@thirdweb-dev/service-utils 0.0.0-dev-8dbcee9-20230925135804 → 0.0.0-dev-0231c73-20230926212531

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.dev.js

@@ -2,7 +2,7 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var index = require('../../dist/index-807f6a60.cjs.dev.js');
+var index = require('../../dist/index-6a597a58.cjs.dev.js');
 var aws4fetch = require('aws4fetch');
 var zod = require('zod');
 var services = require('../../dist/services-79b4664f.cjs.dev.js');
@@ -91,8 +91,6 @@ async function publishUsageEvents(usageEvents, config) {
 }
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;
-// must be > DEFAULT_RATE_LIMIT_WINDOW_SECONDS
-const DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS = 60;
 async function authorizeWorker(authInput, serviceConfig) {
   let authData;
   try {
@@ -124,14 +122,6 @@ async function authorizeWorker(authInput, serviceConfig) {
     cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS
   });
 }
-async function rateLimitWorker(authzResult, serviceConfig) {
-  return await index.rateLimit(authzResult, serviceConfig, {
-    get: async bucketId => serviceConfig.kvStore.get(bucketId),
-    put: (bucketId, count) => serviceConfig.kvStore.put(bucketId, count, {
-      expirationTtl: DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS
-    })
-  });
-}
 async function extractAuthorizationData(authInput) {
   const requestUrl = new URL(authInput.req.url);
   const headers = authInput.req.headers;
@@ -259,4 +249,3 @@ exports.extractAuthorizationData = extractAuthorizationData;
 exports.hashSecretKey = hashSecretKey;
 exports.logHttpRequest = logHttpRequest;
 exports.publishUsageEvents = publishUsageEvents;
-exports.rateLimitWorker = rateLimitWorker;

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.prod.js

@@ -2,7 +2,7 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var index = require('../../dist/index-cfc8027b.cjs.prod.js');
+var index = require('../../dist/index-30f0f58c.cjs.prod.js');
 var aws4fetch = require('aws4fetch');
 var zod = require('zod');
 var services = require('../../dist/services-04997839.cjs.prod.js');
@@ -91,8 +91,6 @@ async function publishUsageEvents(usageEvents, config) {
 }
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;
-// must be > DEFAULT_RATE_LIMIT_WINDOW_SECONDS
-const DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS = 60;
 async function authorizeWorker(authInput, serviceConfig) {
   let authData;
   try {
@@ -124,14 +122,6 @@ async function authorizeWorker(authInput, serviceConfig) {
     cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS
   });
 }
-async function rateLimitWorker(authzResult, serviceConfig) {
-  return await index.rateLimit(authzResult, serviceConfig, {
-    get: async bucketId => serviceConfig.kvStore.get(bucketId),
-    put: (bucketId, count) => serviceConfig.kvStore.put(bucketId, count, {
-      expirationTtl: DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS
-    })
-  });
-}
 async function extractAuthorizationData(authInput) {
   const requestUrl = new URL(authInput.req.url);
   const headers = authInput.req.headers;
@@ -259,4 +249,3 @@ exports.extractAuthorizationData = extractAuthorizationData;
 exports.hashSecretKey = hashSecretKey;
 exports.logHttpRequest = logHttpRequest;
 exports.publishUsageEvents = publishUsageEvents;
-exports.rateLimitWorker = rateLimitWorker;

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js

@@ -1,5 +1,5 @@
-import { a as authorize, r as rateLimit } from '../../dist/index-bcf68113.esm.js';
-export { r as rateLimit, u as usageLimit } from '../../dist/index-bcf68113.esm.js';
+import { a as authorize } from '../../dist/index-cd8f49a9.esm.js';
+export { r as rateLimit, u as usageLimit } from '../../dist/index-cd8f49a9.esm.js';
 import { AwsClient } from 'aws4fetch';
 import { z } from 'zod';
 export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-bc12a5f6.esm.js';
@@ -88,8 +88,6 @@ async function publishUsageEvents(usageEvents, config) {
 }
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;
-// must be > DEFAULT_RATE_LIMIT_WINDOW_SECONDS
-const DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS = 60;
 async function authorizeWorker(authInput, serviceConfig) {
   let authData;
   try {
@@ -121,14 +119,6 @@ async function authorizeWorker(authInput, serviceConfig) {
     cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS
   });
 }
-async function rateLimitWorker(authzResult, serviceConfig) {
-  return await rateLimit(authzResult, serviceConfig, {
-    get: async bucketId => serviceConfig.kvStore.get(bucketId),
-    put: (bucketId, count) => serviceConfig.kvStore.put(bucketId, count, {
-      expirationTtl: DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS
-    })
-  });
-}
 async function extractAuthorizationData(authInput) {
   const requestUrl = new URL(authInput.req.url);
   const headers = authInput.req.headers;
@@ -244,4 +234,4 @@ async function logHttpRequest(_ref) {
   }
 }
 
-export { authorizeWorker, deriveClientIdFromSecretKeyHash, extractAuthorizationData, hashSecretKey, logHttpRequest, publishUsageEvents, rateLimitWorker };
+export { authorizeWorker, deriveClientIdFromSecretKeyHash, extractAuthorizationData, hashSecretKey, logHttpRequest, publishUsageEvents };

package/dist/declarations/src/cf-worker/index.d.ts

@@ -3,7 +3,6 @@ import type { CoreServiceConfig } from "../core/api";
 import type { Request } from "@cloudflare/workers-types";
 import type { AuthorizationInput } from "../core/authorize";
 import type { AuthorizationResult } from "../core/authorize/types";
-import type { RateLimitResult } from "../core/rateLimit/types";
 import type { CoreAuthInput } from "../core/types";
 export * from "./usage";
 export * from "../core/services";
@@ -18,7 +17,6 @@ type AuthInput = CoreAuthInput & {
     req: Request;
 };
 export declare function authorizeWorker(authInput: AuthInput, serviceConfig: WorkerServiceConfig): Promise<AuthorizationResult>;
-export declare function rateLimitWorker(authzResult: AuthorizationResult, serviceConfig: WorkerServiceConfig): Promise<RateLimitResult>;
 export declare function extractAuthorizationData(authInput: AuthInput): Promise<AuthorizationInput>;
 export declare function hashSecretKey(secretKey: string): Promise<string>;
 export declare function deriveClientIdFromSecretKeyHash(secretKeyHash: string): string;

package/dist/declarations/src/cf-worker/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/cf-worker","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACT,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAGV,iBAAiB,EAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,cAAc,SAAS,CAAC;AACxB,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AAEnC,MAAM,MAAM,mBAAmB,GAAG,iBAAiB,GAAG;IACpD,OAAO,EAAE,WAAW,CAAC;IACrB,GAAG,EAAE,gBAAgB,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAMF,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,GAAG,EAAE,OAAO,CAAC;CACd,CAAC;AAEF,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,mBAAmB,CAAC,CA0C9B;AAED,wBAAsB,eAAe,CACnC,WAAW,EAAE,mBAAmB,EAChC,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,eAAe,CAAC,CAQ1B;AAED,wBAAsB,wBAAwB,CAC5C,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,kBAAkB,CAAC,CA2E7B;AAED,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,mBAIpD;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE;AAQD,wBAAsB,cAAc,CAAC,EACnC,MAAM,EACN,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,GACd,EAAE,SAAS,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,QAAQ,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CAChC,iBAwBA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/cf-worker","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACT,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAGV,iBAAiB,EAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,cAAc,SAAS,CAAC;AACxB,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AAEnC,MAAM,MAAM,mBAAmB,GAAG,iBAAiB,GAAG;IACpD,OAAO,EAAE,WAAW,CAAC;IACrB,GAAG,EAAE,gBAAgB,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAIF,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,GAAG,EAAE,OAAO,CAAC;CACd,CAAC;AAEF,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,mBAAmB,CAAC,CA0C9B;AAED,wBAAsB,wBAAwB,CAC5C,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,kBAAkB,CAAC,CA2E7B;AAED,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,mBAIpD;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE;AAQD,wBAAsB,cAAc,CAAC,EACnC,MAAM,EACN,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,GACd,EAAE,SAAS,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,QAAQ,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CAChC,iBAwBA"}

package/dist/declarations/src/core/rateLimit/index.d.ts

@@ -1,10 +1,20 @@
 import { CoreServiceConfig } from "../api";
 import { AuthorizationResult } from "../authorize/types";
 import { RateLimitResult } from "./types";
-type CacheOptions = {
-    get: (bucketId: string) => Promise<string | null>;
-    put: (bucketId: string, count: string) => Promise<void> | void;
+type IRedis = {
+    incr: (key: string) => Promise<number>;
+    expire: (key: string, ttlSeconds: number) => Promise<0 | 1>;
 };
-export declare function rateLimit(authzResult: AuthorizationResult, serviceConfig: CoreServiceConfig, cacheOptions: CacheOptions): Promise<RateLimitResult>;
+export declare function rateLimit(args: {
+    authzResult: AuthorizationResult;
+    serviceConfig: CoreServiceConfig;
+    redis: IRedis;
+    /**
+     * Sample requests to reduce load on Redis.
+     * This scales down the request count and the rate limit threshold.
+     * @default 1.0
+     */
+    sampleRate?: number;
+}): Promise<RateLimitResult>;
 export {};
 //# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/core/rateLimit/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/rateLimit","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAuB,MAAM,QAAQ,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAK1C,KAAK,YAAY,GAAG;IAClB,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAChE,CAAC;AAEF,wBAAsB,SAAS,CAC7B,WAAW,EAAE,mBAAmB,EAChC,aAAa,EAAE,iBAAiB,EAChC,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,eAAe,CAAC,CAuD1B"}
+{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/rateLimit","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAuB,MAAM,QAAQ,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAK1C,KAAK,MAAM,GAAG;IACZ,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;CAC7D,CAAC;AAEF,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,WAAW,EAAE,mBAAmB,CAAC;IACjC,aAAa,EAAE,iBAAiB,CAAC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,eAAe,CAAC,CAiE3B"}

package/dist/declarations/src/core/rateLimit/types.d.ts

@@ -1,6 +1,8 @@
 export type RateLimitResult = {
+    requestCount: number;
     rateLimited: false;
 } | {
+    requestCount: number;
     rateLimited: true;
     status: number;
     errorMessage: string;

package/dist/declarations/src/core/rateLimit/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"../../../../../src/core/rateLimit","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GACvB;IACE,WAAW,EAAE,KAAK,CAAC;CACpB,GACD;IACE,WAAW,EAAE,IAAI,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"../../../../../src/core/rateLimit","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GACvB;IACE,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,KAAK,CAAC;CACpB,GACD;IACE,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,IAAI,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/dist/{index-807f6a60.cjs.dev.js → index-30f0f58c.cjs.prod.js}

@@ -449,12 +449,21 @@ async function authorize(authData, serviceConfig, cacheOptions) {
   };
 }
 
-const DEFAULT_RATE_LIMIT_WINDOW_SECONDS = 10;
-const HARD_LIMIT_MULTIPLE = 2; // 2x of allowed limit
+const RATE_LIMIT_WINDOW_SECONDS = 10;
 
-async function rateLimit(authzResult, serviceConfig, cacheOptions) {
-  if (!authzResult.authorized) {
+// Redis interface compatible with ioredis (Node) and upstash (Cloudflare Workers).
+
+async function rateLimit(args) {
+  const {
+    authzResult,
+    serviceConfig,
+    redis,
+    sampleRate = 1.0
+  } = args;
+  const shouldCountRequest = Math.random() < sampleRate;
+  if (!shouldCountRequest || !authzResult.authorized) {
     return {
+      requestCount: 0,
       rateLimited: false
     };
   }
@@ -462,48 +471,54 @@ async function rateLimit(authzResult, serviceConfig, cacheOptions) {
     apiKeyMeta,
     accountMeta
   } = authzResult;
-  const {
-    rateLimits
-  } = apiKeyMeta || accountMeta || {};
   const accountId = apiKeyMeta?.accountId || accountMeta?.id;
   const {
     serviceScope
   } = serviceConfig;
-  if (!rateLimits || !(serviceScope in rateLimits)) {
+  const {
+    rateLimits
+  } = apiKeyMeta || accountMeta || {};
+  const limitPerSecond = rateLimits?.[serviceScope];
+  if (!limitPerSecond) {
     // No rate limit is provided. Assume the request is not rate limited.
     return {
+      requestCount: 0,
       rateLimited: false
     };
   }
-  const limit = rateLimits[serviceScope];
 
-  // Floors the current time to the nearest DEFAULT_RATE_LIMIT_WINDOW_SECONDS.
-  const bucketId = Math.floor(Date.now() / (1000 * DEFAULT_RATE_LIMIT_WINDOW_SECONDS)) * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
-  const key = [serviceScope, accountId, bucketId].join(":");
-  const value = parseInt((await cacheOptions.get(key)) || "0");
-  const current = value + 1;
+  // Gets the 10-second window for the current timestamp.
+  const timestampWindow = Math.floor(Date.now() / (1000 * RATE_LIMIT_WINDOW_SECONDS)) * RATE_LIMIT_WINDOW_SECONDS;
+  const key = `rate-limit:${serviceScope}:${accountId}:${timestampWindow}`;
+
+  // Increment and get the current request count in this window.
+  const requestCount = await redis.incr(key);
+  if (requestCount === 1) {
+    // For the first increment, set an expiration to clean up this key.
+    await redis.expire(key, RATE_LIMIT_WINDOW_SECONDS);
+  }
 
-  // limit is in seconds, but we need in DEFAULT_RATE_LIMIT_WINDOW_SECONDS
-  const limitWindow = limit * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
-  if (current > limitWindow) {
-    // report rate limit hits
+  // Get the limit for this window accounting for the sample rate.
+  const limitPerWindow = limitPerSecond * sampleRate * RATE_LIMIT_WINDOW_SECONDS;
+  if (requestCount > limitPerWindow) {
+    // Report rate limit hits.
     if (apiKeyMeta?.id) {
       await updateRateLimitedAt(apiKeyMeta.id, serviceConfig);
     }
 
-    // actually rate limit only when reached hard limit
-    if (current > limitWindow * HARD_LIMIT_MULTIPLE) {
+    // Reject requests when they've exceeded 2x the rate limit.
+    if (requestCount > 2 * limitPerWindow) {
       return {
+        requestCount,
         rateLimited: true,
         status: 429,
-        errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limit} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+        errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limitPerSecond} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
         errorCode: "RATE_LIMIT_EXCEEDED"
       };
     }
-  } else {
-    await cacheOptions.put(key, current.toString());
   }
   return {
+    requestCount,
     rateLimited: false
   };
 }

package/dist/{index-cfc8027b.cjs.prod.js → index-6a597a58.cjs.dev.js}

@@ -449,12 +449,21 @@ async function authorize(authData, serviceConfig, cacheOptions) {
   };
 }
 
-const DEFAULT_RATE_LIMIT_WINDOW_SECONDS = 10;
-const HARD_LIMIT_MULTIPLE = 2; // 2x of allowed limit
+const RATE_LIMIT_WINDOW_SECONDS = 10;
 
-async function rateLimit(authzResult, serviceConfig, cacheOptions) {
-  if (!authzResult.authorized) {
+// Redis interface compatible with ioredis (Node) and upstash (Cloudflare Workers).
+
+async function rateLimit(args) {
+  const {
+    authzResult,
+    serviceConfig,
+    redis,
+    sampleRate = 1.0
+  } = args;
+  const shouldCountRequest = Math.random() < sampleRate;
+  if (!shouldCountRequest || !authzResult.authorized) {
     return {
+      requestCount: 0,
       rateLimited: false
     };
   }
@@ -462,48 +471,54 @@ async function rateLimit(authzResult, serviceConfig, cacheOptions) {
     apiKeyMeta,
     accountMeta
   } = authzResult;
-  const {
-    rateLimits
-  } = apiKeyMeta || accountMeta || {};
   const accountId = apiKeyMeta?.accountId || accountMeta?.id;
   const {
     serviceScope
   } = serviceConfig;
-  if (!rateLimits || !(serviceScope in rateLimits)) {
+  const {
+    rateLimits
+  } = apiKeyMeta || accountMeta || {};
+  const limitPerSecond = rateLimits?.[serviceScope];
+  if (!limitPerSecond) {
     // No rate limit is provided. Assume the request is not rate limited.
     return {
+      requestCount: 0,
       rateLimited: false
     };
   }
-  const limit = rateLimits[serviceScope];
 
-  // Floors the current time to the nearest DEFAULT_RATE_LIMIT_WINDOW_SECONDS.
-  const bucketId = Math.floor(Date.now() / (1000 * DEFAULT_RATE_LIMIT_WINDOW_SECONDS)) * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
-  const key = [serviceScope, accountId, bucketId].join(":");
-  const value = parseInt((await cacheOptions.get(key)) || "0");
-  const current = value + 1;
+  // Gets the 10-second window for the current timestamp.
+  const timestampWindow = Math.floor(Date.now() / (1000 * RATE_LIMIT_WINDOW_SECONDS)) * RATE_LIMIT_WINDOW_SECONDS;
+  const key = `rate-limit:${serviceScope}:${accountId}:${timestampWindow}`;
+
+  // Increment and get the current request count in this window.
+  const requestCount = await redis.incr(key);
+  if (requestCount === 1) {
+    // For the first increment, set an expiration to clean up this key.
+    await redis.expire(key, RATE_LIMIT_WINDOW_SECONDS);
+  }
 
-  // limit is in seconds, but we need in DEFAULT_RATE_LIMIT_WINDOW_SECONDS
-  const limitWindow = limit * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
-  if (current > limitWindow) {
-    // report rate limit hits
+  // Get the limit for this window accounting for the sample rate.
+  const limitPerWindow = limitPerSecond * sampleRate * RATE_LIMIT_WINDOW_SECONDS;
+  if (requestCount > limitPerWindow) {
+    // Report rate limit hits.
     if (apiKeyMeta?.id) {
       await updateRateLimitedAt(apiKeyMeta.id, serviceConfig);
     }
 
-    // actually rate limit only when reached hard limit
-    if (current > limitWindow * HARD_LIMIT_MULTIPLE) {
+    // Reject requests when they've exceeded 2x the rate limit.
+    if (requestCount > 2 * limitPerWindow) {
       return {
+        requestCount,
         rateLimited: true,
         status: 429,
-        errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limit} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+        errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limitPerSecond} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
         errorCode: "RATE_LIMIT_EXCEEDED"
       };
     }
-  } else {
-    await cacheOptions.put(key, current.toString());
   }
   return {
+    requestCount,
     rateLimited: false
   };
 }

package/dist/{index-bcf68113.esm.js → index-cd8f49a9.esm.js}

@@ -447,12 +447,21 @@ async function authorize(authData, serviceConfig, cacheOptions) {
   };
 }
 
-const DEFAULT_RATE_LIMIT_WINDOW_SECONDS = 10;
-const HARD_LIMIT_MULTIPLE = 2; // 2x of allowed limit
+const RATE_LIMIT_WINDOW_SECONDS = 10;
 
-async function rateLimit(authzResult, serviceConfig, cacheOptions) {
-  if (!authzResult.authorized) {
+// Redis interface compatible with ioredis (Node) and upstash (Cloudflare Workers).
+
+async function rateLimit(args) {
+  const {
+    authzResult,
+    serviceConfig,
+    redis,
+    sampleRate = 1.0
+  } = args;
+  const shouldCountRequest = Math.random() < sampleRate;
+  if (!shouldCountRequest || !authzResult.authorized) {
     return {
+      requestCount: 0,
       rateLimited: false
     };
   }
@@ -460,48 +469,54 @@ async function rateLimit(authzResult, serviceConfig, cacheOptions) {
     apiKeyMeta,
     accountMeta
   } = authzResult;
-  const {
-    rateLimits
-  } = apiKeyMeta || accountMeta || {};
   const accountId = apiKeyMeta?.accountId || accountMeta?.id;
   const {
     serviceScope
   } = serviceConfig;
-  if (!rateLimits || !(serviceScope in rateLimits)) {
+  const {
+    rateLimits
+  } = apiKeyMeta || accountMeta || {};
+  const limitPerSecond = rateLimits?.[serviceScope];
+  if (!limitPerSecond) {
     // No rate limit is provided. Assume the request is not rate limited.
     return {
+      requestCount: 0,
       rateLimited: false
     };
   }
-  const limit = rateLimits[serviceScope];
 
-  // Floors the current time to the nearest DEFAULT_RATE_LIMIT_WINDOW_SECONDS.
-  const bucketId = Math.floor(Date.now() / (1000 * DEFAULT_RATE_LIMIT_WINDOW_SECONDS)) * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
-  const key = [serviceScope, accountId, bucketId].join(":");
-  const value = parseInt((await cacheOptions.get(key)) || "0");
-  const current = value + 1;
+  // Gets the 10-second window for the current timestamp.
+  const timestampWindow = Math.floor(Date.now() / (1000 * RATE_LIMIT_WINDOW_SECONDS)) * RATE_LIMIT_WINDOW_SECONDS;
+  const key = `rate-limit:${serviceScope}:${accountId}:${timestampWindow}`;
+
+  // Increment and get the current request count in this window.
+  const requestCount = await redis.incr(key);
+  if (requestCount === 1) {
+    // For the first increment, set an expiration to clean up this key.
+    await redis.expire(key, RATE_LIMIT_WINDOW_SECONDS);
+  }
 
-  // limit is in seconds, but we need in DEFAULT_RATE_LIMIT_WINDOW_SECONDS
-  const limitWindow = limit * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
-  if (current > limitWindow) {
-    // report rate limit hits
+  // Get the limit for this window accounting for the sample rate.
+  const limitPerWindow = limitPerSecond * sampleRate * RATE_LIMIT_WINDOW_SECONDS;
+  if (requestCount > limitPerWindow) {
+    // Report rate limit hits.
     if (apiKeyMeta?.id) {
       await updateRateLimitedAt(apiKeyMeta.id, serviceConfig);
     }
 
-    // actually rate limit only when reached hard limit
-    if (current > limitWindow * HARD_LIMIT_MULTIPLE) {
+    // Reject requests when they've exceeded 2x the rate limit.
+    if (requestCount > 2 * limitPerWindow) {
       return {
+        requestCount,
         rateLimited: true,
         status: 429,
-        errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limit} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+        errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limitPerSecond} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
         errorCode: "RATE_LIMIT_EXCEEDED"
       };
     }
-  } else {
-    await cacheOptions.put(key, current.toString());
   }
   return {
+    requestCount,
     rateLimited: false
   };
 }

package/node/dist/thirdweb-dev-service-utils-node.cjs.dev.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var node_crypto = require('node:crypto');
-var index = require('../../dist/index-807f6a60.cjs.dev.js');
+var index = require('../../dist/index-6a597a58.cjs.dev.js');
 var services = require('../../dist/services-79b4664f.cjs.dev.js');
 
 /**

package/node/dist/thirdweb-dev-service-utils-node.cjs.prod.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var node_crypto = require('node:crypto');
-var index = require('../../dist/index-cfc8027b.cjs.prod.js');
+var index = require('../../dist/index-30f0f58c.cjs.prod.js');
 var services = require('../../dist/services-04997839.cjs.prod.js');
 
 /**

package/node/dist/thirdweb-dev-service-utils-node.esm.js

@@ -1,6 +1,6 @@
 import { createHash } from 'node:crypto';
-import { a as authorize } from '../../dist/index-bcf68113.esm.js';
-export { r as rateLimit, u as usageLimit } from '../../dist/index-bcf68113.esm.js';
+import { a as authorize } from '../../dist/index-cd8f49a9.esm.js';
+export { r as rateLimit, u as usageLimit } from '../../dist/index-cd8f49a9.esm.js';
 export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-bc12a5f6.esm.js';
 
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thirdweb-dev/service-utils",
-  "version": "0.0.0-dev-8dbcee9-20230925135804",
+  "version": "0.0.0-dev-0231c73-20230926212531",
   "main": "dist/thirdweb-dev-service-utils.cjs.js",
   "module": "dist/thirdweb-dev-service-utils.esm.js",
   "exports": {