Add topic routing and rate limiting

[zzirnheld-mia]

Short Summary of the Issue

Currently, the MiddleMail instance can end up clogging the SMTP server by sending too many bulk emails before any transactional emails can get through.

Changes made to Resolve the Issue

Added the ability to set a topic string, so a given MiddleMail instance can be tuned to listen for a specific type of email messages.
Added the ability to set a rate limit per minute, so that if two MiddleMail instances send mails to the same SMTP server, we can limit the number of a given type of email that reaches the SMTP server in a given timespan.

Instructions for Testers

Once this has been merged, please test the following:

• Create multiple MiddleMail server instances with different topics
  • Verify that, as long as the two instances have different subscription IDs and different topics, emails sent to one topic only make it through the corresponding MiddleMail instance.
• Use a rate limited MiddleMail instance
  • Configure the instance with a specified number of emails per minute
  • Attempt to send more than the limit, and verify that that limit many emails are sent out each minute, until the attempted number are sent.

Checklist

• Tested with a unit test.
• Tested locally.
• Checked for typos.
• I have made sure that the Instructions for Testers are self-contained. Just by reading the "Instructions for Testers" it is clear what needs to be tested without consulting this Merge Request or the Issue.
• I have self-reviewed the Description and the Changes of this Merge Request, usually at least one day after making the latest changes here.
• Has been approved by a developer.
• Has been approved by a reviewer.

[leo-labs]

I believe net7 is out of support since May this year. If we upgrade we should directly go to net8.

[leo-labs]

Same here

[leo-labs]

see above

[leo-labs]

I think that this test could be more written in a more readable way.

[zzirnheld-mia]

What part of how it's written confuses you? The concept of the test is as follows:
3 times:

• send a message
• verify that the message is delivered

one more time:

• initiate sending a message
• wait less time than the rate limit window
• verify that the message is not delivered

In other words, where should I add a comment?

[leo-labs]

I believe it would be already good if you move the commented out things that test a separate thing into a different method and separate the tests into Arrange / Act / Assert sections.
Anyway, I don't think you really need to test that the ratelimiter works, but just that it is called correctly and that you behave correctly depending on the lease (wait or process).

[zzirnheld-mia]

Looking at this again now, I still think this test is helpful to check that the behavior works as intended, even if it doesn't fit into the canonical Arrange / Act / Assert sections. I've separated the test into two tests, one of which could be commented out to speed up manual retesting if necessary.

[leo-labs]

one test method should only represent one test.

[zzirnheld-mia]

Yes, this method represents testing that, if you send 4 messages with a rate limit of 3, it allows exactly 3 messages through, not 4

[leo-labs]

my comment here was about the commented out test code:

If you want to test that it takes the correct amount of time to delay

That would be a different test.

[leo-labs]

Can we not just make this a configuration option, so we can actually have a working automated test?

[zzirnheld-mia]

I can do that. What do you mean by "configuration option"?

[leo-labs]

You can make this part of the options, so you can inject it and thus control it during tests.

[leo-labs]

For a better integration with DI you can have a look at https://github.com/dotnet/aspnetcore/blob/main/src/Middleware/RateLimiting/src/RateLimitingMiddleware.cs and https://github.com/dotnet/aspnetcore/blob/main/src/Middleware/RateLimiting/src/RateLimiterOptions.cs.

[leo-labs]

If you do it like that, you are probably able to improve the tests significantly, because you can mock the rate limiter :)

[zzirnheld-mia]

I took a look at the examples you linked, but I can't understand how GlobalLimiter gets assigned in RateLimiterOptions. However it's assigned in those examples, we need to have the value be populated from environment variables for this program. Do you know how to do that with something like an object (as opposed to a string)?

[leo-labs]

Have you seen https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit?view=aspnetcore-8.0#fixed-window-limiter and https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.ratelimiting.ratelimiteroptionsextensions.addfixedwindowlimiter?view=aspnetcore-8.0

[leo-labs]

What they do is to use the Options system to inject and construct a rate limiter. You can do the same here. E.g. like this:

services.AddOptions<RateLimiterOptions>()
	.Configure(options => 
		options.RateLimiter = new FixedWindowRateLimiter(
			new FixedWindowRateLimiterOptions() {
				PermitLimit = options.LimitPerMinute,
				Window = TimeSpan.FromMinutes(1),
			})
	);

public class RateLimiterOptions {
	public RateLimiter RateLimiter { get; set;}
}

This also allows you to mock your RateLimiter when testing

[zzirnheld-mia]

What's the correct way to access options like MiddleMailOptions in that have just been configured? (To get the LimitPerMinute)

[zzirnheld-mia]

Never mind, I think I understand, the LimitPerMinute is accessed from the same options the RateLimiter is defined on.

[leo-labs]

My snippet might not be perfect. I probably would not mix options that are (mis?-)used as a wrapper for DI and for configuration binding, since configuration can actually trigger a recreation of the option object.
There are multiple ways of solving this: You could have an option type for your configuration (so it is typed) and then use a different Configure overload when configuring RateLimiterOptions as above, the one where you can inject other services and inject the other option. Another way is to not use an option for the ratelimiter but just a singleton RateLimitAccessor service with a public property to access the ratelimiter object.

[leo-labs]

Have you seen https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit?view=aspnetcore-8.0#fixed-window-limiter and https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.ratelimiting.ratelimiteroptionsextensions.addfixedwindowlimiter?view=aspnetcore-8.0

[leo-labs]

my comment here was about the commented out test code:

If you want to test that it takes the correct amount of time to delay

That would be a different test.

[leo-labs]

You can make this part of the options, so you can inject it and thus control it during tests.

[leo-labs]

I believe it would be already good if you move the commented out things that test a separate thing into a different method and separate the tests into Arrange / Act / Assert sections.
Anyway, I don't think you really need to test that the ratelimiter works, but just that it is called correctly and that you behave correctly depending on the lease (wait or process).

[leo-labs]

formatting

[zzirnheld-mia]

What about the formatting do you want changed here?

[leo-labs]

We place else { on the same line as the closing bracket from the if clause, so } else {.

[leo-labs]

What they do is to use the Options system to inject and construct a rate limiter. You can do the same here. E.g. like this:

services.AddOptions<RateLimiterOptions>()
	.Configure(options => 
		options.RateLimiter = new FixedWindowRateLimiter(
			new FixedWindowRateLimiterOptions() {
				PermitLimit = options.LimitPerMinute,
				Window = TimeSpan.FromMinutes(1),
			})
	);

public class RateLimiterOptions {
	public RateLimiter RateLimiter { get; set;}
}

This also allows you to mock your RateLimiter when testing

[leo-labs]

Have you read #34 (comment) where I mentioned that mixing configuration binding and configure is probably not safe to do?

[leo-labs]

Do you still need this?

[zzirnheld-mia]

I was under the impression we wanted to maintain backwards-compatibility, so we wanted the option to not be rate-limited. Are you suggesting I should make the LimitPerMinute nullable instead, and treat a null value as "no rate limit"? I don't like that option, since it ascribes a meaning to a null value

[zzirnheld-mia]

I guess we're not explicitly setting null, just using the lack of setting the value. It's certainly convenient

[leo-labs]

we wanted the option to not be rate-limited
Yes, we do. But at the moment you do not have that (you are always register a ratelimiter) plus you do not use RateLimited anywhere

[leo-labs]

Do you always want to configure a rate limiter?

[leo-labs]

Maybe you should make this nullable instead and null meaning no rate limit, feels like the best UX to me..

[leo-labs]

I noticed that you have not added that to MiddleMailOptions.cs. Can you remove it here and set it on the project level?

[leo-labs]

I don't think that this is a good pattern (disposing an object that is managed by some other object (that is in our case even managed by DI)).
Microsoft/AspNet is a bit sloppy here (https://github.com/dotnet/aspnetcore/blob/main/src/Middleware/RateLimiting/src/RateLimiterOptions.cs#L26C49-L26C62) and does not dispose their rate limiter. On the other hand one can argue that stuff that has the same lifetime as the application does not necessarily need to be disposed of.
The cleanest solution is probably implementing a RateLimitAccessor : IDisposable singleton service. See also https://learn.microsoft.com/en-us/dotnet/core/extensions/dependency-injection-guidelines#design-services-for-dependency-injection

[leo-labs]

Can you make this more explicit, that this is longer than delayBeforeCheckingIfEmailSent?

[leo-labs]

I mean, why not do (2 * delayBeforeCheckingIfEmailSent).TotalMilliseconds, if that is what you intended here? :)

[leo-labs]

To be able to deploy these changes, you also need to make a few changes to the chart. Are you planning to do those in this MR?

[leo-labs]

Should this really be here?

[leo-labs]

This should probably implement IDisposable then?!

[zzirnheld-mia]

To be able to deploy these changes, you also need to make a few changes to the chart. Are you planning to do those in this MR?

Are there changes necessary to deploy without rate limiting or topics? If so, what are they? (I'm not sure what I'm missing)

[leo-labs]

Are there changes necessary to deploy without rate limiting or topics? If so, what are they? (I'm not sure what I'm missing)

I don't think so. I was referring to necessary changes to the chart when you actually want to deploy this with rate limiting and different topics (because right now you cannot set these configuration options).

[leo-labs]

Is there any reason why this is public?

[leo-labs]

I mean, why not do (2 * delayBeforeCheckingIfEmailSent).TotalMilliseconds, if that is what you intended here? :)

[leo-labs]

if you make it private, it should not start with an uppercase letter anymore

[leo-labs]

@zzirnheld-mia This looks good to me 🚀
What's left to do is:

• Add the new config options to the readme
• Bump package, and chart versions. (Maybe wait for Provide cc support #38 to be merged first)