too long

I'm using PHP in conjunction with AJAX for a lot of functions on my site. I've implemented a sort of rate limiting system on the client-side with Javascript. Basically, disabling a button for 1 sec after it's clicked.

Although this works fine for the more innocent cases, but I feel like I need something on the server-side of things to limit requests as well.

Basically, I want users to have a maximum amount of AJAX calls they can make per second. In fact, one per second seems reasonable.

One way would be somehow logging every request to my AJAX callback, and reading from that table before a new request is made. But this would immensely increase the work load on my server and database.

Are there any alternative methods of doing this?

PHP

function comment_upvote_callback() {    

    // Some sort of rate limit??


    // $_POST data validation

    // Add upvote to database

    // Return success or error

} 
add_action( 'wp_ajax_comment_upvote_callback', 'comment_upvote_callback' );

jQuery

var is_clicked = false;

if ( is_clicked == false ) {
    $('#comments').on('click', '.comment-upvote', function(event) {
        event.preventDefault();

        // Button disabled as long as isClicked == true
        isClicked = true;

        // Data to be sent
        var data = {
            'action': 'comment_upvote_callback',
            'security': nonce,  
            'comment_id': comment_id
        };

        // Send Data
        jQuery.post(ajaxurl, data, function(response) {

            // Callback

            // Client-side rate limit
            setTimeout( function() {
                is_clicked = false;
            }, 1000);
        });
    });
}

As already told above, you should be using rate limiting at server-side I have written a code to implement the same. You can copy the code into a file and simply include in your server-side script at the top. It accepts maximum 3hits/5secs. You can change the rate according to your needs

    session_start();
    const cap = 3;
    $stamp_init = date("Y-m-d H:i:s");
    if( !isset( $_SESSION['FIRST_REQUEST_TIME'] ) ){
            $_SESSION['FIRST_REQUEST_TIME'] = $stamp_init;
    }
    $first_request_time = $_SESSION['FIRST_REQUEST_TIME'];
    $stamp_expire = date( "Y-m-d H:i:s", strtotime( $first_request_time )+( 5 ) );
    if( !isset( $_SESSION['REQ_COUNT'] ) ){
            $_SESSION['REQ_COUNT'] = 0;
    }
    $req_count = $_SESSION['REQ_COUNT'];
    $req_count++;
    if( $stamp_init > $stamp_expire ){//Expired
            $req_count = 1;
            $first_request_time = $stamp_init;
    }
    $_SESSION['REQ_COUNT'] = $req_count;
    $_SESSION['FIRST_REQUEST_TIME'] = $first_request_time;
    header('X-RateLimit-Limit: '.cap);
    header('X-RateLimit-Remaining: ' . ( cap-$req_count ) );
    if( $req_count > cap){//Too many requests
            http_response_code( 429 );
            exit();
    }