search

Kyoso-Team / kyoso

A web application that takes osu! tournaments beyonds spreadsheets.
http://kyoso.sh
GNU Affero General Public License v3.0
1 stars 1 forks source link

Implement rate limiting for tRPC procedures and API routes #24

Closed L-Mario564 closed 3 months ago

L-Mario564 commented 4 months ago

Why?

To lessen the amount of data transferred and processed if any tRPC procedure or API route is abused.

How?

Haven't looked much into this myself, suggestions are welcome.

ArtemOsuskyi commented 4 months ago

Did some research about it, most sources state that it can be done with Redis instance. Upstash provides both Redis and API for rate limiting, so we can easily implement it with these two.

It comes with free plan with daily limit of 10k commands, but if we will encounter traffic increase in the future, we can opt-in for paid plan of (very generous imo) 0.02$ per 100k commands

L-Mario564 commented 4 months ago

Using Upstash in prod sounds like a good option. For development, you think we can install Redis locally and use that? (I assume yes but asking just in case).

Also, do you want to work on a PR for this issue @ArtemOsuskyi?

ArtemOsuskyi commented 4 months ago

I'll look into it a bit further, but I guess it anyway requires an Upstash API key to use it.

Also yeah I'm down to work on it