Rate limiting is a critical concept in web development and API design. It ensures that users or systems can only make a limited number of requests to a server within a specific time frame. In this blog post, we’ll explore what rate limiting is, why it’s essential, and how to implement a simple rate limiter in Go.
What Is Rate Limiting?
Imagine a theme park with a roller coaster ride that can only accommodate 10 people every 10 minutes. If more than 10 people try to get on within that timeframe, they’ll have to wait. This analogy mirrors the principle of rate limiting in software systems.
In technical terms, rate limiting restricts the number of requests a client (e.g., a user, device, or IP address) can send to a server within a predefined period. It helps:
- Prevent abuse and ensure fair usage of resources.
- Protect servers from being overwhelmed by excessive traffic.
- Avoid costly overuse of third-party APIs or services.
For example, an API might allow 100 requests per minute per user. If a user exceeds this limit, the server denies further requests until the limit resets.
How Does Rate Limiting Work?
One common way to implement rate limiting is through the token bucket algorithm. Here’s how it works:
- A bucket starts with a fixed number of tokens (e.g., 10).
- Each request removes one token from the bucket.
- If the bucket has no tokens left, the request is denied.
- Tokens are replenished at a steady rate (e.g., 1 token every second) until the bucket is full.
Building a Simple Rate Limiter in Go
Let’s dive into building a rate limiter in Go that limits each client to 3 requests per minute.
Step 1: Define the Rate Limiter Structure
We’ll use the sync.Mutex to ensure thread safety and store information like the number of tokens, the maximum capacity, and the refill rate.
package main
import (
"sync"
"time"
)
type RateLimiter struct {
tokens float64 // Current number of tokens
maxTokens float64 // Maximum tokens allowed
refillRate float64 // Tokens added per second
lastRefillTime time.Time // Last time tokens were refilled
mutex sync.Mutex
}
func NewRateLimiter(maxTokens, refillRate float64) *RateLimiter {
return &RateLimiter{
tokens: maxTokens,
maxTokens: maxTokens,
refillRate: refillRate,
lastRefillTime: time.Now(),
}
}
Step 2: Implement Token Refill Logic
Tokens should be replenished periodically based on the elapsed time since the last refill.
func (r *RateLimiter) refillTokens() {
now := time.Now()
duration := now.Sub(r.lastRefillTime).Seconds()
tokensToAdd := duration * r.refillRate
r.tokens += tokensToAdd
if r.tokens > r.maxTokens {
r.tokens = r.maxTokens
}
r.lastRefillTime = now
}
Step 3: Check If a Request Is Allowed
The Allow method will determine if a request can proceed based on the available tokens.
func (r *RateLimiter) Allow() bool {
r.mutex.Lock()
defer r.mutex.Unlock()
r.refillTokens()
if r.tokens >= 1 {
r.tokens--
return true
}
return false
}
Step 4: Apply Rate Limiting Per IP
To limit requests per client, we’ll create a map of IP addresses to their respective rate limiters.
type IPRateLimiter struct {
limiters map[string]*RateLimiter
mutex sync.Mutex
}
func NewIPRateLimiter() *IPRateLimiter {
return &IPRateLimiter{
limiters: make(map[string]*RateLimiter),
}
}
func (i *IPRateLimiter) GetLimiter(ip string) *RateLimiter {
i.mutex.Lock()
defer i.mutex.Unlock()
limiter, exists := i.limiters[ip]
if !exists {
// Allow 3 requests per minute
limiter = NewRateLimiter(3, 0.05)
i.limiters[ip] = limiter
}
return limiter
}
Step 5: Create Middleware for Rate Limiting
Finally, we’ll create an HTTP middleware that enforces the rate limit for each client.
package main
import (
"sync"
"time"
)
type RateLimiter struct {
tokens float64 // Current number of tokens
maxTokens float64 // Maximum tokens allowed
refillRate float64 // Tokens added per second
lastRefillTime time.Time // Last time tokens were refilled
mutex sync.Mutex
}
func NewRateLimiter(maxTokens, refillRate float64) *RateLimiter {
return &RateLimiter{
tokens: maxTokens,
maxTokens: maxTokens,
refillRate: refillRate,
lastRefillTime: time.Now(),
}
}
Step 6: Set Up the Server
Here’s how to hook it all together and test the rate limiter.
func (r *RateLimiter) refillTokens() {
now := time.Now()
duration := now.Sub(r.lastRefillTime).Seconds()
tokensToAdd := duration * r.refillRate
r.tokens += tokensToAdd
if r.tokens > r.maxTokens {
r.tokens = r.maxTokens
}
r.lastRefillTime = now
}
Testing the Rate Limiter
Start the server and test it using curl or your browser:
func (r *RateLimiter) Allow() bool {
r.mutex.Lock()
defer r.mutex.Unlock()
r.refillTokens()
if r.tokens >= 1 {
r.tokens--
return true
}
return false
}
- Send 3 requests quickly: All should succeed.
- Send a 4th request within the same minute: You should see Rate Limit Exceeded message.
- Wait for 20 seconds and try again: The bucket refills, and requests should succeed.
Source Code
GitHub Repo
The above is the detailed content of Rate Limiting for Beginners: What It Is and How to Build One in Go. For more information, please follow other related articles on the PHP Chinese website!
Choosing Between Golang and Python: The Right Fit for Your ProjectApr 19, 2025 am 12:21 AMGolangisidealforperformance-criticalapplicationsandconcurrentprogramming,whilePythonexcelsindatascience,rapidprototyping,andversatility.1)Forhigh-performanceneeds,chooseGolangduetoitsefficiencyandconcurrencyfeatures.2)Fordata-drivenprojects,Pythonisp
Golang: Concurrency and Performance in ActionApr 19, 2025 am 12:20 AMGolang achieves efficient concurrency through goroutine and channel: 1.goroutine is a lightweight thread, started with the go keyword; 2.channel is used for secure communication between goroutines to avoid race conditions; 3. The usage example shows basic and advanced usage; 4. Common errors include deadlocks and data competition, which can be detected by gorun-race; 5. Performance optimization suggests reducing the use of channel, reasonably setting the number of goroutines, and using sync.Pool to manage memory.
Golang vs. Python: Which Language Should You Learn?Apr 19, 2025 am 12:20 AMGolang is more suitable for system programming and high concurrency applications, while Python is more suitable for data science and rapid development. 1) Golang is developed by Google, statically typing, emphasizing simplicity and efficiency, and is suitable for high concurrency scenarios. 2) Python is created by Guidovan Rossum, dynamically typed, concise syntax, wide application, suitable for beginners and data processing.
Golang vs. Python: Performance and ScalabilityApr 19, 2025 am 12:18 AMGolang is better than Python in terms of performance and scalability. 1) Golang's compilation-type characteristics and efficient concurrency model make it perform well in high concurrency scenarios. 2) Python, as an interpreted language, executes slowly, but can optimize performance through tools such as Cython.
Golang vs. Other Languages: A ComparisonApr 19, 2025 am 12:11 AMGo language has unique advantages in concurrent programming, performance, learning curve, etc.: 1. Concurrent programming is realized through goroutine and channel, which is lightweight and efficient. 2. The compilation speed is fast and the operation performance is close to that of C language. 3. The grammar is concise, the learning curve is smooth, and the ecosystem is rich.
Golang and Python: Understanding the DifferencesApr 18, 2025 am 12:21 AMThe main differences between Golang and Python are concurrency models, type systems, performance and execution speed. 1. Golang uses the CSP model, which is suitable for high concurrent tasks; Python relies on multi-threading and GIL, which is suitable for I/O-intensive tasks. 2. Golang is a static type, and Python is a dynamic type. 3. Golang compiled language execution speed is fast, and Python interpreted language development is fast.
Golang vs. C : Assessing the Speed DifferenceApr 18, 2025 am 12:20 AMGolang is usually slower than C, but Golang has more advantages in concurrent programming and development efficiency: 1) Golang's garbage collection and concurrency model makes it perform well in high concurrency scenarios; 2) C obtains higher performance through manual memory management and hardware optimization, but has higher development complexity.
Golang: A Key Language for Cloud Computing and DevOpsApr 18, 2025 am 12:18 AMGolang is widely used in cloud computing and DevOps, and its advantages lie in simplicity, efficiency and concurrent programming capabilities. 1) In cloud computing, Golang efficiently handles concurrent requests through goroutine and channel mechanisms. 2) In DevOps, Golang's fast compilation and cross-platform features make it the first choice for automation tools.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
Notepad++7.3.1
Easy-to-use and free code editor
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
Dreamweaver CS6
Visual web development tools
