Class: A2A::Server::Middleware::RateLimitMiddleware

Inherits:

Object

• Object
• A2A::Server::Middleware::RateLimitMiddleware

Defined in:

lib/a2a/server/middleware/rate_limit_middleware.rb

Overview

Rate limiting middleware for A2A requests

Implements rate limiting using various strategies including in-memory, Redis-backed, and sliding window algorithms.

Examples:

Basic usage

middleware = RateLimitMiddleware.new(
  limit: 100,
  window: 3600, # 1 hour
  strategy: :sliding_window
)

Constant Summary

STRATEGIES =

Rate limiting strategies

i[fixed_window sliding_window token_bucket].freeze

Instance Attribute Summary

• #limit ⇒ Object readonly

  Returns the value of attribute limit.

• #store ⇒ Object readonly

  Returns the value of attribute store.

• #strategy ⇒ Object readonly

  Returns the value of attribute strategy.

• #window ⇒ Object readonly

  Returns the value of attribute window.

Instance Method Summary

• #call(request, context) { ... } ⇒ Object

  Process rate limiting for a request.

• #check_fixed_window(key) ⇒ Boolean private

  Fixed window rate limiting.

• #check_rate_limit(key) ⇒ Boolean

  Check if request is within rate limit.

• #check_sliding_window(key) ⇒ Boolean private

  Sliding window rate limiting.

• #check_token_bucket(key) ⇒ Boolean private

  Token bucket rate limiting.

• #default_key_generator(_request, context) ⇒ String private

  Default key generator based on authentication or IP.

• #fixed_window_status(key) ⇒ Object private

  Get fixed window status.

• #initialize(limit: 100, window: 3600, strategy: :sliding_window, store: nil, key_generator: nil) ⇒ RateLimitMiddleware constructor

  Initialize rate limiting middleware.

• #sliding_window_status(key) ⇒ Object private

  Get sliding window status.

• #status(key) ⇒ Hash

  Get current rate limit status for a key.

• #token_bucket_status(key) ⇒ Object private

  Get token bucket status.

• #validate_strategy! ⇒ Object private

  Validate the rate limiting strategy.

Constructor Details

#initialize(limit: 100, window: 3600, strategy: :sliding_window, store: nil, key_generator: nil) ⇒ RateLimitMiddleware

Initialize rate limiting middleware

Parameters:

• (defaults to: 100)

  Maximum number of requests per window

• (defaults to: 3600)

  Time window in seconds

• (defaults to: :sliding_window)

  Rate limiting strategy

• (defaults to: nil)

  Storage backend (defaults to in-memory)

• (defaults to: nil)

  Custom key generator for rate limiting

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 35

def initialize(limit: 100, window: 3600, strategy: :sliding_window,
               store: nil, key_generator: nil)
  @limit = limit
  @window = window
  @strategy = strategy
  @store = store || InMemoryStore.new
  @key_generator = key_generator || method(:default_key_generator)

  validate_strategy!
end

Instance Attribute Details

#limit ⇒ Object (readonly)

Returns the value of attribute limit.

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 22

def limit
  @limit
end

#store ⇒ Object (readonly)

Returns the value of attribute store.

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 22

def store
  @store
end

#strategy ⇒ Object (readonly)

Returns the value of attribute strategy.

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 22

def strategy
  @strategy
end

#window ⇒ Object (readonly)

Returns the value of attribute window.

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 22

def window
  @window
end

Instance Method Details

#call(request, context) { ... } ⇒ Object

Process rate limiting for a request

Parameters:

• The JSON-RPC request

• The request context

Yields:

• Block to continue the middleware chain

Returns:

• The result from the next middleware or handler

Raises:

• If rate limit is exceeded

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 54

def call(request, context)
  # Generate rate limiting key
  key = @key_generator.call(request, context)

  # Check rate limit
  unless check_rate_limit(key)
    raise A2A::Errors::RateLimitExceeded, "Rate limit exceeded: #{@limit} requests per #{@window} seconds"
  end

  # Continue to next middleware
  yield
end

#check_fixed_window(key) ⇒ Boolean (private)

Fixed window rate limiting

Parameters:

• The rate limiting key

Returns:

• True if within limit

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 139

def check_fixed_window(key)
  now = Time.now.to_i
  window_start = (now / @window) * @window
  window_key = "#{key}:#{window_start}"

  current_count = @store.get(window_key) || 0

  if current_count >= @limit
    false
  else
    @store.increment(window_key, expires_at: window_start + @window)
    true
  end
end

#check_rate_limit(key) ⇒ Boolean

Check if request is within rate limit

Parameters:

• The rate limiting key

Returns:

• True if within limit, false otherwise

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 72

def check_rate_limit(key)
  case @strategy
  when :fixed_window
    check_fixed_window(key)
  when :sliding_window
    check_sliding_window(key)
  when :token_bucket
    check_token_bucket(key)
  else
    true # Fallback to allow request
  end
end

#check_sliding_window(key) ⇒ Boolean (private)

Sliding window rate limiting

Parameters:

• The rate limiting key

Returns:

• True if within limit

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 159

def check_sliding_window(key)
  now = Time.now.to_f
  window_start = now - @window

  # Get timestamps of requests in the current window
  timestamps = @store.get_list("#{key}:timestamps") || []

  # Remove old timestamps
  timestamps = timestamps.select { |ts| ts > window_start }

  if timestamps.length >= @limit
    false
  else
    # Add current timestamp
    timestamps << now
    @store.set_list("#{key}:timestamps", timestamps, expires_at: now + @window)
    true
  end
end

#check_token_bucket(key) ⇒ Boolean (private)

Token bucket rate limiting

Parameters:

• The rate limiting key

Returns:

• True if within limit

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 184

def check_token_bucket(key)
  now = Time.now.to_f
  bucket_key = "#{key}:bucket"

  # Get current bucket state
  bucket = @store.get(bucket_key) || { tokens: @limit, last_refill: now }

  # Calculate tokens to add based on time elapsed
  time_elapsed = now - bucket[:last_refill]
  tokens_to_add = (time_elapsed / @window) * @limit

  # Refill bucket
  bucket[:tokens] = [@limit, bucket[:tokens] + tokens_to_add].min
  bucket[:last_refill] = now

  if bucket[:tokens] >= 1
    bucket[:tokens] -= 1
    @store.set(bucket_key, bucket, expires_at: now + (@window * 2))
    true
  else
    @store.set(bucket_key, bucket, expires_at: now + (@window * 2))
    false
  end
end

#default_key_generator(_request, context) ⇒ String (private)

Default key generator based on authentication or IP

Parameters:

• The request

• The context

Returns:

• The rate limiting key

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 119

def default_key_generator(_request, context)
  # Try to use authenticated user/API key
  if context.authenticated?
    auth_data = context.instance_variable_get(:@auth_schemes)&.values&.first
    return "user:#{auth_data[:username] || auth_data[:api_key] || auth_data[:token]}" if auth_data.is_a?(Hash)
  end

  # Fall back to IP address if available
  ip = context.get_metadata(:remote_ip) || context.get_metadata("REMOTE_ADDR")
  return "ip:#{ip}" if ip

  # Default fallback
  "anonymous"
end

#fixed_window_status(key) ⇒ Object (private)

Get fixed window status

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 211

def fixed_window_status(key)
  now = Time.now.to_i
  window_start = (now / @window) * @window
  window_key = "#{key}:#{window_start}"

  current_count = @store.get(window_key) || 0
  reset_time = window_start + @window

  {
    limit: @limit,
    remaining: [@limit - current_count, 0].max,
    reset_time: Time.zone.at(reset_time),
    window_start: Time.zone.at(window_start)
  }
end

#sliding_window_status(key) ⇒ Object (private)

Get sliding window status

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 229

def sliding_window_status(key)
  now = Time.now.to_f
  window_start = now - @window

  timestamps = @store.get_list("#{key}:timestamps") || []
  current_count = timestamps.count { |ts| ts > window_start }

  {
    limit: @limit,
    remaining: [@limit - current_count, 0].max,
    reset_time: nil, # No fixed reset time for sliding window
    window_start: Time.zone.at(window_start)
  }
end

#status(key) ⇒ Hash

Get current rate limit status for a key

Parameters:

• The rate limiting key

Returns:

• Status information

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 90

def status(key)
  case @strategy
  when :fixed_window
    fixed_window_status(key)
  when :sliding_window
    sliding_window_status(key)
  when :token_bucket
    token_bucket_status(key)
  else
    { limit: @limit, remaining: @limit, reset_time: nil }
  end
end

#token_bucket_status(key) ⇒ Object (private)

Get token bucket status

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 246

def token_bucket_status(key)
  now = Time.now.to_f
  bucket_key = "#{key}:bucket"

  bucket = @store.get(bucket_key) || { tokens: @limit, last_refill: now }

  # Calculate current tokens
  time_elapsed = now - bucket[:last_refill]
  tokens_to_add = (time_elapsed / @window) * @limit
  current_tokens = [@limit, bucket[:tokens] + tokens_to_add].min

  {
    limit: @limit,
    remaining: current_tokens.floor,
    reset_time: nil, # Continuous refill
    tokens: current_tokens
  }
end

#validate_strategy! ⇒ Object (private)

Validate the rate limiting strategy

Raises:

# File 'lib/a2a/server/middleware/rate_limit_middleware.rb', line 107

def validate_strategy!
  return if STRATEGIES.include?(@strategy)

  raise ArgumentError, "Invalid strategy: #{@strategy}. Must be one of: #{STRATEGIES.join(', ')}"
end