done

.formatter.exs

@@ -0,0 +1,4 @@
+[
+  import_deps: [:phoenix],
+  inputs: ["*.{ex,exs}", "{config,lib,test}/**/*.{ex,exs}"]
+]

.gitignore

@@ -0,0 +1,24 @@
+# The directory Mix will write compiled artifacts to.
+/_build/
+
+# If you run "mix test --cover", coverage assets end up here.
+/cover/
+
+# The directory Mix downloads your dependencies sources to.
+/deps/
+
+# Where 3rd-party dependencies like ExDoc output generated docs.
+/doc/
+
+# Ignore .fetch files in case you like to edit your project deps locally.
+/.fetch
+
+# If the VM crashes, it generates a dump, let's ignore it too.
+erl_crash.dump
+
+# Also ignore archive artifacts (built via "mix archive.build").
+*.ez
+
+# Ignore package tarball (built via "mix hex.build").
+ratelimit-*.tar
+

README.md

@@ -0,0 +1,11 @@
+# Ratelimit
+
+The repository for the written tutorial "Rate Limits in Phoenix".
+
+
+<p align="center">
+<img src="https://media.discordapp.net/attachments/893792219390156850/1022528110975000717/unknown.png"  alt="showcase" width="300" height="200"/></a>
+<p>
+
+
+by [@vKxni](https://github.com/vKxni).

config/config.exs

@@ -0,0 +1,31 @@
+# This file is responsible for configuring your application
+# and its dependencies with the aid of the Config module.
+#
+# This configuration file is loaded before any dependency and
+# is restricted to this project.
+
+# General application configuration
+import Config
+
+# Configures the endpoint
+config :ratelimit, RatelimitWeb.Endpoint,
+  url: [host: "localhost"],
+  render_errors: [view: RatelimitWeb.ErrorView, accepts: ~w(json), layout: false],
+  pubsub_server: Ratelimit.PubSub,
+  live_view: [signing_salt: "dCuDENfS"]
+
+# Configures Elixir's Logger
+config :logger, :console,
+  format: "$time $metadata[$level] $message\n",
+  metadata: [:request_id]
+
+# Config the rate limiter
+config :hammer,
+backend: {Hammer.Backend.ETS, [expiry_ms: 60_000 * 60 * 4, cleanup_interval_ms: 60_000 * 10]}
+
+# Use Jason for JSON parsing in Phoenix
+config :phoenix, :json_library, Jason
+
+# Import environment specific config. This must remain at the bottom
+# of this file so it overrides the configuration defined above.
+import_config "#{config_env()}.exs"

config/dev.exs

@@ -0,0 +1,51 @@
+import Config
+
+# For development, we disable any cache and enable
+# debugging and code reloading.
+#
+# The watchers configuration can be used to run external
+# watchers to your application. For example, we use it
+# with esbuild to bundle .js and .css sources.
+config :ratelimit, RatelimitWeb.Endpoint,
+  # Binding to loopback ipv4 address prevents access from other machines.
+  # Change to `ip: {0, 0, 0, 0}` to allow access from other machines.
+  http: [ip: {127, 0, 0, 1}, port: 4000],
+  check_origin: false,
+  code_reloader: true,
+  debug_errors: true,
+  secret_key_base: "bmf/ttba+zXoSLNYrBTx5IjneDCl+6n7VRGCMtm5BodlLBtwNMi/nXbQztrspCld",
+  watchers: []
+
+# ## SSL Support
+#
+# In order to use HTTPS in development, a self-signed
+# certificate can be generated by running the following
+# Mix task:
+#
+#     mix phx.gen.cert
+#
+# Note that this task requires Erlang/OTP 20 or later.
+# Run `mix help phx.gen.cert` for more information.
+#
+# The `http:` config above can be replaced with:
+#
+#     https: [
+#       port: 4001,
+#       cipher_suite: :strong,
+#       keyfile: "priv/cert/selfsigned_key.pem",
+#       certfile: "priv/cert/selfsigned.pem"
+#     ],
+#
+# If desired, both `http:` and `https:` keys can be
+# configured to run both http and https servers on
+# different ports.
+
+# Do not include metadata nor timestamps in development logs
+config :logger, :console, format: "[$level] $message\n"
+
+# Set a higher stacktrace during development. Avoid configuring such
+# in production as building large stacktraces may be expensive.
+config :phoenix, :stacktrace_depth, 20
+
+# Initialize plugs at runtime for faster development compilation
+config :phoenix, :plug_init_mode, :runtime

config/prod.exs

@@ -0,0 +1,49 @@
+import Config
+
+# For production, don't forget to configure the url host
+# to something meaningful, Phoenix uses this information
+# when generating URLs.
+#
+# Note we also include the path to a cache manifest
+# containing the digested version of static files. This
+# manifest is generated by the `mix phx.digest` task,
+# which you should run after static files are built and
+# before starting your production server.
+config :ratelimit, RatelimitWeb.Endpoint, cache_static_manifest: "priv/static/cache_manifest.json"
+
+# Do not print debug messages in production
+config :logger, level: :info
+
+# ## SSL Support
+#
+# To get SSL working, you will need to add the `https` key
+# to the previous section and set your `:url` port to 443:
+#
+#     config :ratelimit, RatelimitWeb.Endpoint,
+#       ...,
+#       url: [host: "example.com", port: 443],
+#       https: [
+#         ...,
+#         port: 443,
+#         cipher_suite: :strong,
+#         keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"),
+#         certfile: System.get_env("SOME_APP_SSL_CERT_PATH")
+#       ]
+#
+# The `cipher_suite` is set to `:strong` to support only the
+# latest and more secure SSL ciphers. This means old browsers
+# and clients may not be supported. You can set it to
+# `:compatible` for wider support.
+#
+# `:keyfile` and `:certfile` expect an absolute path to the key
+# and cert in disk or a relative path inside priv, for example
+# "priv/ssl/server.key". For all supported SSL configuration
+# options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1
+#
+# We also recommend setting `force_ssl` in your endpoint, ensuring
+# no data is ever sent via http, always redirecting to https:
+#
+#     config :ratelimit, RatelimitWeb.Endpoint,
+#       force_ssl: [hsts: true]
+#
+# Check `Plug.SSL` for all available options in `force_ssl`.

config/runtime.exs

@@ -0,0 +1,52 @@
+import Config
+
+# config/runtime.exs is executed for all environments, including
+# during releases. It is executed after compilation and before the
+# system starts, so it is typically used to load production configuration
+# and secrets from environment variables or elsewhere. Do not define
+# any compile-time configuration in here, as it won't be applied.
+# The block below contains prod specific runtime configuration.
+
+# Start the phoenix server if environment is set and running in a  release
+if System.get_env("PHX_SERVER") && System.get_env("RELEASE_NAME") do
+  config :ratelimit, RatelimitWeb.Endpoint, server: true
+end
+
+if config_env() == :prod do
+  # The secret key base is used to sign/encrypt cookies and other secrets.
+  # A default value is used in config/dev.exs and config/test.exs but you
+  # want to use a different value for prod and you most likely don't want
+  # to check this value into version control, so we use an environment
+  # variable instead.
+  secret_key_base =
+    System.get_env("SECRET_KEY_BASE") ||
+      raise """
+      environment variable SECRET_KEY_BASE is missing.
+      You can generate one by calling: mix phx.gen.secret
+      """
+
+  host = System.get_env("PHX_HOST") || "example.com"
+  port = String.to_integer(System.get_env("PORT") || "4000")
+
+  config :ratelimit, RatelimitWeb.Endpoint,
+    url: [host: host, port: 443],
+    http: [
+      # Enable IPv6 and bind on all interfaces.
+      # Set it to  {0, 0, 0, 0, 0, 0, 0, 1} for local network only access.
+      # See the documentation on https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html
+      # for details about using IPv6 vs IPv4 and loopback vs public addresses.
+      ip: {0, 0, 0, 0, 0, 0, 0, 0},
+      port: port
+    ],
+    secret_key_base: secret_key_base
+
+  # ## Using releases
+  #
+  # If you are doing OTP releases, you need to instruct Phoenix
+  # to start each relevant endpoint:
+  #
+  #     config :ratelimit, RatelimitWeb.Endpoint, server: true
+  #
+  # Then you can assemble a release by calling `mix release`.
+  # See `mix help release` for more information.
+end

config/test.exs

@@ -0,0 +1,14 @@
+import Config
+
+# We don't run a server during test. If one is required,
+# you can enable the server option below.
+config :ratelimit, RatelimitWeb.Endpoint,
+  http: [ip: {127, 0, 0, 1}, port: 4002],
+  secret_key_base: "UMcz/BscO7TLBCLNLfpBJ1xy8tNaCxkN4IkyINoQQHWIrAfnowebYrAdenmfNhhT",
+  server: false
+
+# Print only warnings and errors during test
+config :logger, level: :warn
+
+# Initialize plugs at runtime for faster test compilation
+config :phoenix, :plug_init_mode, :runtime

lib/ratelimit.ex

@@ -0,0 +1,9 @@
+defmodule Ratelimit do
+  @moduledoc """
+  Ratelimit keeps the contexts that define your domain
+  and business logic.
+
+  Contexts are also responsible for managing your data, regardless
+  if it comes from the database, an external API or others.
+  """
+end

lib/ratelimit/application.ex

@@ -0,0 +1,34 @@
+defmodule Ratelimit.Application do
+  # See https://hexdocs.pm/elixir/Application.html
+  # for more information on OTP Applications
+  @moduledoc false
+
+  use Application
+
+  @impl true
+  def start(_type, _args) do
+    children = [
+      # Start the Telemetry supervisor
+      RatelimitWeb.Telemetry,
+      # Start the PubSub system
+      {Phoenix.PubSub, name: Ratelimit.PubSub},
+      # Start the Endpoint (http/https)
+      RatelimitWeb.Endpoint
+      # Start a worker by calling: Ratelimit.Worker.start_link(arg)
+      # {Ratelimit.Worker, arg}
+    ]
+
+    # See https://hexdocs.pm/elixir/Supervisor.html
+    # for other strategies and supported options
+    opts = [strategy: :one_for_one, name: Ratelimit.Supervisor]
+    Supervisor.start_link(children, opts)
+  end
+
+  # Tell Phoenix to update the endpoint configuration
+  # whenever the application is updated.
+  @impl true
+  def config_change(changed, _new, removed) do
+    RatelimitWeb.Endpoint.config_change(changed, removed)
+    :ok
+  end
+end

lib/ratelimit/base.ex

@@ -0,0 +1,11 @@
+defmodule Ratelimit.Base do
+  use HTTPoison.Base
+
+  @moduledoc """
+  This handles HTTP requests without api key (basic requests).
+  """
+
+  def process_request_headers(headers) do
+    [{"Content-Type", "application/json"} | headers]
+  end
+end

lib/ratelimit/helper/getip.ex

@@ -0,0 +1,23 @@
+defmodule Ratelimit.IP do
+  @doc """
+  Get the IP address of the current user visiting the route.
+  Formatted as a string: "123.456.78.9"
+  """
+  # {:ok, String.t()} | {:error, :api_down}
+  @spec getIP() :: {String.t() | :api_down}
+  def getIP() do
+    ip_url = "https://api.ipify.org/"
+
+    case Ratelimit.Base.get!(ip_url) do
+      %HTTPoison.Response{body: body, status_code: 200} ->
+        body
+
+      %HTTPoison.Response{status_code: status_code} when status_code > 399 ->
+        IO.inspect(status_code, label: "STATUS_CODE")
+        :error
+
+      _ ->
+        raise "APi down"
+    end
+  end
+end

lib/ratelimit/util/ratelimit.ex

@@ -0,0 +1,31 @@
+defmodule RatelimitWeb.Plugs.RateLimiter do
+  import Plug.Conn
+  use RatelimitWeb, :controller
+
+  alias Ratelimit.IP
+  require Logger
+
+  @limit 2
+
+  def init(options), do: options
+
+  def call(conn, _opts) do
+    ip = IP.getIP()
+
+    case Hammer.check_rate(ip, 60_000, @limit) do
+      {:allow, count} ->
+        assign(conn, :requests_count, count)
+
+      {:deny, _limit} ->
+        Logger.debug("Rate limit exceeded for #{inspect(ip)}")
+        error_response(conn)
+    end
+  end
+
+  defp error_response(conn) do
+    conn
+    |> put_status(:service_unavailable)
+    |> json(%{message: "Please wait before sending another request."})
+    |> halt()
+  end
+end