Implement a Configurable Rate Limiter Middleware
Implement a multi-algorithm rate limiter middleware with tiered limits, distributed storage, and proper HTTP headers.
๐ The Prompt
Implement a flexible, production-grade rate limiter in [PROGRAMMING_LANGUAGE] for a [FRAMEWORK] web application. The rate limiter will protect [API_TYPE] API endpoints from abuse and ensure fair usage across clients.
Please provide a complete implementation covering the following requirements:
1. **Algorithm Support**: Implement the following rate limiting algorithms and allow switching between them via configuration:
- **Token Bucket**: With configurable bucket size and refill rate.
- **Sliding Window Log**: With precise per-second tracking.
- **Fixed Window Counter**: As a lightweight alternative.
Clearly comment the trade-offs of each algorithm in the code.
2. **Storage Backends**: Design the rate limiter with a storage interface/abstraction so it supports:
- In-memory storage (using a hash map with automatic expiry) for single-instance deployments.
- [DISTRIBUTED_STORE] (e.g., Redis, Memcached) for distributed/multi-instance deployments.
Provide concrete implementations for both backends.
3. **Client Identification**: Identify clients using a configurable key strategy that supports: IP address, API key from the `[HEADER_NAME]` header, authenticated user ID, or a composite key combining multiple identifiers. Include handling for clients behind proxies using `X-Forwarded-For`.
4. **Tiered Rate Limits**: Support different rate limit tiers based on [TIER_CRITERIA] (e.g., user subscription plan, API key type). Example tiers:
- Free: [FREE_LIMIT] requests per [TIME_WINDOW]
- Pro: [PRO_LIMIT] requests per [TIME_WINDOW]
- Enterprise: [ENTERPRISE_LIMIT] requests per [TIME_WINDOW]
5. **Response Headers & Behavior**: When rate limited, return HTTP 429 with a JSON error body. Include standard headers: `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset`, and `Retry-After`. Add these headers to all responses, not just rejected ones.
6. **Middleware Integration**: Package the rate limiter as a reusable middleware for [FRAMEWORK] that can be applied globally, per-route, or per-route-group with different configurations.
7. **Testing**: Include unit tests for each algorithm verifying correct counting, window expiration, and edge cases like concurrent requests.
Provide the complete code with inline documentation, a usage example showing per-route configuration, and a brief section on monitoring rate limit metrics in production.
๐ก Tips for Better Results
Choose your primary algorithm based on your needs: Token Bucket is best for allowing short bursts, Sliding Window is most accurate but uses more memory
Always specify your framework (Express, FastAPI, Spring Boot, etc.) to get middleware code that plugs in directly
Test with concurrent requests using a load testing tool to validate the rate limiter handles race conditions correctly
๐ฏ Use Cases
Backend and API developers who need to protect their endpoints from abuse, enforce usage quotas per subscription tier, and ensure service reliability under high traffic.
๐ Related Prompts
๐ป Coding
beginner
Explain Code Like Im a Beginner
Get any code explained in plain English with line-by-line breakdowns, analogies, and learning suggestions.
๐ป Coding
beginner
Debug My Code and Explain the Fix
Get your code debugged with clear explanations of what went wrong and why, plus the corrected version.
๐ป Coding
intermediate
Write Unit Tests for My Code
Generate thorough unit tests covering edge cases, error handling, and both positive and negative scenarios.
๐ป Coding
intermediate
Convert Code Between Languages
Convert code between any programming languages while maintaining idiomatic patterns and best practices.
๐ป Coding
intermediate
Write a REST API Endpoint
Generate production-ready REST API endpoints with validation, error handling, and documentation.
๐ป Coding
advanced
Refactor Code for Better Performance
Get your code refactored for better performance with Big O analysis and design pattern suggestions.