services/gateway/internal/middleware/rate_limiter.go

package middleware

import (
	"net/http"
	"sync"
	"time"

	"github.com/gin-gonic/gin"
)

// ipBucket is a per-IP sliding-window counter.
type ipBucket struct {
	mu     sync.Mutex
	times  []time.Time
	limit  int
	window time.Duration
}

func (b *ipBucket) allow() bool {
	b.mu.Lock()
	defer b.mu.Unlock()

	now := time.Now()
	cutoff := now.Add(-b.window)

	// Evict timestamps outside the window
	valid := b.times[:0]
	for _, t := range b.times {
		if t.After(cutoff) {
			valid = append(valid, t)
		}
	}
	b.times = valid

	if len(b.times) >= b.limit {
		return false
	}
	b.times = append(b.times, now)
	return true
}

// RateLimiter is a per-IP sliding-window rate limiter backed by sync.Map.
// It is safe for concurrent use and cleans up idle buckets automatically.
type RateLimiter struct {
	buckets sync.Map // string(ip) → *ipBucket
	limit   int
	window  time.Duration
}

// NewRateLimiter creates a limiter that allows up to limit requests per window
// per IP address.
func NewRateLimiter(limit int, window time.Duration) *RateLimiter {
	rl := &RateLimiter{limit: limit, window: window}
	go rl.gc()
	return rl
}

// gc periodically removes buckets that have had no activity for one full window.
func (rl *RateLimiter) gc() {
	ticker := time.NewTicker(rl.window)
	defer ticker.Stop()
	for range ticker.C {
		rl.buckets.Range(func(k, v any) bool {
			b := v.(*ipBucket)
			b.mu.Lock()
			if len(b.times) == 0 {
				rl.buckets.Delete(k)
			}
			b.mu.Unlock()
			return true
		})
	}
}

// Middleware returns a gin.HandlerFunc that enforces the rate limit.
func (rl *RateLimiter) Middleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		ip := c.ClientIP()
		v, _ := rl.buckets.LoadOrStore(ip, &ipBucket{
			times:  make([]time.Time, 0, rl.limit),
			limit:  rl.limit,
			window: rl.window,
		})
		b := v.(*ipBucket)
		if !b.allow() {
			c.AbortWithStatusJSON(http.StatusTooManyRequests, gin.H{
				"code":    "rate_limited",
				"message": "too many requests — slow down",
			})
			return
		}
		c.Next()
	}
}
feat: V2 microservices stack — backend services, gateway, JWT auth 2026-05-29 23:29:31 +03:30			`package middleware`

			`import (`
			`"net/http"`
			`"sync"`
			`"time"`

			`"github.com/gin-gonic/gin"`
			`)`

			`// ipBucket is a per-IP sliding-window counter.`
			`type ipBucket struct {`
			`mu sync.Mutex`
			`times []time.Time`
			`limit int`
			`window time.Duration`
			`}`

			`func (b *ipBucket) allow() bool {`
			`b.mu.Lock()`
			`defer b.mu.Unlock()`

			`now := time.Now()`
			`cutoff := now.Add(-b.window)`

			`// Evict timestamps outside the window`
			`valid := b.times[:0]`
			`for _, t := range b.times {`
			`if t.After(cutoff) {`
			`valid = append(valid, t)`
			`}`
			`}`
			`b.times = valid`

			`if len(b.times) >= b.limit {`
			`return false`
			`}`
			`b.times = append(b.times, now)`
			`return true`
			`}`

			`// RateLimiter is a per-IP sliding-window rate limiter backed by sync.Map.`
			`// It is safe for concurrent use and cleans up idle buckets automatically.`
			`type RateLimiter struct {`
			`buckets sync.Map // string(ip) → *ipBucket`
			`limit int`
			`window time.Duration`
			`}`

			`// NewRateLimiter creates a limiter that allows up to limit requests per window`
			`// per IP address.`
			`func NewRateLimiter(limit int, window time.Duration) *RateLimiter {`
			`rl := &RateLimiter{limit: limit, window: window}`
			`go rl.gc()`
			`return rl`
			`}`

			`// gc periodically removes buckets that have had no activity for one full window.`
			`func (rl *RateLimiter) gc() {`
			`ticker := time.NewTicker(rl.window)`
			`defer ticker.Stop()`
			`for range ticker.C {`
			`rl.buckets.Range(func(k, v any) bool {`
			`b := v.(*ipBucket)`
			`b.mu.Lock()`
			`if len(b.times) == 0 {`
			`rl.buckets.Delete(k)`
			`}`
			`b.mu.Unlock()`
			`return true`
			`})`
			`}`
			`}`

			`// Middleware returns a gin.HandlerFunc that enforces the rate limit.`
			`func (rl *RateLimiter) Middleware() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`ip := c.ClientIP()`
			`v, _ := rl.buckets.LoadOrStore(ip, &ipBucket{`
			`times: make([]time.Time, 0, rl.limit),`
			`limit: rl.limit,`
			`window: rl.window,`
			`})`
			`b := v.(*ipBucket)`
			`if !b.allow() {`
			`c.AbortWithStatusJSON(http.StatusTooManyRequests, gin.H{`
			`"code": "rate_limited",`
			`"message": "too many requests — slow down",`
			`})`
			`return`
			`}`
			`c.Next()`
			`}`
			`}`