Re: [PR] feat(limit-count): add Redis Sentinel backend, sliding window and delayed sync support [apisix]

Wed, 10 Jun 2026 19:56:18 -0700 


AlinsRan commented on PR #13443:
URL: https://github.com/apache/apisix/pull/13443#issuecomment-4676762654

   Follow-up: the latest commit 92b3460 closes a cross-plugin isolation gap in 
the **sliding-window Redis** counter key.
   
   ### Problem
   
   The fixed-window Redis path prefixes its counter key with `plugin_name` (and 
a storage-format version), so two plugins that reuse this module never collide. 
The sliding-window Redis path did not — `get_counter_key()` built the key only 
from `gen_limit_key()` output plus the window id:
   
   ```
   <resource_key>:<conf_version>:<key>.<wid>.counter
   ```
   
   `gen_limit_key()` does not contain the plugin name, and `conf_version` is 
`crc32(conf)`. So when two plugins reuse this module on the **same resource 
with identical config** — `limit-count` and `graphql-limit-count` are the 
real-world pair — they produce the same key and share one Redis counter, 
double-counting each other's requests.
   
   This only affects the Redis-backed stores (`redis` / `redis-cluster` / 
`redis-sentinel`). The local store is already namespaced by its per-plugin 
shared dict, so it was never exposed.
   
   ### Fix
   
   Prefix the sliding-window Redis counter key with `plugin_name`, mirroring 
the fixed-window backend:
   
   ```lua
   if self.plugin_name then
       return string_format("%s:%s.%s.counter", self.plugin_name, key, wid)
   end
   return string_format("%s.%s.counter", key, wid)
   ```
   
   `plugin_name` is wired onto the limiter instance right after construction, 
the same way `fallback_limiter` already is, so no constructor signatures 
change. The local store passes no name and keeps its original key format 
unchanged.
   
   Regression test added in `t/plugin/limit-count-sliding.t`: two limiters with 
different `plugin_name` but the same key — exhausting one plugin's quota leaves 
the other's quota intact, proving the counters are independent.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to