JoeBussard
commented
2 years ago OK, so this this adds a rate limit of 30 new games per minute. Returns 429 to any user whose new game request is above the rate limit. And looks like it includes error handling if we get a 429 from the UUID generator itself.
A server-wide rate limit is only part of a good rate limit. If our use case is "too many players playing at one time," then this is a viable solution. However, if there is one particular user sending automated requests (maliciously or carelessly or both), friendly users will be punished. An IP-targeted rate limit will be needed if the second use case becomes a problem in the future.
Approved and merged.
Also, increase size of game state cache from 100 to 1000.