Skip to content

Commit

Permalink
changes from ip to api key
Browse files Browse the repository at this point in the history
Signed-off-by: Bruno Calza <[email protected]>
  • Loading branch information
brunocalza committed Aug 11, 2023
1 parent 4cd109b commit 606165a
Show file tree
Hide file tree
Showing 9 changed files with 24 additions and 25 deletions.
2 changes: 1 addition & 1 deletion cmd/api/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ type HTTPConfig struct {

RateLimInterval string `default:"1s"`
MaxRequestPerInterval uint64 `default:"10"`
AllowList string `default:""` // separated list of IPs (e.g. 127.0.0.1,192.168.0.1)
APIKey string `default:""` // if client passes the key it will not be affected by rate limiter
}

// GatewayConfig contains configuration for the Gateway.
Expand Down
4 changes: 1 addition & 3 deletions cmd/api/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -460,14 +460,12 @@ func createAPIServer(
return nil, fmt.Errorf("parsing http ratelimiter interval: %s", err)
}

allowList := strings.Split(httpConfig.AllowList, ",")

router, err := router.ConfiguredRouter(
g,
httpConfig.MaxRequestPerInterval,
rateLimInterval,
supportedChainIDs,
allowList,
httpConfig.APIKey,
)
if err != nil {
return nil, fmt.Errorf("configuring router: %s", err)
Expand Down
2 changes: 1 addition & 1 deletion docker/deployed/mainnet/api/config.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"Port": "8080",
"RateLimInterval": "1s",
"MaxRequestPerInterval": 10,
"AllowList" : "${HTTP_RATE_LIMITER_ALLOWLIST}",
"ApiKey" : "${HTTP_RATE_LIMITER_API_KEY}",
"TLSCert": "${VALIDATOR_TLS_CERT}",
"TLSKey": "${VALIDATOR_TLS_KEY}"
},
Expand Down
2 changes: 1 addition & 1 deletion docker/deployed/staging/api/config.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"Port": "8080",
"RateLimInterval": "1s",
"MaxRequestPerInterval": 10,
"AllowList" : "${HTTP_RATE_LIMITER_ALLOWLIST}",
"ApiKey" : "${HTTP_RATE_LIMITER_API_KEY}",
"TLSCert": "${VALIDATOR_TLS_CERT}",
"TLSKey": "${VALIDATOR_TLS_KEY}"
},
Expand Down
2 changes: 1 addition & 1 deletion docker/deployed/testnet/api/config.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"Port": "8080",
"RateLimInterval": "1s",
"MaxRequestPerInterval": 10,
"AllowList" : "${HTTP_RATE_LIMITER_ALLOWLIST}",
"ApiKey" : "${HTTP_RATE_LIMITER_API_KEY}",
"TLSCert": "${VALIDATOR_TLS_CERT}",
"TLSKey": "${VALIDATOR_TLS_KEY}"
},
Expand Down
22 changes: 11 additions & 11 deletions internal/router/middlewares/ratelim.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,9 @@ type RateLimiterConfig struct {
// RateLimiterRouteConfig specifies the maximum request per interval, and
// interval length for a rate limiting rule.
type RateLimiterRouteConfig struct {
MaxRPI uint64
Interval time.Duration
AllowList []string
MaxRPI uint64
Interval time.Duration
APIKey string
}

// RateLimitController creates a new middleware to rate limit requests.
Expand Down Expand Up @@ -60,9 +60,9 @@ func createRateLimiter(cfg RateLimiterRouteConfig, kf httplimit.KeyFunc) (*middl
}

return &middleware{
store: defaultStore,
keyFunc: kf,
allowlist: cfg.AllowList,
store: defaultStore,
keyFunc: kf,
apiKey: cfg.APIKey,
}, nil
}

Expand All @@ -86,8 +86,8 @@ type middleware struct {
store limiter.Store
keyFunc httplimit.KeyFunc

// list of ip addresses not affected by rate limiter
allowlist []string
// clients with key are not affected by rate limiter
apiKey string
}

// Handle returns the HTTP handler as a middleware. This handler calls Take() on
Expand All @@ -106,9 +106,9 @@ func (m *middleware) Handle(next http.Handler) http.Handler {
return
}

// skip rate limiting checks if key is in allowlist
for _, ip := range m.allowlist {
if strings.EqualFold(key, ip) {
// skip rate limiting checks if secret key is provided
if key := r.Header.Get("Secret-Key"); key != "" && m.apiKey != "" {
if strings.EqualFold(key, m.apiKey) {
next.ServeHTTP(w, r)
return
}
Expand Down
5 changes: 3 additions & 2 deletions internal/router/middlewares/ratelim_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func TestLimit1IP(t *testing.T) {
{name: "block-me", callRPS: 1000, limitRPS: 500, forwardedFor: false},

{name: "allow-me", callRPS: 1000, limitRPS: 500, forwardedFor: false, allow: true},
{name: "forwareded-allow-me", callRPS: 1000, limitRPS: 500, forwardedFor: true, allow: true},
{name: "forwarded-allow-me", callRPS: 1000, limitRPS: 500, forwardedFor: true, allow: true},
}

for _, tc := range tests {
Expand All @@ -58,7 +58,8 @@ func TestLimit1IP(t *testing.T) {
}

if tc.allow {
cfg.Default.AllowList = []string{ip}
r.Header.Set("Secret-Key", "MYSECRETKEY")
cfg.Default.APIKey = "MYSECRETKEY"
}

rlcm, err := RateLimitController(cfg)
Expand Down
8 changes: 4 additions & 4 deletions internal/router/router.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,17 @@ func ConfiguredRouter(
maxRPI uint64,
rateLimInterval time.Duration,
supportedChainIDs []tableland.ChainID,
allowList []string,
apiKey string,
) (*Router, error) {
// General router configuration.
router := newRouter()
router.use(middlewares.CORS, middlewares.TraceID)

cfg := middlewares.RateLimiterConfig{
Default: middlewares.RateLimiterRouteConfig{
MaxRPI: maxRPI,
Interval: rateLimInterval,
AllowList: allowList,
MaxRPI: maxRPI,
Interval: rateLimInterval,
APIKey: apiKey,
},
}
rateLim, err := middlewares.RateLimitController(cfg)
Expand Down
2 changes: 1 addition & 1 deletion tests/fullstack/fullstack.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func CreateFullStack(t *testing.T, deps Deps) FullStack {
require.NoError(t, err)
}

router, err := router.ConfiguredRouter(gatewayService, 10, time.Second, []tableland.ChainID{ChainID}, []string{})
router, err := router.ConfiguredRouter(gatewayService, 10, time.Second, []tableland.ChainID{ChainID}, "")
require.NoError(t, err)

server := httptest.NewServer(router.Handler())
Expand Down

0 comments on commit 606165a

Please sign in to comment.