The purpose of this feature is to allow administrators to selectively control which API calls are throttled, without having to rebuild and deploy a new version every time a throttle is changed.
...
(optional: expiration of throttle rule?? not sure if necessary)
| Code Block | ||
|---|---|---|
| ||
CREATE TABLE `THROTTLE_RULES`(
`THROTTLE_ID` bigint(20) unsignedNOT AUTO_INCREMENT,NULL, -- id of the throttle rule
`NORMALIZED_URI` varchar(256255) NOT NULL, -- normalized api URL, numbers such as {id} replaced with #
`MAX_CALLS` int(20) unsigned NOT NULL, -- maximum number of calls per user per URI per bin
`CALL_PERIOD_IN_SECONDS` int(20) unsigned NOT NULL, -- bin of time in which a user is allowed to make MAX_CALLS API calls.
`MODIFIED_ON` TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, -- Timestamp of when the row was changed. used as an etag for migration
PRIMARY KEY(`THROTTLE_ID`),
UNIQUE (`NORMALIZED_URI`)
); |
...
The NORMALIZED_URI column must be unique since having 2 different throttling rules for the same API call would not make sense(maybe consider making this primary key instead of using numeric id?).
...
For the service specific throttle, the request URI will be normalized using normalizeMethodSignature() in AccessRecordUtils of the Synapse-Warehouse-Records project (move/refactor?).
...
No services. Administrators will update the table in MySQL.
Potential problems
If there are many calls being throttled, the throttle could potentially use up a lot of memory. With N throttled calls and M users, the throttle's map for call counts could have up to M x N entires. Additionally, the map will not remove entries for users that are are no longer making calls so memory will not be freed until an administrator calls clearAllLocks().
Updates to the throttle rules will not immediately take effect because they are only written into the SQL table. The actual enforcement of the throttle will not happen until UserThrottleFilter updates its cached version of the rules.