feat(command): rate limiting with gcra command#3740
Conversation
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
ndyakov
force-pushed
the
ndyakov/gcra-cmd
branch
2 times, most recently
from
e4b3c6d to
289d6e1
Compare
ndyakov
force-pushed
the
ndyakov/gcra-cmd
branch
from
289d6e1 to
5595ab9
Compare
ndyakov
changed the title
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
I would prefer to merge other PRs and release a version before including this one (or any other 8.8 related changes) in master. |
use proper image for 8.6
| if err != nil { | ||
| return err | ||
| } | ||
| cmd.val.FullBurstAfter = fullBurstAfter |
There was a problem hiding this comment.
ReadInt used for RESP double fields in reply
High Severity
The Redis GCRA command returns reply_after and full_burst_after as RESP doubles (using addReplyDouble on the server side), but readReply uses rd.ReadInt() to parse them. The ReadInt method doesn't handle the RespFloat wire type, so it will always fail with a parse error when reaching the 4th element. Additionally, RetryAfter and FullBurstAfter in GCRAResult are typed int64 but need to be float64 to hold the double values returned by the server.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit d443382. Configure here.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 899776c. Configure here.
| // Add TOKENS if specified and not default | ||
| if args.Tokens != 1 { | ||
| cmdArgs = append(cmdArgs, "TOKENS", args.Tokens) | ||
| } |
There was a problem hiding this comment.
Zero-value Tokens causes unexpected Redis error
High Severity
The condition args.Tokens != 1 treats Go's zero-value (0) for the Tokens field as an explicit user choice, sending TOKENS 0 to Redis which rejects it as "out of range". When a user constructs GCRAArgs without setting Tokens, the field defaults to 0, not the documented default of 1. This means any caller of GCRAWithArgs that omits Tokens will get an unexpected error instead of the documented default behavior.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 899776c. Configure here.
2 participants
This PR introduces
GCRAcommand for rate limiting.marked as draft/ work in progress until an image with the command is available for testing.
Note
Medium Risk
Introduces a new command type with custom reply parsing and integrates it into cluster routing/value extraction; mistakes could cause incorrect parsing or behavior in pipelines/cluster mode.
Overview
Adds first-class support for Redis 8.8+
GCRArate limiting, including a newRateLimitCmdableAPI (GCRA/GCRAWithArgs),GCRAArgs/GCRAResulttypes, and a dedicatedGCRACmdwith explicit 5-element reply decoding.Wires the new command type into the generic command-value extraction and OSS cluster router value-setting paths, and adds both integration and unit tests plus a standalone
example/gcra-rate-limitingmodule demonstrating basic, burst, and weighted token usage.Also includes small whitespace/format-only touch-ups in TLS examples/tests and a mock pooler test.
Reviewed by Cursor Bugbot for commit 899776c. Bugbot is set up for automated code reviews on this repo. Configure here.