I would like to use say 2 accesses per 15 seconds limit as you have in the example code, plus a 250 accesses per 24 hours limit as well. That would hinder faster DOS-style abuse and slower scraper-style abuse as well, while still enabling normal human use.
What would be the best way to do this? I could create two limiters and use the same user key, but if I do that, should it be a limit of 2x250 (ie 500) because the accesses will be recorded twice on that key? I probably don't want to double up on keys and double my storage cost instead. Maybe you know a better way.
This example shows what a more advanced usage scenario would be, although the code isn't as refined as your library.
Also btw is there any way of limiting how many user accounts an IP address can create in a hour? There's a disabled flag on the account, and theres the onCreate trigger from firebase auth...but I don't see that it offers access to the ip address for me to use a limiter keyed on that...and I'd rather not use the REST API for auth.
Thanks for your assistance on this! Great work on this, code is exemplary.
Thanks so much for this useful tool!
I would like to use say 2 accesses per 15 seconds limit as you have in the example code, plus a 250 accesses per 24 hours limit as well. That would hinder faster DOS-style abuse and slower scraper-style abuse as well, while still enabling normal human use.
What would be the best way to do this? I could create two limiters and use the same user key, but if I do that, should it be a limit of 2x250 (ie 500) because the accesses will be recorded twice on that key? I probably don't want to double up on keys and double my storage cost instead. Maybe you know a better way.
This example shows what a more advanced usage scenario would be, although the code isn't as refined as your library.
Also btw is there any way of limiting how many user accounts an IP address can create in a hour? There's a disabled flag on the account, and theres the onCreate trigger from firebase auth...but I don't see that it offers access to the ip address for me to use a limiter keyed on that...and I'd rather not use the REST API for auth.
Thanks for your assistance on this! Great work on this, code is exemplary.