syeedalireza / api-rate-limiter-bundle
Enterprise-grade API rate limiting for Symfony. Supports multiple algorithms (Token Bucket, Sliding Window, Fixed Window), distributed limiting with Redis, and comprehensive analytics. Perfect for production APIs requiring precise request throttling.
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:symfony-bundle
pkg:composer/syeedalireza/api-rate-limiter-bundle
Requires
- php: ^8.2
- predis/predis: ^2.2
- symfony/config: ^6.4|^7.0
- symfony/dependency-injection: ^6.4|^7.0
- symfony/framework-bundle: ^6.4|^7.0
- symfony/http-foundation: ^6.4|^7.0
- symfony/http-kernel: ^6.4|^7.0
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.64
- infection/infection: ^0.29
- phpbench/phpbench: ^1.3
- phpstan/phpstan: ^2.0
- phpstan/phpstan-symfony: ^2.0
- phpunit/phpunit: ^11.0
- qossmic/deptrac: ^2.0
- symfony/phpunit-bridge: ^6.4|^7.0
- symfony/var-dumper: ^6.4|^7.0
- vimeo/psalm: ^6.0
This package is not auto-updated.
Last update: 2026-02-04 04:58:23 UTC
README
Enterprise-grade API Rate Limiting for Symfony applications with multiple algorithms, distributed support via Redis, and comprehensive analytics.
๐ Features
- Multiple Algorithms: Token Bucket, Sliding Window, Fixed Window, Leaky Bucket
- Distributed Rate Limiting: Redis-based for microservices
- Flexible Limits: Per IP, User, API Key, or Endpoint
- RFC Compliance: RateLimit-* HTTP headers
- Analytics: Real-time metrics and monitoring
- PHP 8 Attributes: Modern configuration style
- Production Ready: Battle-tested, optimized Lua scripts
๐ฆ Installation
composer require syeedalireza/api-rate-limiter-bundle
๐ฏ Quick Start
1. Configure
# config/packages/rate_limiter.yaml rate_limiter: default_algorithm: token_bucket redis: client: 'redis://localhost:6379' limits: api: limit: 100 window: 3600 # 1 hour
2. Use Attributes
use Syeedalireza\RateLimiterBundle\Attribute\RateLimit; #[RateLimit(limit: 100, window: 3600)] class ApiController extends AbstractController { #[Route('/api/users')] #[RateLimit(limit: 10, window: 60, key: 'ip')] public function getUsers(): JsonResponse { // Max 10 requests per minute per IP } }
3. Check Limits Programmatically
use Syeedalireza\RateLimiterBundle\Service\RateLimiter; public function __construct( private RateLimiter $rateLimiter ) {} public function someAction(): Response { $status = $this->rateLimiter->check('user:123', limit: 100, window: 3600); if (!$status->isAllowed()) { throw new TooManyRequestsHttpException( $status->getRetryAfter(), 'Rate limit exceeded' ); } }
๐ Algorithms
Token Bucket
Best for burst tolerance with steady rate.
#[RateLimit(algorithm: 'token_bucket', limit: 100, window: 60)]
Sliding Window
Most accurate, prevents boundary issues.
#[RateLimit(algorithm: 'sliding_window', limit: 100, window: 60)]
Fixed Window
Simple, efficient, but has boundary spikes.
#[RateLimit(algorithm: 'fixed_window', limit: 100, window: 60)]
๐ง Advanced Usage
Custom Cost per Endpoint
#[RateLimit(limit: 1000, window: 3600, cost: 10)] public function heavyOperation(): Response { // This request costs 10 tokens }
Whitelist/Blacklist
rate_limiter: whitelist: - '192.168.1.100' - '10.0.0.0/8' blacklist: - '185.220.101.0/24' # Tor exit nodes
Multiple Limits
#[RateLimit(limit: 10, window: 1)] // 10 per second #[RateLimit(limit: 100, window: 60)] // 100 per minute #[RateLimit(limit: 1000, window: 3600)] // 1000 per hour public function api(): Response {}
๐ Monitoring
$metrics = $this->rateLimiter->getMetrics('user:123'); echo $metrics->getRequestCount(); echo $metrics->getRemainingTokens(); echo $metrics->getResetTime();
๐ณ Docker Support
Included Redis setup for development:
docker-compose up -d
๐ Documentation
๐งช Testing
composer test # Run tests composer benchmark # Run performance benchmarks composer quality # All quality checks
๐ค Contributing
See CONTRIBUTING.md
๐ License
MIT License - see LICENSE.md
๐จโ๐ป Author
Alireza Aminzadeh
- Email: alireza.aminzadeh@hotmail.com
- GitHub: @syeedalireza