feat: add possibility to fail open on storage error

Changelog:
* Add possiblity to configure to skip rate limiting on storage error. Can be configured globally by setting the `noxlogic_rate_limit.fail_open` parameter and/or per `#[RateLimit(failOpen: true)]` Attribute
* Added `RateLimitStorageExceptionInterface` as possible exception to `StorageInterface` methods

Author: orlandothoeny

Attribute/RateLimit.php

@@ -26,7 +26,15 @@ public function __construct(
         /**
          * @var mixed Generic payload
          */
-        public mixed $payload = null
+        public mixed $payload = null,
+
+        /**
+         * @var bool|null Defines if the rate limiter blocks the request when a technical problem occurs (default).
+         *                For example, when the Redis database which is used as a rate limit storage is down.
+         *                If set to `false`, the request is allowed to proceed even if the rate limiter cannot determine if the rate limit has been exceeded.
+         *                `null` means that the globally-configured default should be used
+         */
+        public ?bool $failOpen = null
     ) {
         // @RateLimit annotation used to support single method passed as string, keep that for retrocompatibility
         if (!is_array($methods)) {
@@ -75,4 +83,9 @@ public function setPayload(mixed $payload): void
     {
         $this->payload = $payload;
     }
+
+    public function setFailOpen(bool $failOpen): void
+    {
+        $this->failOpen = $failOpen;
+    }
 }

DependencyInjection/Configuration.php

@@ -135,6 +135,11 @@ public function getConfigTreeBuilder(): TreeBuilder
                         ->end()
                     ->end()
                 ->end()
+                ->booleanNode('fail_open')
+                    ->defaultFalse()
+                    ->treatNullLike(false)
+                    ->info('Defines if the rate limiter blocks the request when a technical problem occurs')
+                ->end()
                 ->booleanNode('fos_oauth_key_listener')
                     ->defaultTrue()
                     ->info('Enabled the FOS OAuthServerBundle listener')

DependencyInjection/NoxlogicRateLimitExtension.php

@@ -45,6 +45,8 @@ private function loadServices(ContainerBuilder $container, array $config): void
 
         $container->setParameter('noxlogic_rate_limit.path_limits', $config['path_limits']);
 
+        $container->setParameter('noxlogic_rate_limit.fail_open', $config['fail_open']);
+
         switch ($config['storage_engine']) {
             case 'memcache':
                 $container->setParameter('noxlogic_rate_limit.storage.class', 'Noxlogic\RateLimitBundle\Service\Storage\Memcache');

EventListener/RateLimitAnnotationListener.php

@@ -7,6 +7,7 @@
 use Noxlogic\RateLimitBundle\Events\GenerateKeyEvent;
 use Noxlogic\RateLimitBundle\Events\RateLimitEvents;
 use Noxlogic\RateLimitBundle\Exception\RateLimitExceptionInterface;
+use Noxlogic\RateLimitBundle\Exception\Storage\RateLimitStorageExceptionInterface;
 use Noxlogic\RateLimitBundle\Service\RateLimitService;
 use Noxlogic\RateLimitBundle\Util\PathLimitProcessor;
 use Symfony\Component\HttpFoundation\Request;
@@ -33,6 +34,9 @@ public function __construct(
         $this->pathLimitProcessor = $pathLimitProcessor;
     }
 
+    /**
+     * @throws RateLimitStorageExceptionInterface
+     */
     public function onKernelController(ControllerEvent $event): void
     {
         // Skip if the bundle isn't enabled (for instance in test environment)
@@ -68,31 +72,39 @@ public function onKernelController(ControllerEvent $event): void
 
         $key = $this->getKey($event, $rateLimit, $rateLimits);
 
-        // Ratelimit the call
-        $rateLimitInfo = $this->rateLimitService->limitRate($key);
-        if (! $rateLimitInfo) {
-            // Create new rate limit entry for this call
-            $rateLimitInfo = $this->rateLimitService->createRate($key, $rateLimit->getLimit(), $rateLimit->getPeriod());
+        $shouldFailOpenOnStorageError = $rateLimit->failOpen ?? $this->getParameter('fail_open', false);
+        try {
+            // Ratelimit the call
+            $rateLimitInfo = $this->rateLimitService->limitRate($key);
             if (! $rateLimitInfo) {
-                // @codeCoverageIgnoreStart
-                return;
-                // @codeCoverageIgnoreEnd
+                // Create new rate limit entry for this call
+                $rateLimitInfo = $this->rateLimitService->createRate($key, $rateLimit->getLimit(), $rateLimit->getPeriod());
+                if (! $rateLimitInfo) {
+                    // @codeCoverageIgnoreStart
+                    return;
+                    // @codeCoverageIgnoreEnd
+                }
             }
-        }
-
 
-        // Store the current rating info in the request attributes
-        $request->attributes->set('rate_limit_info', $rateLimitInfo);
-
-        // Reset the rate limits
-        if(time() >= $rateLimitInfo->getResetTimestamp()) {
-            $this->rateLimitService->resetRate($key);
-            $rateLimitInfo = $this->rateLimitService->createRate($key, $rateLimit->getLimit(), $rateLimit->getPeriod());
-            if (! $rateLimitInfo) {
-                // @codeCoverageIgnoreStart
+            // Store the current rating info in the request attributes
+            $request->attributes->set('rate_limit_info', $rateLimitInfo);
+
+            // Reset the rate limits
+            if(time() >= $rateLimitInfo->getResetTimestamp()) {
+                $this->rateLimitService->resetRate($key);
+                $rateLimitInfo = $this->rateLimitService->createRate($key, $rateLimit->getLimit(), $rateLimit->getPeriod());
+                if (! $rateLimitInfo) {
+                    // @codeCoverageIgnoreStart
+                    return;
+                    // @codeCoverageIgnoreEnd
+                }
+            }
+        } catch (RateLimitStorageExceptionInterface $storageException) {
+            if ($shouldFailOpenOnStorageError) {
                 return;
-                // @codeCoverageIgnoreEnd
             }
+
+            throw $storageException;
         }
 
         // When we exceeded our limit, return a custom error response

Exception/Storage/CreateRateRateLimitStorageException.php

@@ -0,0 +1,15 @@
+<?php
+declare(strict_types=1);
+
+namespace Noxlogic\RateLimitBundle\Exception\Storage;
+
+/**
+ * @internal BC promise does not cover this class. Do not use directly
+ */
+final class CreateRateRateLimitStorageException extends RateLimitStorageException
+{
+    public function __construct(\Throwable $previous)
+    {
+        parent::__construct('Failed to create rate limit', $previous);
+    }
+}

Exception/Storage/GetRateInfoRateLimitStorageException.php

@@ -0,0 +1,15 @@
+<?php
+declare(strict_types=1);
+
+namespace Noxlogic\RateLimitBundle\Exception\Storage;
+
+/**
+ * @internal BC promise does not cover this class. Do not use directly
+ */
+final class GetRateInfoRateLimitStorageException extends RateLimitStorageException
+{
+    public function __construct(\Throwable $previous)
+    {
+        parent::__construct('Failed to get rate limit info', $previous);
+    }
+}

Exception/Storage/LimitRateRateLimitStorageException.php

@@ -0,0 +1,15 @@
+<?php
+declare(strict_types=1);
+
+namespace Noxlogic\RateLimitBundle\Exception\Storage;
+
+/**
+ * @internal BC promise does not cover this class. Do not use directly
+ */
+final class LimitRateRateLimitStorageException extends RateLimitStorageException
+{
+    public function __construct(\Throwable $previous)
+    {
+        parent::__construct('Failed to apply rate limit', $previous);
+    }
+}

Exception/Storage/RateLimitStorageException.php

@@ -0,0 +1,21 @@
+<?php
+declare(strict_types=1);
+
+namespace Noxlogic\RateLimitBundle\Exception\Storage;
+
+/**
+ * @internal BC promise does not cover this class. Do not use directly
+ */
+abstract class RateLimitStorageException extends \Exception implements RateLimitStorageExceptionInterface
+{
+    public function __construct(string $problemDescription, \Throwable $previous)
+    {
+        $message = \sprintf('Rate limit storage: %s', $problemDescription);
+
+        if ($previous->getMessage()) {
+            $message .= \sprintf(': %s', $previous->getMessage());
+        }
+
+        parent::__construct($message, previous: $previous);
+    }
+}

Exception/Storage/RateLimitStorageExceptionInterface.php

@@ -0,0 +1,12 @@
+<?php
+declare(strict_types=1);
+
+namespace Noxlogic\RateLimitBundle\Exception\Storage;
+
+/**
+ * A technical problem happened at the storage-level
+ */
+interface RateLimitStorageExceptionInterface extends \Throwable
+{
+
+}

Exception/Storage/ResetRateRateLimitStorageException.php

@@ -0,0 +1,15 @@
+<?php
+declare(strict_types=1);
+
+namespace Noxlogic\RateLimitBundle\Exception\Storage;
+
+/**
+ * @internal BC promise does not cover this class. Do not use directly
+ */
+final class ResetRateRateLimitStorageException extends RateLimitStorageException
+{
+    public function __construct(\Throwable $previous)
+    {
+        parent::__construct('Failed to reset rate', $previous);
+    }
+}