navigation-ux-ipc-client-core/com.mapbox.dash.sdk.ipc.client.core/WindowIpcRateLimiter

WindowIpcRateLimiter

class WindowIpcRateLimiter(windowMs: Long, currentTimeMs: () -> Long = SystemClock::elapsedRealtime) : IpcRateLimiter

A lightweight fixed-window per-second rate limiter for IPC commands.

Algorithm

Each unique key gets a one-second window. The first call in a window opens a new window and counts as 1. Subsequent calls in the same window increment the counter. Once the limit is reached, tryAcquire returns false until the window expires.

Fixed-window was chosen over token-bucket or sliding-window because:

  • It is deterministic and easy to unit-test with a fake clock.

  • It requires no background thread or scheduled cleanup.

  • At-window-boundary bursts are acceptable here: the attack vector is sustained flooding, not split-second spikes.

Thread safety

ConcurrentHashMap.compute is atomic per key. The lambda runs under a per-bucket lock held by the map internals; it does only cheap arithmetic, so contention is negligible.

Memory

Each entry is a single Window object (two primitives). Entries are lazily recycled when their window expires and a new call arrives — no background thread or explicit eviction is needed. The number of distinct keys is bounded:

  • Client side: ≤ number of known CommandType IDs (~90).

  • Server side: ≤ |clients| × |commands| (a few hundred at most).

Parameters

windowMs

duration of one rate-limit window in milliseconds (default: 1 000 ms = 1 s)

currentTimeMs

injectable clock; override in tests to control time deterministically

Constructors

Link copied to clipboard
constructor(windowMs: Long, currentTimeMs: () -> Long = SystemClock::elapsedRealtime)

Functions

Link copied to clipboard
open override fun tryAcquire(key: String, maxCallsPerWindow: Int): Boolean

Attempts to record one call for key within the current time window.