This project searches for a new maintainer. Please volunteer.

Thanks for such a nice pkg! I wonder if there is any method like refund or something that can return the tokens to the bucket.

I used this feature mainly for trade amount limitation. In such a case:

// ...
// consume when an order creating.
$bucket->consume($order->total);
$order->create();
// then order turns to failed.
$order->failed();
$bucket->refund($order->total);

For now I implement this feature on my own. But I think that would be better if there is official support :)

I am talking about Memcached storage implementation (probably other too).
Since you use memcached::set with ttl = 0, old unused buckets will stay in memory forever, and this is not good for websites with bucket-per-ip. For websites with 100000 visitors per day it will eat >100 bytes per record = 10Megabytes, and will grow each day. In a month it will eat ~ 300Megabytes and some vps servers will go down.
I think it should be possible to set ttl to specific reasonable value.

Hi!

Is there any way to know/access to how many tokens are left until reach the time limit?

Thanks!

When I use next code for bootstrap token bucket:

use bandwidthThrottle\tokenBucket\Rate;
use bandwidthThrottle\tokenBucket\TokenBucket;
use bandwidthThrottle\tokenBucket\storage\FileStorage;

$storage = new FileStorage(__DIR__ . "/api.bucket");
$rate = new Rate(10, Rate::SECOND);
$bucket = new TokenBucket(10, $rate, $storage);
$bucket->bootstrap(10);

On Linux and macOS all works well, but in Windows I get an error:

Could not write to storage.

Maybe it's because the file opens twice, first, in FileStorage::__construct, then file locked by flock and then file opens in FileStorage::bootstrap method.

Hello I am just curious if I could use the lib to make calls to an API rest without surpass their limits.

Hey. I'm not sure whether a complete deadlock during blocking consumption could somehow occur or not, but isn't it generally healthy to have a failsafe for a blocking operation - such as a configurable timeout setting?

Current malkusch/lock release 2.0 version, and many packages have updated dependency version to ^1|^2

The current implementation of MemcachedStorage doesn't work.

When the consume method is called and "$delta < 0", then $this->storage->getMutex()->synchronized keeps looping the "callable $code". This is because "$this->storage->getMutex()->notify()" is never called when "$delta < 0", so "$this->loop->execute($code)" (CASMutex) keeps running and will reach the timeout "malkusch\lock\exception\TimeoutException" "Timeout of 3 seconds exceeded.".

The current implementation of MemcachedStorage uses CAS, where the MemcacheStorage (without D) implementation doesn't. I've created a MemcachedStorage implementation without CAS (also using "MemcachedMutex" instead of "CASMutex") and that seems to work fine. What was the reason to use the CAS tokens?

I get this error report everytime after some problem happened.Then I review the code in "vendor\malkusch\lock"and find some bug for Redis:If u set a lock for the bucket and the client broke,this lock will never be release so that every request will be stoped by the "setnx".I wonder if u have some solution for this bug,and sorry for my English :p
by zhangxiaohou

Is it possible to use SessionScope to limit requests by an unique identifier such as their IP address?

Ideally something that would be able to 'kick' requests if an IP has made over a set allocation within a set time frame, e.g if the limit is 1000 requests per hour, once they make the 1001th request within that window rather than sleep it will just discard the request until they allowed to make requests again in the next window.

This project is great, but relies upon bootstrapping the bucket (ie filling with initial token allocation)

This can be troublesome when dealing with multiple resources that need limiting - eg rate limiting an API by remote IP address. There's no simple way of knowing if you've already bootstrapped for that particular IP without calling the storage, which is an extra overhead.

Instead, I'd propose a leaky bucket design - instead of checking the bucket still has >0 tokens remaining, you reverse it. So the bucket is empty initially, then you 'drain' X tokens per X seconds and each new rate limited request adds a token.

If the bucket is 'full' (ie tokens > limit, means you are filling faster than emptying, but with a 'limit' sized buffer) then you fail the request.

This way, you never need to bootstrap - you always just increment the bucket counter.

Thoughts?

Over a certain period of time, my curl requests are more than my limit.
Any ideas ?

My use case is :

• A set of 5 (rabbitmq) workers consume messages, doing one ore more API request per message
• No more than 10 API requests should be globally (throughout all workers) done for 1 second

Would this repo implementation be fine with this distributed constraint ?
Would this rate of 10 be an absolute limit or an average ?

It is rather trivial to resource exhaust an API using the https://github.com/bandwidth-throttle/token-bucket/blob/master/classes/BlockingConsumer.php

You might consider using a Request Queue with Memcache or Redis if you wanted to implement a better version of BlockingConsumer.

Is there a way you can make that dependency optional?

You are sending a float to usleep at:

Since PHP 8.1 usleep(float) is depricated:
https://3v4l.org/hguq1

Fatal error: Uncaught bandwidthThrottle\tokenBucket\storage\StorageException:
The string is not 64 bit long. in \bandwidth-throttle\token-bucket\classes\util\DoublePacker.php: 41

Having this error when applied following code in constructor of ApiController, and tried to use consume:

`function __construct() {

    $this->storage = new FileStorage(__DIR__ . "/api.bucket");
    $this->rate    = new Rate(10, Rate::SECOND);
    $this->bucket  = new TokenBucket(10, $this->rate, $this->storage);
     //Following code executed once, then commented
     //$this->bucket->bootstrap(10);

}`

`protected function checkRateLimit() {

    if (!$this->bucket->consume(1, $seconds)) {
        http_response_code(429);
        header(sprintf("Retry-After: %d", floor($seconds)));
        exit();
    }
    //echo "Continue to API response";
    return true;

}`

I have also noticed FileStorage class is sending blank string to unpack( ) function in Double Packer on line 129.

bandwidthThrottle\tokenBucket\util\DoublePacker: :unpack('')

Please guide what's going wrong here?

I want to rate limit 500 requests an hour to a specific script, by their IP Address.

Is this a good script to do so, any examples?

An error happens when I use redis cluster,
Uncaught TypeError: Argument 2 passed to bandwidthThrottle\tokenBucket\storage\PHPRedisStorage::__construct() must be an instance of Redis, instance of RedisCluster given