search

Wynncraft / WynncraftAPI

Official Wynncraft Public API (Documentation & Issue Tracker)
https://docs.wynncraft.com/
21 stars 10 forks source link

Rate limit headers inconsistent #1

Open Bedo9041 opened 5 years ago

Bedo9041 commented 5 years ago

It appears that requests to the V2 API don't update the rate limit headers correctly if the same resource is requested multiple times in succession.

First request:

C:\>curl -I -L -X GET https://api.wynncraft.com/v2/player/_Bedo_/stats
HTTP/1.1 200 OK
Date: Fri, 12 Apr 2019 23:38:25 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 11963
Connection: keep-alive
Set-Cookie: __cfduid=d5fa0fb34f6d5276877df1a54d3bb621b1555112305; expires=Sat, 11-Apr-20 23:38:25 GMT; path=/; domain=.wynncraft.com; HttpOnly
X-Powered-By: Express
X-RateLimit-Limit: 750
X-RateLimit-Remaining: 749
X-RateLimit-Reset: 1555113754
X-Request-Id: 63238e73-fa99-4c05-87e3-991c03df986d
Access-Control-Allow-Origin: *
ETag: W/"2ebb-ymxMD1OdQEj0a5ALbQiuWiRkNqs"
cache-control: max-age=600
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4c6908a49e4bce21-LHR

Second request:

C:\>curl -I -L -X GET https://api.wynncraft.com/v2/player/_Bedo_/stats
HTTP/1.1 200 OK
Date: Fri, 12 Apr 2019 23:38:30 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 11963
Connection: keep-alive
Set-Cookie: __cfduid=d359ec6fc8eb5a94b579090e3cdbaa9511555112310; expires=Sat, 11-Apr-20 23:38:30 GMT; path=/; domain=.wynncraft.com; HttpOnly
x-powered-by: Express
x-ratelimit-limit: 750
x-ratelimit-remaining: 749
x-ratelimit-reset: 1555113754
x-request-id: 63238e73-fa99-4c05-87e3-991c03df986d
access-control-allow-origin: *
etag: W/"2ebb-ymxMD1OdQEj0a5ALbQiuWiRkNqs"
cache-control: max-age=595
apicache-store: memory
apicache-version: 1.4.0
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4c6908c69b633578-LHR

Third request:

C:\>curl -I -L -X GET https://api.wynncraft.com/v2/player/_Bedo_/stats
HTTP/1.1 200 OK
Date: Fri, 12 Apr 2019 23:38:40 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 11963
Connection: keep-alive
Set-Cookie: __cfduid=dc80c2c8861f3c3d7dda29c66c8f094ed1555112320; expires=Sat, 11-Apr-20 23:38:40 GMT; path=/; domain=.wynncraft.com; HttpOnly
x-powered-by: Express
x-ratelimit-limit: 750
x-ratelimit-remaining: 749
x-ratelimit-reset: 1555113754
x-request-id: 63238e73-fa99-4c05-87e3-991c03df986d
access-control-allow-origin: *
etag: W/"2ebb-ymxMD1OdQEj0a5ALbQiuWiRkNqs"
cache-control: max-age=585
apicache-store: memory
apicache-version: 1.4.0
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4c6909031848ce31-LHR

New request to different resource - header is updated to include all previous requests:

C:\>curl -I -L -X GET https://api.wynncraft.com/v2/player/_Bedtwo_/stats
HTTP/1.1 200 OK
Date: Fri, 12 Apr 2019 23:38:45 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1872
Connection: keep-alive
Set-Cookie: __cfduid=d71c83e91f5ce92ecea159d5810b5f9d31555112324; expires=Sat, 11-Apr-20 23:38:44 GMT; path=/; domain=.wynncraft.com; HttpOnly
X-Powered-By: Express
X-RateLimit-Limit: 750
X-RateLimit-Remaining: 746
X-RateLimit-Reset: 1555113754
X-Request-Id: 35cf152d-8b8b-4882-b9f5-9e74c30d6969
Access-Control-Allow-Origin: *
ETag: W/"750-dvKqZXSSc2FlGd3mugKNxMzUYGM"
cache-control: max-age=600
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4c69091f1a8dce21-LHR

Requests to the V1 API seem to have headers more inconsistent than V2.

First request:

C:\>curl -I -L -X GET https://api.wynncraft.com/public_api.php?action=territoryList
HTTP/1.1 200 OK
Date: Sat, 13 Apr 2019 00:02:04 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 73961
Connection: keep-alive
Set-Cookie: __cfduid=d6db8683240df6646baddea443b3039f31555113724; expires=Sun, 12-Apr-20 00:02:04 GMT; path=/; domain=.wynncraft.com; HttpOnly
x-powered-by: Express
x-ratelimit-limit: 1200
x-ratelimit-remaining: 1199
x-ratelimit-reset: 1555114371
access-control-allow-origin: *
etag: W/"120e9-XYwpFhtJOk0BpYY30uG6zy1wub4"
apicache-store: memory
apicache-version: 1.2.3
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4c692b4a0c4e356c-LHR

Second request - remaining rate limit doesn't change, reset time does:

C:\>curl -I -L -X GET https://api.wynncraft.com/public_api.php?action=territoryList
HTTP/1.1 200 OK
Date: Sat, 13 Apr 2019 00:02:26 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 73961
Connection: keep-alive
Set-Cookie: __cfduid=d8a0efd59098e60ab37ba327b569eeaa71555113744; expires=Sun, 12-Apr-20 00:02:24 GMT; path=/; domain=.wynncraft.com; HttpOnly
X-Powered-By: Express
X-RateLimit-Limit: 1200
X-RateLimit-Remaining: 1199
X-RateLimit-Reset: 1555114225
Access-Control-Allow-Origin: *
ETag: W/"120e9-hnlW6GPpb8rKKn6UDZFLLl4oBoU"
cache-control: max-age=30
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4c692bc58d43357e-LHR

Third request - remaining rate limit decreases by one, when two requests have been made and reset time change back to the same as the first request:

C:\>curl -I -L -X GET https://api.wynncraft.com/public_api.php?action=territoryList
HTTP/1.1 200 OK
Date: Sat, 13 Apr 2019 00:02:34 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 73961
Connection: keep-alive
Set-Cookie: __cfduid=dfa57eba05fb9b8b33e8f075276e71ece1555113751; expires=Sun, 12-Apr-20 00:02:31 GMT; path=/; domain=.wynncraft.com; HttpOnly
X-Powered-By: Express
X-RateLimit-Limit: 1200
X-RateLimit-Remaining: 1198
X-RateLimit-Reset: 1555114371
Access-Control-Allow-Origin: *
ETag: W/"120e9-kT52ExYv7ZYz07r9qSoVO/WXyGs"
cache-control: max-age=30
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4c692bf47d1fce41-LHR

Fourth request - remaining rate limit jumps down significantly, reset time changes to match second request

C:\>curl -I -L -X GET https://api.wynncraft.com/public_api.php?action=territoryList
HTTP/1.1 200 OK
Date: Sat, 13 Apr 2019 00:02:59 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 73961
Connection: keep-alive
Set-Cookie: __cfduid=dd383de936318514d04729ff010c53f3f1555113779; expires=Sun, 12-Apr-20 00:02:59 GMT; path=/; domain=.wynncraft.com; HttpOnly
x-powered-by: Express
x-ratelimit-limit: 1200
x-ratelimit-remaining: 1139
x-ratelimit-reset: 1555114225
access-control-allow-origin: *
etag: W/"120e9-UEcIya8KWBidzF3l2/mDTOf9V0g"
apicache-store: memory
apicache-version: 1.2.3
X-XSS-Protection: 1; mode=block
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4c692ca38efc3578-LHR

It's also worth noting that the headers seem to change between using x-ratelimit-... and x-RateLimit-...

colinrioux commented 5 years ago

For v2 Player-API, Player data is cached for 10 minutes per username. Likely it'll be decreased in the future, but for now that is why it does not count as a decrease in rate.

Will be keeping this issue open and locked as it is a legacy bug, though, when v2 is complete, those rates will be fixed.