Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: Rate limit exempt keys #83

Merged
merged 2 commits into from
Jun 11, 2020
Merged

Feat: Rate limit exempt keys #83

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
616bb86
feat: add support for RateLimitExempt column
nbey May 24, 2020
a5fb25b
feat: allow RateLimitExempt keys to bypass metrics
nbey May 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions event-handlers/Gatekeeper/ApiRequestHandler/afterApiRequest/10_register-response.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@

$Endpoint = $_EVENT['request']->getEndpoint();
$userIdentifier = $_EVENT['request']->getUserIdentifier();
$Key = $_EVENT['request']->getKey();


// append metrics
Expand All @@ -20,11 +21,14 @@


// drip bandwidth bucket
if ($Endpoint->GlobalBandwidthPeriod && $Endpoint->GlobalBandwidthCount) {
if (
(!$Key || !$Key->RateLimitExempt) &&
($Endpoint->GlobalBandwidthPeriod && $Endpoint->GlobalBandwidthCount)
) {
HitBuckets::drip("endpoints/$Endpoint->ID/bandwidth", function() use ($Endpoint) {
return [
'seconds' => $Endpoint->GlobalBandwidthPeriod,
'count' => $Endpoint->GlobalBandwidthCount
];
}, $_EVENT['Transaction']->ResponseBytes);
}
}
6 changes: 5 additions & 1 deletion ...t-handlers/Gatekeeper/ApiRequestHandler/beforeApiRequest/75_reject-endpoint-user-rate.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,14 @@

$Endpoint = $_EVENT['request']->getEndpoint();
$userIdentifier = $_EVENT['request']->getUserIdentifier();
$Key = $_EVENT['request']->getKey();


// drip into endpoint+user bucket first so that abusive users can't pollute the global bucket
if ($Endpoint->UserRatePeriod && $Endpoint->UserRateCount) {
if (
(!$Key || !$Key->RateLimitExempt) &&
($Endpoint->UserRatePeriod && $Endpoint->UserRateCount)
) {
$bucket = HitBuckets::drip("endpoints/$Endpoint->ID/$userIdentifier", function() use ($Endpoint) {
return array('seconds' => $Endpoint->UserRatePeriod, 'count' => $Endpoint->UserRateCount);
});
Expand Down
6 changes: 5 additions & 1 deletion event-handlers/Gatekeeper/ApiRequestHandler/beforeApiRequest/95_reject-endpoint-rate.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,14 @@


$Endpoint = $_EVENT['request']->getEndpoint();
$Key = $_EVENT['request']->getKey();


// drip into endpoint requests bucket
if ($Endpoint->GlobalRatePeriod && $Endpoint->GlobalRateCount) {
if (
(!$Key || !$Key->RateLimitExempt) &&
($Endpoint->GlobalRatePeriod && $Endpoint->GlobalRateCount)
) {
$flagKey = "alerts/endpoints/$Endpoint->ID/rate-flagged";

$bucket = HitBuckets::drip("endpoints/$Endpoint->ID/requests", function() use ($Endpoint) {
Expand Down
1 change: 1 addition & 0 deletions html-templates/keys/keyEdit.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@

{field inputName=ExpirationDate label='Expiration Date' type=date default=tif($Key->ExpirationDate, date('Y-m-d', $Key->ExpirationDate)) hint="Leave blank if none"}

{checkbox inputName=RateLimitExempt value=1 unsetValue=0 label='Exempt from Rate Limits?' default=$Key->RateLimitExempt hint="Check this option to exempt this key from rate limit thresholds and impacting other consumers of the API."}
{checkbox inputName=AllEndpoints value=1 unsetValue=0 label='Allow all endpoints?' default=$Key->AllEndpoints hint="Uncheck this option to allow more fine-grained access control to endpoints on the key page."}

{checkbox inputName=Status value=revoked unsetValue=active label='Revoked' default=$Key->Status}
Expand Down
4 changes: 4 additions & 0 deletions php-classes/Gatekeeper/Keys/Key.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,10 @@ class Key extends \ActiveRecord
'AllEndpoints' => [
'type' => 'boolean',
'default' => false
],
'RateLimitExempt' => [
'type' => 'boolean',
'default' => false
]
];

Expand Down
31 changes: 31 additions & 0 deletions php-migrations/Gatekeeper/Key/20200524000000_add-rate-limit-exempt.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
<?php

namespace Gatekeeper\Keys;

use DB;
use SQL;

$tableName = Key::$tableName;
$columnName = 'RateLimitExempt';

if (!static::tableExists($tableName)) {
printf('Table `%s` does not exist, skipping.', $tableName);
return static::STATUS_SKIPPED;
}

if (static::columnExists($tableName, $columnName)) {
printf('Column `%s`.`%s` already exists, skipping.', $tableName, $columnName);
return static::STATUS_SKIPPED;
}

$fieldDefinition = SQL::getFieldDefinition(Key::class, $columnName, false);

DB::nonQuery(
'ALTER TABLE `%s` ADD %s',
[
$tableName,
$fieldDefinition
]
);

return static::columnExists($tableName, $columnName) === true ? static::STATUS_EXECUTED : static::STATUS_FAILED;