Documentation ¶
Overview ¶
Package limiter implements connection and rate limiters for teleport
Index ¶
- Constants
- func MakeMiddleware(limiter handlerWrapper) func(http.Handler) http.Handler
- type Config
- type ConnectionsLimiter
- type CustomRateFunc
- type Limiter
- func (l *Limiter) RegisterRequest(token string) error
- func (l *Limiter) RegisterRequestAndConnection(token string) (func(), error)
- func (l *Limiter) RegisterRequestWithCustomRate(token string, customRate *ratelimit.RateSet) error
- func (l *Limiter) StreamServerInterceptor(srv interface{}, serverStream grpc.ServerStream, info *grpc.StreamServerInfo, ...) error
- func (l *Limiter) UnaryServerInterceptor() grpc.UnaryServerInterceptor
- func (l *Limiter) UnaryServerInterceptorWithCustomRate(customRate CustomRateFunc) grpc.UnaryServerInterceptor
- func (l *Limiter) WrapHandle(h http.Handler)
- func (l *Limiter) WrapListener(ln net.Listener) *Listener
- type Listener
- type Rate
- type RateLimiter
Constants ¶
const ( DefaultMaxNumberOfUsers = 100000 DefaultRate = 100000000 )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Config ¶
type Config struct { // Rates set ups rate limits Rates []Rate // MaxConnections configures maximum number of connections MaxConnections int64 // MaxNumberOfUsers controls maximum number of simultaneously active users MaxNumberOfUsers int // Clock is an optional parameter, if not set, will use system time Clock timetools.TimeProvider }
Config sets up rate limits and configuration limits parameters
type ConnectionsLimiter ¶
type ConnectionsLimiter struct { *connlimit.ConnLimiter sync.Mutex // contains filtered or unexported fields }
ConnectionsLimiter is a network connection limiter and tracker
func NewConnectionsLimiter ¶
func NewConnectionsLimiter(config Config) (*ConnectionsLimiter, error)
NewConnectionsLimiter returns new connection limiter, in case if connection limits are not set, they won't be tracked
func (*ConnectionsLimiter) AcquireConnection ¶
func (l *ConnectionsLimiter) AcquireConnection(token string) error
AcquireConnection acquires connection and bumps counter
func (*ConnectionsLimiter) GetNumConnection ¶
func (l *ConnectionsLimiter) GetNumConnection(token string) (int64, error)
GetNumConnection returns the current number of connections for a token
func (*ConnectionsLimiter) ReleaseConnection ¶
func (l *ConnectionsLimiter) ReleaseConnection(token string)
ReleaseConnection decrements the counter
func (*ConnectionsLimiter) WrapHandle ¶
func (l *ConnectionsLimiter) WrapHandle(h http.Handler)
WrapHandle adds connection limiter to the handle
type CustomRateFunc ¶
CustomRateFunc is a function type which returns a custom *ratelimit.RateSet for a given endpoint string.
type Limiter ¶
type Limiter struct { // ConnectionsLimiter limits simultaneous connection *ConnectionsLimiter // contains filtered or unexported fields }
Limiter helps limiting connections and request rates
func NewLimiter ¶
NewLimiter returns new rate and connection limiter
func (*Limiter) RegisterRequest ¶
func (*Limiter) RegisterRequestAndConnection ¶
RegisterRequestAndConnection register a rate and connection limiter for a given token. Close function is returned, and it must be called to release the token. When a limit is hit an error is returned. Example usage:
release, err := limiter.RegisterRequestAndConnection(clientIP) if err != nil { return trace.Wrap(err) } defer release()
func (*Limiter) RegisterRequestWithCustomRate ¶
func (*Limiter) StreamServerInterceptor ¶
func (l *Limiter) StreamServerInterceptor(srv interface{}, serverStream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error
StreamServerInterceptor is a gRPC stream interceptor that rate limits incoming requests by client IP.
func (*Limiter) UnaryServerInterceptor ¶
func (l *Limiter) UnaryServerInterceptor() grpc.UnaryServerInterceptor
UnaryServerInterceptor returns a gRPC unary interceptor which rate limits by client IP.
func (*Limiter) UnaryServerInterceptorWithCustomRate ¶
func (l *Limiter) UnaryServerInterceptorWithCustomRate(customRate CustomRateFunc) grpc.UnaryServerInterceptor
UnaryServerInterceptorWithCustomRate returns a gRPC unary interceptor which rate limits by client IP. Accepts a CustomRateFunc to set custom rates for specific gRPC methods.
func (*Limiter) WrapHandle ¶
WrapHandle adds limiter to the handle
type Listener ¶
Listener wraps a net.Listener and applies connection limiting per client to all connections that are accepted.
func NewListener ¶
func NewListener(ln net.Listener, limiter *ConnectionsLimiter) *Listener
NewListener creates a Listener that enforces the limits of the provided ConnectionsLimiter on the all connections accepted by the provided net.Listener.
type RateLimiter ¶
type RateLimiter struct { *ratelimit.TokenLimiter *sync.Mutex // contains filtered or unexported fields }
RateLimiter controls connection rate, it uses token bucket algo https://en.wikipedia.org/wiki/Token_bucket
func NewRateLimiter ¶
func NewRateLimiter(config Config) (*RateLimiter, error)
NewRateLimiter returns new request rate controller
func (*RateLimiter) RegisterRequest ¶
func (l *RateLimiter) RegisterRequest(token string, customRate *ratelimit.RateSet) error
RegisterRequest increases number of requests for the provided token Returns error if there are too many requests with the provided token.
func (*RateLimiter) WrapHandle ¶
func (l *RateLimiter) WrapHandle(h http.Handler)
Add rate limiter to the handle