A job middleware to rate limit jobs
This package contains a job middleware that can rate limit jobs in Laravel apps.
We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.
We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You’ll find our address on our contact page. We publish all received postcards on our virtual postcard wall.
You can install the package via composer:
composer require spatie/laravel-rate-limited-job-middleware
By default, the middleware will only allow 5 jobs to be executed per second. Any jobs that are not allowed will be released for 5 seconds.
To apply the middleware just add the Spatie\RateLimitedMiddleware\RateLimited
to the middlewares of your job.
namespace App\Jobs;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Queue\InteractsWithQueue;
use Spatie\RateLimitedMiddleware\RateLimited;
class TestJob implements ShouldQueue
{
use Dispatchable, InteractsWithQueue, Queueable;
public function handle()
{
// your job logic
}
public function middleware()
{
return [new RateLimited()];
}
}
When using rate limiting, the number of attempts of your job may be hard to predict. Instead of using a fixed number of attempts, it’s better to use time based attempts.
You can add this to your job class:
/*
* Determine the time at which the job should timeout.
*
*/
public function retryUntil() : \DateTime
{
return now()->addDay();
}
You can customize all the behaviour. Here’s an example where the middleware allows a maximum of 30 jobs to performed in a timespan of 60 seconds. Jobs that are not allowed will be released for 90 seconds.
// in your job
public function middleware()
{
$rateLimitedMiddleware = (new RateLimited())
->allow(30)
->everySeconds(60)
->releaseAfterSeconds(90);
return [$rateLimitedMiddleware];
}
Often remote services such as APIs have rate limits or otherwise respond with a server error. Under these circumstances it makes sense to increment our delay before trying again. You can replace releaseAfter
methods with releaseAfterBackoff($this->attempts()
to use the default Rate Limiter interval of 5 seconds. Otherwise, you may chain the releaseAfter
calls to adjust the backoff interval.
releaseAfterOneMinute()
// in your job
/**
* Attempt 1: Release after 60 seconds
* Attempt 2: Release after 180 seconds
* Attempt 3: Release after 420 seconds
* Attempt 4: Release after 900 seconds
*/
public function middleware()
{
$rateLimitedMiddleware = (new RateLimited())
->allow(30)
->everySeconds(60)
->releaseAfterOneMinute()
->releaseAfterBackoff($this->attempts());
return [$rateLimitedMiddleware];
}
releaseAfterSeconds()
// in your job
/**
* Attempt 1: Release after 5 seconds
* Attempt 2: Release after 15 seconds
* Attempt 3: Release after 35 seconds
* Attempt 4: Release after 75 seconds
*/
public function middleware()
{
$rateLimitedMiddleware = (new RateLimited())
->allow(30)
->everySeconds(60)
->releaseAfterSeconds(5)
->releaseAfterBackoff($this->attempts());
return [$rateLimitedMiddleware];
}
releaseAfterBackoff()
accepts the rate multiplier as the second argument. By default, the multiplier is 2.
Below is an example of setting the rate to 3. You’ll notice that as the attempts grow, the difference between a rate of 2 vs. a rate of 3 becomes significantly greater.
// in your job
/**
* Attempt 1: Release after 5 seconds
* Attempt 2: Release after 20 seconds
* Attempt 3: Release after 65 seconds
* Attempt 4: Release after 200 seconds
*/
public function middleware()
{
$rateLimitedMiddleware = (new RateLimited())
->allow(30)
->everySeconds(60)
->releaseAfterBackoff($this->attempts(), 3);
return [$rateLimitedMiddleware];
}
If you don’t want to retry a job when it is ratelimited, you can use the dontRelease()
method. This is useful in situations where you have jobs that run periodically and you don’t care about a job being skipped.
public function middleware()
{
$rateLimitedMiddleware = (new RateLimited())
->allow(30)
->everySeconds(60)
->dontRelease();
return [$rateLimitedMiddleware];
}
By default, the middleware will use the default Redis connection.
The default key that will be used in redis will be the name of the class that created the instance of the middleware. In most cases this will be name of job in which the middleware is applied. If this is not what you expect, you can use the key
method to customize it.
Here’s an example where a custom connection and custom key is used.
// in your job
public function middleware()
{
$rateLimitedMiddleware = (new RateLimited())
->connectionName('my-custom-connection')
->key('my-custom-key');
return [$rateLimitedMiddleware];
}
If you want to conditionally apply the middleware you can use the enabled
method. If accepts a boolean that determines if the middleware should rate limit your job or not.
You can also pass a Closure
to enabled
. If it evaluates to a truthy value the middleware will be enable.
Here’s a silly example where the rate limiting is only activated in January.
// in your job
public function middleware()
{
$shouldRateLimitJobs = Carbon::now()->month === 1;
$rateLimitedMiddleware = (new RateLimited())
->enabled($shouldRateLimitJobs);
return [$rateLimitedMiddleware];
}
These methods are available to be called on the middleware. Their names should be self-explanatory.
allow(int $allowedNumberOfJobsInTimeSpan)
everySecond(int $timespanInSeconds = 1)
everySeconds(int $timespanInSeconds)
everyMinute(int $timespanInMinutes = 1)
everyMinutes(int $timespanInMinutes)
releaseAfterOneSecond()
releaseAfterSeconds(int $releaseInSeconds)
releaseAfterOneMinute()
releaseAfterMinutes(int $releaseInMinutes)
releaseAfterRandomSeconds(int $min = 1, int $max = 10)
\Spatie\RateLimitedMiddleware\Events\LimitExceeded
when the rate limit has been exceeded.composer test
Please see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
If you’ve found a bug regarding security please mail [email protected] instead of using the issue tracker.
You’re free to use this package, but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.
Our address is: Spatie, Kruikstraat 22, 2018 Antwerp, Belgium.
We publish all received postcards on our company website.
This code is heavily based on the rate limiting example found in the Laravel docs.
The MIT License (MIT). Please see License File for more information.