There are some flaws:
-
Why do we need cache when we have everything in Redis already? Also, even if we cache loss, we may not be at loss. By the time the new server will get up, the old limits wont make any sense.
-
Sliding window with counters: If we normalise to minute, and if there are three time stamps, in same window,how would you know which one to expire when? we need to store all entries, else you cant expire. Lets say 4:10:05. 4:10:06, both goes to 4-5 windows and count is 2, but these have different expiry.
-
At last, throttling based on ip+user : if hacker have infinite ip v6, then hacker can generate infinite ipv6 here also. it wont help
Course: Grokking the System Design Interview - Learn Interactively
Lesson: Designing a URL Shortening service like TinyURL - Grokking the System Design Interview
Course: Grokking the System Design Interview - Learn Interactively
Lesson: Designing a URL Shortening service like TinyURL - Grokking the System Design Interview
Course: Grokking the System Design Interview - Learn Interactively
Lesson: Designing a URL Shortening service like TinyURL - Grokking the System Design Interview