initial simple rate limiting

[BrianGreenhill]

Description

this is a very simple implementation of rate limiting for the imageproxy service.

Motivation

addresses #200

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here with @googlebot I signed it! and we'll verify it.

---

What to do if you already signed the CLA

Individual signers

• It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

• Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
• The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
• The email used to register you as an authorized contributor must also be attached to your GitHub account.

ℹ️ Googlers: Go here for more info.

[codecov]

Codecov Report

Merging #224 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #224   +/-   ##
=======================================
  Coverage   89.16%   89.16%           
=======================================
  Files           6        6           
  Lines         674      674           
=======================================
  Hits          601      601           
  Misses         50       50           
  Partials       23       23

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 00652fd...31e55a2. Read the comment docs.

[BrianGreenhill]

@googlebot I signed it!

[googlebot]

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

[willnorris]

Hey @BrianGreenhill, I'm finally catching up on outstanding PRs 😕

I'm curious what you think of the alternate approach in #235. Rather than wrapping the handler and limiting all requests like tollbooth does, I'd kind of like to be more surgical and limit just the requests that are likely to consume resources... namely, those that require transformations. If a response is already cached, there's probably not a need to limit it. (Though I guess the counter argument there is that if it's cached, then it's probably going to return very quickly, and won't block other requests for very long. hmm....)

[BrianGreenhill]

Hey @BrianGreenhill, I'm finally catching up on outstanding PRs confused

I'm curious what you think of the alternate approach in #235. Rather than wrapping the handler and limiting all requests like tollbooth does, I'd kind of like to be more surgical and limit just the requests that are likely to consume resources... namely, those that require transformations. If a response is already cached, there's probably not a need to limit it. (Though I guess the counter argument there is that if it's cached, then it's probably going to return very quickly, and won't block other requests for very long. hmm....)

@willnorris if we can be more specific and limit requests that we know will consume more resources then I think that's the better solution. I wonder if a global rate limiting flag as an upper bound for limiting rps may also be desirable for some users? However, this concern can also be handled in other ways and doesn't necessarily have to be the responsibility of the application.

Thanks for responding and please go ahead with the alternative approach here 👍