Limit the absolute number of calls in a given time frame without rate limit
mstn opened this issue · 5 comments
Hi, nice work. I would like to extend this package in order to cover another case. However, I wanted to discuss with you before to understand if it makes sense or if it is already on your roadmap.
I would like to limit the number of calls per connection of a given method to a fixed daily/hourly number. For example, "methodA" can be invoked at most three times in an hour. I do not think this case can be reduced to the existing ones because I do not want to limit how often "free calls" are fired. One can spend his three calls in few milliseconds without no rate limit.
A case study could be a freemium service.
Does it make sense?
Started to work on the new wrapper here https://github.com/mstn/meteor-easy-security.
Not yet ready for pull request.
so, I actually wanted to answer you. I don't think that this functionality should be handled within easy-security, since you can implement the functionality yourself and it doesn't add to the security aspect of an app to me, since you want to ignore the rate-limiting on those methods. But I'm always open to discussion and maybe you got good reasons why to do it.
I understand what you mean. The reason why I need this wrapper has not much to do with security. However, it could make sense also for security. For example, a common technique in security (e.g. Fail2Ban) is to ban IP addresses for a timeframe if they make too many "calls". Of course, EasySecurity is not an alternative to firewalls, but maybe it could make sense anyway.
I think a good idea is to have this functionality as a additional option to limit actions in your app. I think that this feature needs to be thoughtful implemented, but I'm more than happy to take a look at your PR.
Closing this issue since the package is deprecated.