From 2bd8293ac7586ce8a3332badb2504ec8bd458c23 Mon Sep 17 00:00:00 2001
From: Tomas Brambora <tomas.brambora@gmail.com>
Date: Mon, 19 Jul 2021 10:36:57 +1000
Subject: [PATCH] Add example of how to rate limit per-connection

I just got bitten by rate-limiter thinking by default the rule applies to each connection separately. This example should help educate users that it is not in fact the case unless you add `connectionId() { return true; }`.
---
 source/api/methods.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/source/api/methods.md b/source/api/methods.md
index e44d7ade2f..e24140aa97 100644
--- a/source/api/methods.md
+++ b/source/api/methods.md
@@ -233,5 +233,19 @@ const loginRule = {
 // Add the rule, allowing up to 5 messages every 1000 milliseconds.
 DDPRateLimiter.addRule(loginRule, 5, 1000);
 ```
+
+Here's another example that rate-limits adding a custom `threads.create` method per-connection:
+```js
+// Define a rule that matches login attempts by non-admin users.
+const threadCreateRule = {
+  type: 'method',
+  name: 'threads.create',
+  connectionId() {
+    return true;
+  }
+};
+// Add the rule, allowing up to 5 messages per user connection (i.e., every connection is rate-limited separately) every 30 minutes.
+DDPRateLimiter.addRule(threadCreateRule, 5, 1000 * 60 * 30);
+```
 {% apibox "DDPRateLimiter.removeRule" nested:true instanceDelimiter:. %}
 {% apibox "DDPRateLimiter.setErrorMessage" nested:true instanceDelimiter:. %}