ratelimit

package

v0.0.0-...-56f0ed6 Latest Latest Go to latest Published: Nov 15, 2024 License: MPL-2.0 Imports: 4 Imported by: 20

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/letsencrypt/boulder

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	// CertificatesPerName is the name of the CertificatesPerName rate limit
	// when referenced in metric labels.
	CertificatesPerName = "certificates_per_domain"

	// RegistrationsPerIP is the name of the RegistrationsPerIP rate limit when
	// referenced in metric labels.
	RegistrationsPerIP = "registrations_per_ip"

	// RegistrationsPerIPRange is the name of the RegistrationsPerIPRange rate
	// limit when referenced in metric labels.
	RegistrationsPerIPRange = "registrations_per_ipv6_range"

	// PendingAuthorizationsPerAccount is the name of the
	// PendingAuthorizationsPerAccount rate limit when referenced in metric
	// labels.
	PendingAuthorizationsPerAccount = "pending_authorizations_per_account"

	// InvalidAuthorizationsPerAccount is the name of the
	// InvalidAuthorizationsPerAccount rate limit when referenced in metric
	// labels.
	InvalidAuthorizationsPerAccount = "failed_authorizations_per_account"

	// CertificatesPerFQDNSet is the name of the CertificatesPerFQDNSet rate
	// limit when referenced in metric labels.
	CertificatesPerFQDNSet = "certificates_per_fqdn_set"

	// CertificatesPerFQDNSetFast is the name of the CertificatesPerFQDNSetFast
	// rate limit when referenced in metric labels.
	CertificatesPerFQDNSetFast = "certificates_per_fqdn_set_fast"

	// NewOrdersPerAccount is the name of the NewOrdersPerAccount rate limit
	// when referenced in metric labels.
	NewOrdersPerAccount = "new_orders_per_account"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Limits ¶

type Limits interface {
	CertificatesPerName() RateLimitPolicy
	RegistrationsPerIP() RateLimitPolicy
	RegistrationsPerIPRange() RateLimitPolicy
	PendingAuthorizationsPerAccount() RateLimitPolicy
	InvalidAuthorizationsPerAccount() RateLimitPolicy
	CertificatesPerFQDNSet() RateLimitPolicy
	CertificatesPerFQDNSetFast() RateLimitPolicy
	NewOrdersPerAccount() RateLimitPolicy
	LoadPolicies(contents []byte) error
}

Limits is defined to allow mock implementations be provided during unit testing

func New ¶

func New() Limits

type RateLimitPolicy ¶

type RateLimitPolicy struct {
	// How long to count items for
	Window config.Duration `yaml:"window"`
	// The max number of items that can be present before triggering the rate
	// limit. Zero means "no limit."
	Threshold int64 `yaml:"threshold"`
	// A per-key override setting different limits than the default (higher or lower).
	// The key is defined on a per-limit basis and should match the key it counts on.
	// For instance, a rate limit on the number of certificates per name uses name as
	// a key, while a rate limit on the number of registrations per IP subnet would
	// use subnet as a key. Note that a zero entry in the overrides map does not
	// mean "no limit," it means a limit of zero. An entry of -1 means
	// "no limit", only for the pending authorizations rate limit.
	Overrides map[string]int64 `yaml:"overrides"`
	// A per-registration override setting. This can be used, e.g. if there are
	// hosting providers that we would like to grant a higher rate of issuance
	// than the default. If both key-based and registration-based overrides are
	// available, whichever is larger takes priority. Note that a zero entry in
	// the overrides map does not mean "no limit", it means a limit of zero.
	RegistrationOverrides map[int64]int64 `yaml:"registrationOverrides"`
}

RateLimitPolicy describes a general limiting policy

func (*RateLimitPolicy) Enabled ¶

func (rlp *RateLimitPolicy) Enabled() bool

Enabled returns true iff the RateLimitPolicy is enabled.

func (*RateLimitPolicy) GetThreshold ¶

func (rlp *RateLimitPolicy) GetThreshold(key string, regID int64) (int64, string)

GetThreshold returns the threshold for this rate limit and the override Id/Key if that threshold is the result of an override for the default limit, empty-string otherwise. The threshold returned takes into account any overrides for `key` or `regID`. If both `key` and `regID` have an override the largest of the two will be used.

func (*RateLimitPolicy) WindowBegin ¶

func (rlp *RateLimitPolicy) WindowBegin(windowEnd time.Time) time.Time

WindowBegin returns the time that a RateLimitPolicy's window begins, given a particular end time (typically the current time).

Source Files ¶

View all Source files

rate-limits.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL