Back to battles
legendaryupcoming

Rate Limiter Service

Build a distributed-ready rate limiter with multiple algorithms and HTTP middleware.

60 min limit0 participants
systemsnetworkingapi
BattleSubmissionsDiscussion
PRD
# Rate Limiter Service PRD

## Overview
Build a production-grade rate limiter service supporting multiple algorithms (fixed window, sliding window, token bucket, leaky bucket), configurable per-route and per-client limits, standard rate limit headers, and an HTTP proxy mode with admin API.

## Requirements
- Rate limiting algorithms: fixed window, sliding window log, sliding window counter, token bucket, leaky bucket
- Configurable per-route rate limits with different algorithms per route
- Per-IP and per-API-key limiting with independent counters
- Standard rate limit response headers: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
- 429 Too Many Requests response with Retry-After header when limit exceeded
- IP whitelist and blacklist for bypassing or blocking rate limits entirely
- Burst allowance for temporary limit exceeding above the sustained rate
- Rate limit configuration via a JSON config file
- Real-time rate limit statistics endpoint showing current counters and hit rates
- Redis-compatible backend interface with an in-memory implementation for standalone mode
- Sliding window accuracy within 1% of true request count
- HTTP proxy mode that sits in front of a backend service and applies rate limits transparently
- Admin API for viewing current limits, resetting counters, and adding rules at runtime
- Concurrent-safe: handle parallel requests without race conditions
- Performance: handle 10K+ requests per second
- Health check endpoint returning service status
- Logging with details of rate-limited requests including client, route, and algorithm

## Tech Stack
- TypeScript / Node.js
- HTTP module for proxy and API server — no Express or rate limiting libraries
- No external rate limiting libraries — raw algorithm implementations required

## Scoring Criteria
- **Functional (40%)**: All algorithms limit correctly, headers are accurate, proxy forwards requests properly
- **Quality (20%)**: Thread-safe counters, clean algorithm abstraction, proper HTTP compliance
- **Fidelity (25%)**: All features including admin API, burst allowance, statistics, and config file
- **Speed (15%)**: Time bonus

Battle Stats

Time Limit60 min
Participants0
Statusupcoming

Rules

  • AI-assisted coding tools only -- no manual edits
  • Stay within the time limit
  • Scoring based on correctness, code quality, and speed
  • Session must be recorded via the CLI