From 90a14abb0c693287d10c5b2b8a6e5515f3ed4c37 Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Wed, 4 Jan 2023 11:57:59 +0100 Subject: [feature] HTTP request throttling middleware (#1297) * [feature] Add throttling middleware to AP endpoints * refactor a lil bit * use config setting, start updating docs * doc updates * use relative links in faq doc * small docs fixes * return code 503 instead of 429 when throttled * throttle other endpoints too * simplify token channel prefills --- internal/config/config.go | 5 +++-- internal/config/defaults.go | 5 +++-- internal/config/flags.go | 1 + internal/config/helpers.gen.go | 25 +++++++++++++++++++++++++ 4 files changed, 32 insertions(+), 4 deletions(-) (limited to 'internal/config') diff --git a/internal/config/config.go b/internal/config/config.go index 8a2c041e1..d057afe37 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -127,8 +127,9 @@ type Configuration struct { SyslogProtocol string `name:"syslog-protocol" usage:"Protocol to use when directing logs to syslog. Leave empty to connect to local syslog."` SyslogAddress string `name:"syslog-address" usage:"Address:port to send syslog logs to. Leave empty to connect to local syslog."` - AdvancedCookiesSamesite string `name:"advanced-cookies-samesite" usage:"'strict' or 'lax', see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"` - AdvancedRateLimitRequests int `name:"advanced-rate-limit-requests" usage:"Amount of HTTP requests to permit within a 5 minute window. 0 or less turns rate limiting off."` + AdvancedCookiesSamesite string `name:"advanced-cookies-samesite" usage:"'strict' or 'lax', see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"` + AdvancedRateLimitRequests int `name:"advanced-rate-limit-requests" usage:"Amount of HTTP requests to permit within a 5 minute window. 0 or less turns rate limiting off."` + AdvancedThrottlingMultiplier int `name:"advanced-throttling-multiplier" usage:"Multiplier to use per cpu for http request throttling. 0 or less turns throttling off."` // Cache configuration vars. Cache CacheConfiguration `name:"cache"` diff --git a/internal/config/defaults.go b/internal/config/defaults.go index 6d589439a..4873c5c47 100644 --- a/internal/config/defaults.go +++ b/internal/config/defaults.go @@ -104,8 +104,9 @@ var Defaults = Configuration{ SyslogProtocol: "udp", SyslogAddress: "localhost:514", - AdvancedCookiesSamesite: "lax", - AdvancedRateLimitRequests: 300, // 1 per second per 5 minutes + AdvancedCookiesSamesite: "lax", + AdvancedRateLimitRequests: 300, // 1 per second per 5 minutes + AdvancedThrottlingMultiplier: 8, // 8 open requests per CPU Cache: CacheConfiguration{ GTS: GTSCacheConfiguration{ diff --git a/internal/config/flags.go b/internal/config/flags.go index c5df1c8b2..3a5d69f25 100644 --- a/internal/config/flags.go +++ b/internal/config/flags.go @@ -132,6 +132,7 @@ func (s *ConfigState) AddServerFlags(cmd *cobra.Command) { // Advanced flags cmd.Flags().String(AdvancedCookiesSamesiteFlag(), cfg.AdvancedCookiesSamesite, fieldtag("AdvancedCookiesSamesite", "usage")) cmd.Flags().Int(AdvancedRateLimitRequestsFlag(), cfg.AdvancedRateLimitRequests, fieldtag("AdvancedRateLimitRequests", "usage")) + cmd.Flags().Int(AdvancedThrottlingMultiplierFlag(), cfg.AdvancedThrottlingMultiplier, fieldtag("AdvancedThrottlingMultiplier", "usage")) }) } diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go index 62894b4d5..de5b93762 100644 --- a/internal/config/helpers.gen.go +++ b/internal/config/helpers.gen.go @@ -1824,6 +1824,31 @@ func GetAdvancedRateLimitRequests() int { return global.GetAdvancedRateLimitRequ // SetAdvancedRateLimitRequests safely sets the value for global configuration 'AdvancedRateLimitRequests' field func SetAdvancedRateLimitRequests(v int) { global.SetAdvancedRateLimitRequests(v) } +// GetAdvancedThrottlingMultiplier safely fetches the Configuration value for state's 'AdvancedThrottlingMultiplier' field +func (st *ConfigState) GetAdvancedThrottlingMultiplier() (v int) { + st.mutex.Lock() + v = st.config.AdvancedThrottlingMultiplier + st.mutex.Unlock() + return +} + +// SetAdvancedThrottlingMultiplier safely sets the Configuration value for state's 'AdvancedThrottlingMultiplier' field +func (st *ConfigState) SetAdvancedThrottlingMultiplier(v int) { + st.mutex.Lock() + defer st.mutex.Unlock() + st.config.AdvancedThrottlingMultiplier = v + st.reloadToViper() +} + +// AdvancedThrottlingMultiplierFlag returns the flag name for the 'AdvancedThrottlingMultiplier' field +func AdvancedThrottlingMultiplierFlag() string { return "advanced-throttling-multiplier" } + +// GetAdvancedThrottlingMultiplier safely fetches the value for global configuration 'AdvancedThrottlingMultiplier' field +func GetAdvancedThrottlingMultiplier() int { return global.GetAdvancedThrottlingMultiplier() } + +// SetAdvancedThrottlingMultiplier safely sets the value for global configuration 'AdvancedThrottlingMultiplier' field +func SetAdvancedThrottlingMultiplier(v int) { global.SetAdvancedThrottlingMultiplier(v) } + // GetCacheGTSAccountMaxSize safely fetches the Configuration value for state's 'Cache.GTS.AccountMaxSize' field func (st *ConfigState) GetCacheGTSAccountMaxSize() (v int) { st.mutex.Lock() -- cgit v1.2.3