Documentation
¶
Index ¶
- Constants
- Variables
- func TLSClientIPKey(info *tls.ClientHelloInfo) string
- func TLSHostnameKey(info *tls.ClientHelloInfo) string
- type GetCertificateFunc
- type KeyFunc
- type Option
- func WithBlockedCountMetric(m *prometheus.GaugeVec) Option
- func WithBurstSize(burst int) Option
- func WithCacheMaxSize(size int64) Option
- func WithCachedEntriesMetric(m *prometheus.GaugeVec) Option
- func WithCachedRequestsMetric(m *prometheus.CounterVec) Option
- func WithKeyFunc(f KeyFunc) Option
- func WithLimitPerSecond(limit float64) Option
- func WithNow(now func() time.Time) Option
- func WithTLSKeyFunc(keyFunc TLSKeyFunc) Option
- type RateLimiter
- type TLSKeyFunc
Constants ¶
const ( // based on an avg ~4,000 unique IPs per minute // https://log.gprd.gitlab.net/app/lens#/edit/f7110d00-2013-11ec-8c8e-ed83b5469915?_g=h@e78830b DefaultSourceIPCacheSize = 5000 // we have less than 4000 different hosts per minute // https://log.gprd.gitlab.net/app/dashboards#/view/d52ab740-61a4-11ec-b20d-65f14d890d9b?_a=(viewMode:edit)&_g=h@42b0d52 DefaultDomainCacheSize = 4000 )
Variables ¶
var ErrTLSRateLimited = errors.New("too many connections, please retry later")
Functions ¶
func TLSClientIPKey ¶ added in v1.55.0
func TLSClientIPKey(info *tls.ClientHelloInfo) string
func TLSHostnameKey ¶ added in v1.55.0
func TLSHostnameKey(info *tls.ClientHelloInfo) string
Types ¶
type GetCertificateFunc ¶ added in v1.55.0
type GetCertificateFunc func(*tls.ClientHelloInfo) (*tls.Certificate, error)
type KeyFunc ¶ added in v1.49.0
KeyFunc returns unique identifier for the subject of rate limit(e.g. client IP or domain)
type Option ¶
type Option func(*RateLimiter)
Option function to configure a RateLimiter
func WithBlockedCountMetric ¶ added in v1.49.0
func WithBlockedCountMetric(m *prometheus.GaugeVec) Option
WithBlockedCountMetric configures metric reporting how many requests were blocked
func WithBurstSize ¶ added in v1.49.0
WithBurstSize configures burst per keyFunc value for the RateLimiter
func WithCacheMaxSize ¶ added in v1.49.0
WithCacheMaxSize configures cache size for ratelimiter
func WithCachedEntriesMetric ¶ added in v1.49.0
func WithCachedEntriesMetric(m *prometheus.GaugeVec) Option
WithCachedEntriesMetric configures metric reporting how many keys are currently stored in the rate-limiter cache
func WithCachedRequestsMetric ¶ added in v1.49.0
func WithCachedRequestsMetric(m *prometheus.CounterVec) Option
WithCachedRequestsMetric configures metric for how many times we access cache
func WithKeyFunc ¶ added in v1.51.0
WithKeyFunc configures keyFunc
func WithLimitPerSecond ¶ added in v1.49.0
WithLimitPerSecond allows configuring limit per second for RateLimiter
func WithTLSKeyFunc ¶ added in v1.55.0
func WithTLSKeyFunc(keyFunc TLSKeyFunc) Option
type RateLimiter ¶
type RateLimiter struct {
// contains filtered or unexported fields
}
RateLimiter holds an LRU cache of elements to be rate limited. It uses "golang.org/x/time/rate" as its Token Bucket rate limiter per source IP entry. See example https://www.fatalerrors.org/a/design-and-implementation-of-time-rate-limiter-for-golang-standard-library.html It also holds a now function that can be mocked in unit tests.
func New ¶
func New(name string, opts ...Option) *RateLimiter
New creates a new RateLimiter with default values that can be configured via Option functions
func (*RateLimiter) GetCertificateMiddleware ¶ added in v1.55.0
func (rl *RateLimiter) GetCertificateMiddleware(getCertificate GetCertificateFunc) GetCertificateFunc
func (*RateLimiter) Middleware ¶ added in v1.49.0
func (rl *RateLimiter) Middleware(handler http.Handler) http.Handler
Middleware returns middleware for rate-limiting clients
type TLSKeyFunc ¶ added in v1.55.0
type TLSKeyFunc func(*tls.ClientHelloInfo) string
TLSKeyFunc is used by GetCertificateMiddleware to identify the subject of rate limit (client IP or SNI servername)
Source Files