Allows limiter headers to be written via setting instead of sending them at all times #15

[go-aegian]

The headers output by this middleware "X-RateLimit-Limit", "X-RateLimit-Remaining", "X-RateLimit-Reset", "Retry-After" should be output depending on a configuration for it.

[mwodrich]

This PR would be very useful to me!

[pkieltyka]

@mwodrich so the request here is to make the response headers with ratelimit info optional? such that, the rate limits aren't returned to the client, and are invisible to clients...?

just wondering why you guys would like this?

[mwodrich]

These headers are very useful for coordinating rates with a cooperative client that just needs to bound resource usage over time, but in a scenario where the rate limits are set to limit the impact of malicious actors, I don't believe it is valuable or appropriate to give them any information about the state or configuration of the rate limiter.

[pkieltyka]

Indeed, makes sense.

[VojtechVitek]

@go-aegian I think it'd be fine to accept the new func WithHeaders(on bool) Option {}, though :)

[VojtechVitek]

Please see https://github.com/go-chi/httprate/pull/31.

You can now omit all headers via:

httprate.Limit(
	1000,
	time.Minute,
	httprate.WithResponseHeaders(httprate.ResponseHeaders{}),
)

You can also customize or omit individual headers:

httprate.Limit(
            1000,
            time.Minute,
            httprate.WithResponseHeaders(httprate.ResponseHeaders{
                    Limit:      "", // omit
                    Remaining:  "", // omit
                    Increment:  "", // omit
                    Reset:      "X-RateLimit-Reset",
                    RetryAfter: "Retry-After",
            }),
    )