Package ratelimit manages rate limits for urls.
It can be used instead of captchas, since breaking captchas is a commercial service, yielding a captcha to be nothing more than a rate limit.
The rate limited requests for each client (ip address) are stored in the database, and subsequent requests from the same client are denied if they come within the set time window.
Entries of non-returning clients are cleared from the database regularly.
ratelimit.Handle returns a httprouter.Handle that denies a request if it's repeated from the same client within the given number of seconds, or handles it, and resets the time window. Passing 0 seconds bypasses the rate limit.
Default limit is read from the RATELIMIT environment variable. The default value for RATELIMIT is 60 seconds.