summaryrefslogtreecommitdiff
path: root/internal/middleware/ratelimit.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/middleware/ratelimit.go')
-rw-r--r--internal/middleware/ratelimit.go77
1 files changed, 77 insertions, 0 deletions
diff --git a/internal/middleware/ratelimit.go b/internal/middleware/ratelimit.go
new file mode 100644
index 000000000..ab947a124
--- /dev/null
+++ b/internal/middleware/ratelimit.go
@@ -0,0 +1,77 @@
+/*
+ GoToSocial
+ Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package middleware
+
+import (
+ "net"
+ "net/http"
+ "time"
+
+ "github.com/gin-gonic/gin"
+ "github.com/superseriousbusiness/gotosocial/internal/config"
+ "github.com/ulule/limiter/v3"
+ limitergin "github.com/ulule/limiter/v3/drivers/middleware/gin"
+ "github.com/ulule/limiter/v3/drivers/store/memory"
+)
+
+const rateLimitPeriod = 5 * time.Minute
+
+// RateLimit returns a gin middleware that will automatically rate limit caller (by IP address),
+// and enrich the response header with the following headers:
+//
+// - `x-ratelimit-limit` - maximum number of requests allowed per time period (fixed).
+// - `x-ratelimit-remaining` - number of remaining requests that can still be performed.
+// - `x-ratelimit-reset` - unix timestamp when the rate limit will reset.
+//
+// If `x-ratelimit-limit` is exceeded, the request is aborted and an HTTP 429 TooManyRequests
+// status is returned.
+//
+// If the config AdvancedRateLimitRequests value is <= 0, then a noop handler will be returned,
+// which performs no rate limiting.
+func RateLimit() gin.HandlerFunc {
+ // only enable rate limit middleware if configured
+ // advanced-rate-limit-requests is greater than 0
+ rateLimitRequests := config.GetAdvancedRateLimitRequests()
+ if rateLimitRequests <= 0 {
+ // use noop middleware if ratelimiting is disabled
+ return func(c *gin.Context) {}
+ }
+
+ rate := limiter.Rate{
+ Period: rateLimitPeriod,
+ Limit: int64(rateLimitRequests),
+ }
+
+ limiterInstance := limiter.New(
+ memory.NewStore(),
+ rate,
+ limiter.WithIPv6Mask(net.CIDRMask(64, 128)), // apply /64 mask to IPv6 addresses
+ )
+
+ limitReachedHandler := func(c *gin.Context) {
+ c.AbortWithStatusJSON(http.StatusTooManyRequests, gin.H{"error": "rate limit reached"})
+ }
+
+ middleware := limitergin.NewMiddleware(
+ limiterInstance,
+ limitergin.WithLimitReachedHandler(limitReachedHandler), // use custom rate limit reached error
+ )
+
+ return middleware
+}
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-12 18:50:45 +0000