                    2
+                );
+
+                // expect not passing any request
+                expect(noAccess.tokens).toBe(0);
+                expect(noAccess.success).toBe(false);
+
+                const newRequest = 1;
+                expect(
+                    (await limiter.processRequest(user3, timestamp + WINDOW_SIZE, newRequest))
+                        .success
+                ).toBe(true);
+                const count = await getWindowFromClient(client, user3);
+                expect(count.currentTokens).toBe(1);
+            });
+            test('Request will be passed after two window sizes', async () => {
+                const fullRequest = 10;
+                await setTokenCountInClient(client, user3, fullRequest, timestamp);
+                const noAccess = await limiter.processRequest(
+                    user3,
+                    timestamp + WINDOW_SIZE - 1,
+                    2
+                );
+
+                // expect not passing any request
+                expect(noAccess.tokens).toBe(0);
+                expect(noAccess.success).toBe(false);
+
+                const newRequest = 6;
+                // check if current time is over one window size
+                const newAccess = await limiter.processRequest(
+                    user3,
+                    timestamp + WINDOW_SIZE * 2,
+                    newRequest
+                );
+
+                expect(newAccess.tokens).toBe(4);
+                expect(newAccess.success).toBe(true);
+            });
+        });
+    });
+});