Add support for API rate limiting (requests per time frame)

[Kaliumhexacyanoferrat]

As a developer of a web service, I would like to limit the number of requests per time frame (e.g. per five minutes), so that consumers cannot spam or scrape my API.

Example

var limit = RateLimit.Allow(60)
                     .Per(Duration.FromMinutes(5))
                     .By(r => r.GetUser<IUser>());

myApi.Add(limit);

Acceptance criteria

• The functionality is implemented in a rate limiting module
• The change is in general compatible with Rate limiting / throttling of response downloads #352
• The user can decide on what property the rate limiting is applied (e.g. per IP, per user, per API key, per ...)
• For typical use cases, convenience methods are provided (e.g. ByIP(), ByUser())
• The feature is documented on the GenHTTP website
• The feature is covered by acceptance tests

[Kaliumhexacyanoferrat]

@Matasx: Would this be an interesting feature for your use case?

[Matasx]

Yes this would be perfect if implemented in GenHTTP. I currently use custom build of Caddy with rate limiting module configured to 600 calls per IP per minute. This would be great addition!