#585 #1229 #1598 #1915 Rate limiting global configuration

[MiladRv]

Closes #585 #1229 #1915

• Support Global configuration of load balancer and rate limiting options etc for ReRoutes #585
• Global rate limiting for all, multiple routes instead of every route #1229
• Rate limiter not working #1598
• Apply rate limiting globally  #1915

Proposed Changes

This PR implements global rate limiting per #1229.

• Adds new GlobalRateLimitOptions in Configuration
• Adds new FileGlobalConfiguration in File

[coveralls]

coverage: 85.256% (-0.7%) from 85.965%
when pulling 4dd103f on MiladRv:feature/add-global-rate-limit
into 0b794b3 on ThreeMammals:develop.

[raman-m]

Hello, Milad!
Thank you for this great PR! I'll be reviewing the code shortly...
However, since Coveralls has reported a decrease in coverage by -0.7%, we need to write unit tests—ideally covering all new code. Unit tests are a crucial part of our development process ❕ Read points 4 and 5.

[raman-m]

Yellow card penalty! 🟨

Thank once again for submitting this PR However, after the code review, I consider it a draft.
The primary concern is the lack both unit and acceptance tests ❗
While your intention to add documentation is appreciated, please note that documentation should be written upon the completion of the code (at the end of development).

Several minor but important issues need to be addressed as listed below 👇

1. I recommend starting with the file models design.
2. Please be aware that the linked #1229 issue requires grouping routes by a key. Prioritize this type of grouping initially, and upon completion, proceed with the Patterns concept.
3. Presenting your ideas using patterns and method grouping is also necessary. However, I do not support your idea of including the "Methods" feature, as it mixes concerns.

P.S. I will provide my vision of the model's design at a later stage.
P.P.S. I anticipate several rounds of code review. However, this feat has high priority, and I will support you through multiple pair-programming sessions.
P.P.P.S. Other members from the Ocelot development team could review this PR and provide separate code feedback 😉
Life, indeed, not easy 😛

[raman-m]

To which section does it belong?
It would be preferable to display hierarchy within the GlobalConfiguration section.

[raman-m]

Is grouping based on path patterns your idea? 🤔
It seems this approach was not discussed in #1229, where @neetra requested Ocelot’s standard method of grouping based on keys, aka the Key property of a route.
Therefore, grouping by a pattern appears to be a more advanced approach. That said, I have no objections to introducing this feature, provided that grouping by a key is implemented as well.

[raman-m]

1. The property is defined to return IEnumerable<FileGlobalRateLimit>, but in the constructor, you assign it as List<FileGlobalRateLimit> ❗ This approach is suboptimal for performance. Please note that File* models contain deeply encapsulated data and properties. Thus, it is advisable define a more specific type, with options being List<T> and Dictionary<TK, TV>.

2. Another concern arises. Why is the "Global" prefix used in the name of a property that is already part of GlobalConfiguration? Kindly rename the property by omitting the "Global" prefix.

[raman-m]

The creator's logic heavily relies on the chosen models. Therefore, I am postponing this class review until we reach an agreement on the model design.

[raman-m]

No actual changes, but see a GitHub diff. Why? Line endings?
Avoid altering line endings (EOL) if you are not making any changes to the line.
Ensure that you understand the EOL Gotchas in the development process.

[raman-m]

Pardon me? Why methods?
Are you genuinely suggesting implementing rate limiting based on a method? Astonishing!

[raman-m]

You propose to use Pattern property for grouping routes to apply the rule. 👌
I suggest defining this property within the FileRateLimitOptions. However, the final design of the models requires further discussion.

[raman-m]

The Methods property appears to be a new feature ❕
Please remove all code associated with methods until the idea is implemented using patterns.
First, fully develop the feature and deliver it to the develop branch with complete code.

[raman-m]

No changes detected! This file was mistakenly included in a commit. I will assist you in removing files with such fictitious changes caused by end-of-line (EOL).

[raman-m]

Conducting manual tests a valuable practice during development. However, Ocelot team doesn't accept pull requests without accompanying acceptance tests. Therefore, it is essential to create comprehensive tests that demonstrate the proper functionality of your feature.

P.S. Acceptance tests should be added to the RateLimiting folder.

[ggnaegi]

@raman-m Looking at the code, please don't merge

[raman-m]

@raman-m Looking at the code, please don't merge

@ggnaegi LoL 😆 Don't worry! In my opinion, this PR is of poor quality, so I don’t think it will be merged until June. I've requested changes, but I have no idea when the author will start fixing them. Yes, please review 🙏 FYI, the author hasn't implemented grouping by a key as we do in the multiplexer. However, issue #1229 requires this, yet the author ignored the requirements and implemented their own ideas.

The main issue with this PR is the design of the file models. Another concern is the inclusion of multiple proposed features. I don’t want to introduce models that will be either useless or difficult to maintain.

[raman-m]

@MiladRv Hi Milad !
When do you plan to begin addressing the code review issues?

[MiladRv]

@raman-m Hi Raman,
Thanks for your time to review my changes, I'll fix them ASAP.

[raman-m]

I am pleased to welcome your return to development 👍
Based on the feedback from my code review, I suggest concentrating on the design of the models.

OK We have this documentation → Global Configuration
The JSON issue lies in the different types of rate limiting. At present, Ocelot implements rate limiting based on the client's header. In the near future—hopefully within this year—we aim to introduce rate limiting based on the client's IP. I propose separating these types of rate limiting in this pull request, as it is a task that should be prioritized and completed ASAP.

1. Preserve RateLimitOptions for dynamic routing to maintain backward compatibility, while considering potential improvements. Refer to point 2 for static routing and grouping.
2. Introduce new RateLimiting section →

"GlobalConfiguration": {
  // This is the old section for dynamic routing with service discovery
  "RateLimitOptions": {
    "ClientIdHeader": "MyRateLimiting",
    "DisableRateLimitHeaders": false,
    "HttpStatusCode": 418, // I'm a teapot
    "QuotaExceededMessage": "Customize Tips!",
    "RateLimitCounterPrefix": "ocelot"
  },
  // I propose the following section ->
  "RateLimiting": {
    "ByHeader": {},
    "ByMethod": {},
    "ByIP": {},
    "ByAspNet": {},
    // and more...
    // Common props should go here ->
    "StatusCode": 418,
    "Message": "Customize Tips!",
    "CounterPrefix": "rate-limiting",
    // Also I propose to add separate metadata section
    "Metadata": {}
  }
}

Please share your thoughts regarding the new design of the section.

[RaynaldM]

Suggested change

	.ToList();
	.ToArray();

[RaynaldM]

the property is init-only, so it's presumed immutable, and in this case, I think an IReadOnlyCollection would be more appropriate

[raman-m]

Correct! However, in such cases of collection, we use IList, IDictionary or Array objects.

[RaynaldM]

Suggested change

	public int HttpStatusCode { get; init; }= 429;
	public int HttpStatusCode { get; init; }= HttpStatusCode.TooManyRequests;

[RaynaldM]

Suggested change

	public HashSet<string> Methods { get; init; }
	public IReadOnlySet<string> Methods { get; init; }

[raman-m]

Apologies! Is it truly necessary to hash sets in this context? believe a straightforward collection, such as a List, could suffice.
This property is initialized by the framework's configuration provider, either JSON data or the internal storage of the provider. The specific collection type that will be assigned here remains unknown: it is needed to debug in run-time.

Another point, it seems we must remove Methods entirely. This is a mixing concerns issue I mentioned in my review feedback. The author did not implement the requirement from the linked issue and began implementing their own ideas. I believe this approach leads to coding inefficiency. Therefore, we must remove all code related to Methods and reintroduce it in upcoming PRs as a new feature.

[raman-m]

@yjorayev Welcome to code review!
Please write a short message here.
My understanding is that this PR should be merged first because we will develop a universal model schema for the RateLimiting JSON section. For ASP.NET rate limiting I propose to configure with ByAspNet subsection.

[raman-m]

@MiladRv wrote on May 23

@raman-m Hi Raman, Thanks for your time to review my changes, I'll fix them ASAP.

Milad, when you mention "ASAP," could you provide us with a timeline for your feedback or commits?
FYI Our Development Process → Best Practices → Remain online after submitting a pull request ❕
Are you busy?

[yjorayev]

If I understood the feature correctly, this is a rate limiter that only applies if a route does not have an explicit rate limiter configured. In that case would it make sense to have "fallback" in the name? Maybe FallbackRateLimitingRules?

[raman-m]

The property names are excessively long, necessitating a larger JSON file!

FYI, I will be handling this PR because it seems the author doesn't care about their piece of coding art. My proposal for the JSON schema in the global section is the RateLimiting subsection which will describe multiple types of limiters.

[yjorayev]

I recommend to keep interfaces and implementations separate: each in its own file.

[raman-m]

Fair enough! The interface will be moved to a separate file.

[yjorayev]

Not sure how I feel about return in ctor 😆

[raman-m]

I have pointed out the same problem of implementing business logic inside the constructor... However, the author continues to soar within the realm of his dreams... 😄
I will address this design issue when I begin working on this pull request.

[raman-m]

Red card penalty 🟥

@MiladRv Milad,
You have received a red card 🟥 penalty because earlier, you got a yellow 🟨 one 2 weeks ago! 😜
Could you kindly begin addressing the review issues? Otherwise, the Ocelot team will take over this PR themselves.