Hi I am rate limiting some methods in meteor.js with DDPRateLimiter and what I found out is that it limits method call for everyone not just that connection! For example for this rule:
var updateUsernameRule = {
type: 'method',
name: 'updateUsername'
};
DDPRateLimiter.addRule(updateUsernameRule, 1, 30000);
Update in one browser and then when updating in another it causes rate limit error. Documentation is kinda unclear about that and default behavior is not intuitive at all. How do I rate limit per user?
I agree, the docs need a bit of work. To make this work in your case (restrict by logged in user only), you will want something like the following:
const updateUsernameRule = {
type: 'method',
name: 'updateUsername',
userId(userId) {
if (userId) {
return true;
}
}
};
DDPRateLimiter.addRule(updateUsernameRule, 1, 30000);
This will cause the updateUsernameRule rule to only be matched for user's with a set userId (logged in users). All other not logged in users will skip this rule completely, and be able to make as many requests as they want.