The RateLimiter class in JiFramework provides a robust mechanism for controlling the rate of incoming requests to your application based on IP addresses. By default, this feature is disabled, but once enabled through configuration, the class will automatically enforce rate limiting throughout your application without additional code changes.

This class is essential for:

• Preventing Abuse: Limits excessive requests from clients to protect your application from brute-force attacks, spam, and resource exhaustion.
• Ensuring Fair Usage: Maintains the quality of service by preventing any single user from monopolizing server resources.
• Automatic Enforcement: Once enabled, the rate limiter automatically handles request counting, enforcement, and optional banning, requiring minimal changes to your application code.

Note: To activate rate limiting, you need to enable it in your Config class. The RateLimiter class will then automatically monitor and enforce limits based on your configuration settings.

Why Use RateLimiter:

Implementing the RateLimiter class in your application provides several benefits:

• Security Enhancement: Protects your application from abuse, brute-force attacks, and denial-of-service (DoS) attempts by limiting excessive requests.
• Resource Management: Ensures server resources are used efficiently, preventing any single user from overwhelming the system.
• Automatic Enforcement: Once configured, the class automatically enforces rate limits without additional code.
• Flexibility: Easily enable or disable features and adjust limits as needed based on your application's requirements.

Before using the RateLimiter class, you need to configure various settings in your Config class to enable and customize the rate-limiting features. By default, rate limiting is disabled, and you must explicitly enable it as needed.

Configuration Options:

namespace JIFramework\Config;

class Config {
    // Enable or disable rate limiting (default: false)
    const RATE_LIMIT_ENABLED = false;

    // Path to the SQLite database file for rate limiting
    const RATE_LIMIT_DATABASE_PATH = __DIR__ . '/../Storage/ratelimit.sqlite';

    // Number of allowed requests within the time window
    const RATE_LIMIT_REQUESTS = 100;

    // Time window in seconds (e.g., 3600 seconds = 1 hour)
    const RATE_LIMIT_TIME_WINDOW = 3600;

    // Enable or disable IP banning when rate limit is exceeded (default: false)
    const RATE_LIMIT_BAN_ENABLED = false;

    // Duration of the ban in seconds (e.g., 86400 seconds = 24 hours)
    const RATE_LIMIT_BAN_DURATION = 86400;
}

Explanation:

• RATE_LIMIT_ENABLED (bool): Enables or disables rate limiting.
• Default: false (rate limiting is disabled by default).
• When enabled, the RateLimiter class will automatically enforce rate limiting in your application.
• RATE_LIMIT_DATABASE_PATH (string): The file path to the SQLite database used for storing request logs and bans.
• RATE_LIMIT_REQUESTS (int): The maximum number of allowed requests from a single IP address within the time window.
• RATE_LIMIT_TIME_WINDOW (int): The duration of the time window in seconds.
• RATE_LIMIT_BAN_ENABLED (bool): Determines whether to ban IP addresses that exceed the rate limit.
• Default: false (banning is disabled by default).
• When set to true, IP addresses exceeding the rate limit will be temporarily banned.
• RATE_LIMIT_BAN_DURATION (int): The duration of the ban in seconds.

Enabling Rate Limiting

Configuration:

// In Config.php
const RATE_LIMIT_ENABLED = true;
const RATE_LIMIT_REQUESTS = 100;
const RATE_LIMIT_TIME_WINDOW = 3600; // 1 hour
const RATE_LIMIT_BAN_ENABLED = false;

Explanation:

• Rate limiting is enabled via configuration.
• The RateLimiter class automatically enforces the rate limit without additional code.
• Users exceeding the limit will receive a rate limit exceeded message but will not be banned.

Enabling Rate Limiting with Banning

Configuration:

// In Config.php
const RATE_LIMIT_ENABLED = true;
const RATE_LIMIT_REQUESTS = 50;
const RATE_LIMIT_TIME_WINDOW = 3600; // 1 hour
const RATE_LIMIT_BAN_ENABLED = true;
const RATE_LIMIT_BAN_DURATION = 86400; // 24 hours

Explanation:

• Rate limiting and banning are enabled via configuration.
• The RateLimiter class automatically enforces rate limits and bans IP addresses that exceed the limit.
• Users exceeding the limit will be banned for 24 hours.

Database Structure

• The RateLimiter class uses an SQLite database with the following tables:
• requests:
• id (INTEGER): Primary key.
• ip_address (TEXT): The IP address of the client.
• timestamp (INTEGER): The UNIX timestamp of the request.
• bans:
• id (INTEGER): Primary key.
• ip_address (TEXT): The IP address of the banned client (unique).
• ban_expires (INTEGER): The UNIX timestamp when the ban expires.

Garbage Collection

• Old requests (outside the time window) and expired bans are automatically deleted during the initialization of the RateLimiter class to keep the database clean and efficient.