fix(ratelimit): Ignore deck API requests (spinnaker#399)

danielpeach · May 24, 2018 · a36792c · a36792c
1 parent 19811bd
commit a36792c
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/filters/CorsFilter.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/filters/CorsFilter.groovy
@@ -48,7 +48,7 @@ class CorsFilter implements Filter {
     response.setHeader("Access-Control-Allow-Origin", origin)
     response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT, PATCH")
     response.setHeader("Access-Control-Max-Age", "3600")
-    response.setHeader("Access-Control-Allow-Headers", "x-requested-with, content-type, authorization")
+    response.setHeader("Access-Control-Allow-Headers", "x-requested-with, content-type, authorization, X-RateLimit-App")
     response.setHeader("Access-Control-Expose-Headers", [Headers.AUTHENTICATION_REDIRECT_HEADER_NAME].join(", "))
     chain.doFilter(req, res)
   }

diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/ratelimit/RateLimitingInterceptor.java b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/ratelimit/RateLimitingInterceptor.java
@@ -51,6 +51,12 @@ public RateLimitingInterceptor(RateLimiter rateLimiter, Registry registry, RateL
 
   @Override
   public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+    if ("deck".equalsIgnoreCase(request.getHeader("X-RateLimit-App"))) {
+      // If the API request is being made from deck, just let it through without question.
+      // Better than trying to keep tuning the rate limiter based on changes to deck.
+      return true;
+    }
+
     String principalName = getPrincipal(request).toString();
     if (UNKNOWN_PRINCIPAL.equals(principalName)) {
       // Occurs when Spring decides to dispatch to /error after we send the initial 429.

diff --git a/...b/src/test/groovy/com/netflix/spinnaker/gate/ratelimit/RateLimitingInterceptorSpec.groovy b/...b/src/test/groovy/com/netflix/spinnaker/gate/ratelimit/RateLimitingInterceptorSpec.groovy
@@ -93,4 +93,21 @@ class RateLimitingInterceptorSpec extends Specification {
     true     | 'baz@example.com' || false
     false    | 'baz@example.com' || true
   }
+
+  def 'should ignore deck requests'() {
+    given:
+    def subject = new RateLimitingInterceptor(rateLimiter, registry, new StaticRateLimitPrincipalProvider(new RateLimiterConfiguration()))
+
+    and:
+    def request = Mock(HttpServletRequest)
+    def response = Mock(HttpServletResponse)
+
+    when:
+    subject.preHandle(request, response, null)
+
+    then:
+    noExceptionThrown()
+    1 * request.getHeader("X-RateLimit-App") >> { return "deck" }
+    0 * _
+  }
 }