<aside> 🚧
Unreleased : This project has not been released to the general public yet, although it is live
</aside>
Flow control is a rate limiting project. The idea is to implement rate limiting in a serverless way - without the need to run any servers or virtual machines. Not everyone can afford to run a dedicated server for rate limiting (me especially) and this project addresses this need.
<aside> ✅
Try It Out - This project is live and protects Shortify.pro - you can test it by rapidly shortening URLs there
</aside>
Service operators register a target with flow control - this is anything which they would like to control the rate of traffic to eg. an api endpoint
Service operators register a rate limit - a schedule of how many requests should be allowed within a given timeframe
As end users access a given target, the service operator makes an api call to register the event of the end users’ ip address accessing the target. The flow control service handles the complexity of keeping records of how many times the ip has accessed the given target, and in what timeframe.
{
"TargetId": "4865d5ba-2cf3-4da1-96c3-20c2ddb9cb8e",
"Source": "127.0.0.1"
}
Service operators make a second api call to flowControl - this call will tell them in boolean terms if a particular traffic source has capacity to make any further requests (including the current one)
false the operator should respond with an HTTP 429 - Too Many Requests headertrue the operator can process the incoming request as normalIn order to prevent excessive malicious traffic causing a spike in Google Cloud Run billing (the back end provider for the services), it is recommended that services sit behind Cloudflare - and to this end:
Here are a list of the services which make up the Flow Control project