diff options
| author | Kamil Trzciński <ayufan@ayufan.eu> | 2020-10-20 13:30:41 +0300 |
|---|---|---|
| committer | Kamil Trzciński <ayufan@ayufan.eu> | 2020-10-20 13:30:41 +0300 |
| commit | 05c6facd72644095ca1aeff88c564dfb411fe34f (patch) | |
| tree | 9292efadd79fff678a74f2f2b6cb38648c24e981 /internal | |
| parent | 7f8e9bd39def730616a4c7d1d5f00ee6ca9ea76a (diff) | |
Revert "Add Host and SNI-based rate limiting"
This reverts commit 7f8e9bd39def730616a4c7d1d5f00ee6ca9ea76a.
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/rate_limiting/http_handler.go | 32 | ||||
| -rw-r--r-- | internal/rate_limiting/rate_limiting.go | 62 |
2 files changed, 0 insertions, 94 deletions
diff --git a/internal/rate_limiting/http_handler.go b/internal/rate_limiting/http_handler.go deleted file mode 100644 index d6341781..00000000 --- a/internal/rate_limiting/http_handler.go +++ /dev/null @@ -1,32 +0,0 @@ -package rate_limiting - -import ( - "crypto/tls" - "errors" - "net/http" - - "gitlab.com/gitlab-org/gitlab-pages/internal/tlsconfig" -) - -func (r *RateLimiting) LimitHostHandler(handler http.Handler) http.Handler { - fn := func(rw http.ResponseWriter, req *http.Request) { - if r.Allow(req.Host) { - handler.ServeHTTP(rw, req) - return - } - - rw.WriteHeader(http.StatusTooManyRequests) - } - - return http.HandlerFunc(fn) -} - -func (r *RateLimiting) LimitServeTLS(handler tlsconfig.GetCertificateFunc) tlsconfig.GetCertificateFunc { - return func(ch *tls.ClientHelloInfo) (*tls.Certificate, error) { - if r.Allow(ch.ServerName) { - return handler(ch) - } - - return nil, errors.New("rate limited") - } -} diff --git a/internal/rate_limiting/rate_limiting.go b/internal/rate_limiting/rate_limiting.go deleted file mode 100644 index d69dd873..00000000 --- a/internal/rate_limiting/rate_limiting.go +++ /dev/null @@ -1,62 +0,0 @@ -package rate_limiting - -import ( - "time" - - "github.com/patrickmn/go-cache" - "golang.org/x/time/rate" -) - -type rateLimit struct { - *rate.Limiter -} - -type RateLimiting struct { - cache *cache.Cache - - window time.Duration - limit uint -} - -func NewRateLimiting(window time.Duration, limit uint) *RateLimiting { - return &RateLimiting{ - cache: cache.New(window*2, window), - window: window, - limit: limit, - } -} - -func (r *RateLimiting) newRateLimiter() rateLimit { - // we divide a window by amount of requests - // the bucket is refilled every interval - // allowing to consume up to the defined `limit` - everyNs := r.window.Nanoseconds() / int64(r.limit) - every := time.Duration(everyNs) - - return rateLimit{ - rate.NewLimiter(rate.Every(every), int(r.limit)), - } -} - -func (r *RateLimiting) findOrCreate(key string) rateLimit { - for { - // try to get existing item - if item, expiry, found := r.cache.GetWithExpiration(key); found { - // extend item window - if time.Until(expiry) > r.window { - r.cache.SetDefault(key, item) - } - - return item.(rateLimit) - } - - // add a new item - if rateLimiter := r.newRateLimiter(); r.cache.Add(key, rateLimiter, cache.DefaultExpiration) == nil { - return rateLimiter - } - } -} - -func (r *RateLimiting) Allow(key string) bool { - return r.findOrCreate(key).Allow() -} |