You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+27Lines changed: 27 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -99,3 +99,30 @@ Notes:
99
99
- If multiple ratelimits match a request path, all must allow the request; the strictest rule will effectively apply.
100
100
- If requests or burst are set to 0 or negative, safe defaults are used (requests defaults to 1; burst defaults to requests).
101
101
- If per is omitted or 0, it defaults to 1s.
102
+
103
+
### L402-scoped rate limiting
104
+
105
+
In addition to path-based limits, Aperture now enforces rate limits on a
106
+
per-L402 key basis when an authenticated L402 request is present.
107
+
108
+
How it works:
109
+
- Key derivation: For requests that include L402 auth headers, Aperture extracts the preimage (via Authorization, Grpc-Metadata-Macaroon, or Macaroon headers) and derives a stable key from the preimage hash. Each unique L402 key gets its own token bucket for every matching rate limit rule.
110
+
- Fallback to global: If no L402 key can be derived (unauthenticated or missing preimage), the rule’s global limiter is used for all such requests.
111
+
- Multiple matching rules: If multiple rate limit entries match a path, each rule is checked independently per L402 key; the request must pass all of them.
- Grpc-Metadata-Macaroon: "<macHex>" (preimage is read from macaroon caveat).
116
+
- Macaroon: "<macHex>" (preimage is read from macaroon caveat).
117
+
118
+
Operational notes:
119
+
- Isolation: Authenticated users (distinct L402 keys) do not interfere with each other’s token buckets. A surge from one key won’t consume tokens of another.
120
+
- Unauthenticated traffic: Shares the global bucket per rule. Heavy unauthenticated traffic can still be throttled by the global limiter.
121
+
- Memory/scale: Per-key limiters are kept in an in-memory map per process and currently do not expire. In high-churn environments with many unique L402 keys, this may grow over time. Consider process restarts or external rate-limiting if necessary.
122
+
- Retry-After: When throttled, Aperture computes a suggested delay without consuming a token and sets Retry-After accordingly (minimum 1s), enabling clients to back off.
123
+
124
+
Example scenario:
125
+
- Suppose a rule allows 5 rps (burst 5) for path
126
+
"^/looprpc.SwapServer/LoopOutQuote.*$". Two different L402 users (A and B)
127
+
each get their own 5 rps budget. Unauthenticated requests to the same path
0 commit comments