symfony
[RateLimiter][FrameworkBundle] Ability to configure `CompoundLimiter`
Description
Under framework.rate_limiter.limiters, add the ability to configure a CompoundLimiter.
Example
framework:
rate_limiter:
two_per_minute:
policy: 'fixed_window'
limit: 2
interval: '1 minute'
five_per_hour:
policy: 'fixed_window'
limit: 5
interval: '1 hour'
lock_factory: null
contact_form:
policy: 'compound'
limiters: [two_per_minute, five_per_hour]
Makes sense to me. Does that mean we should create a new chain factory instead, allowing us to iterate over all configured limiters for that composition?
Hmm, looking into https://symfony.com/doc/current/rate_limiter.html#rate-limiting-in-action it seems they might have different limiter strategies (by client IP, user ID, token, etc...) How do you think we should handle that for compound?
Does that mean we should create a new chain factory
I think this will be required, yeah - ~probably makes sense to also create a RateLimiterFactoryInterface?~ - this already exists
How do you think we should handle that for compound?
In the case of the configured compound limiter, the inner limiters would all be created with the same strategy - or I don't see how this could be configurable...
For something more complex, you'd need to manually create your compound limiter still.
@kbond as https://github.com/symfony/symfony/pull/59929 added the component-level code without wiring it in FrameworkBundle (for an unknown reason as we use a monorepo precisely to allow us to make this kind of change in a single PR), can you do another PR to finish the work so that it is actually usable in the 7.3 release ?
