aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat(controller): Add ratelimiter http middleware

Browse Source
pull/4093/head
Timothy Messier 3 years ago
parent 2853324479
commit 00bd2899af
No known key found for this signature in database
GPG Key ID: EFD2F184F7600572
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File

13
internal/daemon/controller/controller.go
Unescape View File

@ -50,6 +50,7 @@ import (
external_plugins "github.com/hashicorp/boundary/sdk/plugins"
"github.com/hashicorp/boundary/version"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-rate"
"github.com/hashicorp/go-secure-stdlib/mlock"
"github.com/hashicorp/go-secure-stdlib/pluginutil/v2"
"github.com/hashicorp/nodeenrollment"
@ -119,6 +120,8 @@ type Controller struct {
apiGrpcServerListener grpcServerListener
apiGrpcGatewayTicket string
rateLimiter *rate.Limiter
// Repo factory methods
AuthTokenRepoFn common.AuthTokenRepoFactory
VaultCredentialRepoFn common.VaultCredentialRepoFactory
@ -245,6 +248,16 @@ func New(ctx context.Context, conf *Config) (*Controller, error) {
}
c.clusterListener = clusterListeners[0]
rateLimits, err := conf.RawConfig.Controller.ApiRateLimits.Limits(c.baseContext)
if err != nil {
return nil, fmt.Errorf("error parsing rate limit configuration: %w", err)
}
c.rateLimiter, err = rate.NewLimiter(rateLimits, conf.RawConfig.Controller.ApiRateLimiterMaxEntries)
if err != nil {
return nil, fmt.Errorf("error initializing rate limiter: %w", err)
}
var pluginLogger hclog.Logger
for _, enabledPlugin := range c.enabledPlugins {
if pluginLogger == nil {

3
internal/daemon/controller/handler.go
Unescape View File

@ -46,6 +46,7 @@ import (
"github.com/hashicorp/boundary/internal/gen/controller/api/services"
authpb "github.com/hashicorp/boundary/internal/gen/controller/auth"
opsservices "github.com/hashicorp/boundary/internal/gen/ops/services"
"github.com/hashicorp/boundary/internal/ratelimit"
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-secure-stdlib/listenerutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
@ -73,7 +74,7 @@ func createMuxWithEndpoints(c *Controller, props HandlerProperties) (http.Handle
}
mux := http.NewServeMux()
mux.Handle("/v1/", grpcGwMux)
mux.Handle("/v1/", ratelimit.Handler(c.rateLimiter, grpcGwMux))
mux.Handle(uiPath, handleUi(c))
isUiRequest := func(req *http.Request) bool {

Write Preview
Loading…
Cancel
Save