Rate limiting

[Changaco]

In order to fix all throttling issues I've been reading up on rate-limiting. Here are the best articles I've found on the subject:

• An alternative approach to rate limiting – Figma Design
• How we built rate limiting capable of scaling to millions of domains - Cloudflare
• Token bucket - Wikipedia

There are various modules on PyPI for rate-limiting and throttling, but there doesn't seem to be any that fits our technology stack. The only data store we have is our PostgreSQL DB, and that's enough to implement rate-limiting in a satisfactory way, we neither need nor want to set up Redis or Memcached.

So, what should be done:

• [x] implement a generic rate limiter which uses PostgreSQL
• [ ] either get it merged into an existing module or create a new package

[Changaco]

https://github.com/alisaifee/limits seems to be the project most likely to accept a pull request for PostgreSQL support.

[Changaco]

For the actual implementation I think a leaky/token bucket is okay, because with PostgreSQL we have transactions for atomic operations, and trying to avoid locks is pointless since every row update requires a lock.

However Cloudflare's algorithm is also worth considering. I'm not sure whether it would be more efficient than a bucket when implemented atop PostgreSQL.

[Changaco]

I've tried to implement both approaches, the leaky bucket is simpler and doesn't seem less efficient.