-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ETCM-266]-replaced-rate-limiter-built-on-twitter (#873)
[ETCM-266]-replaced-rate-limiter-built-on-twitter
- Loading branch information
Dmitry Voronov
authored
Jan 1, 2021
1 parent
c069d08
commit 84a2f9b
Showing
6 changed files
with
97 additions
and
137 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
74 changes: 60 additions & 14 deletions
74
src/main/scala/io/iohk/ethereum/jsonrpc/server/http/RateLimit.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,71 @@ | ||
package io.iohk.ethereum.jsonrpc.server.http | ||
|
||
import java.time.Clock | ||
import java.time.Duration | ||
|
||
import akka.http.scaladsl.model.RemoteAddress | ||
import com.twitter.util.LruMap | ||
import io.iohk.ethereum.jsonrpc.server.http.JsonRpcHttpServer.JsonRpcHttpServerConfig | ||
import akka.NotUsed | ||
import akka.http.scaladsl.model.{RemoteAddress, StatusCodes} | ||
import akka.http.scaladsl.server.{Directive0, Route} | ||
import io.iohk.ethereum.jsonrpc.server.http.JsonRpcHttpServer.RateLimitConfig | ||
import akka.http.scaladsl.server.Directives._ | ||
import com.google.common.base.Ticker | ||
import com.google.common.cache.CacheBuilder | ||
import io.iohk.ethereum.jsonrpc.JsonRpcError | ||
import de.heikoseeberger.akkahttpjson4s.Json4sSupport | ||
import io.iohk.ethereum.jsonrpc.serialization.JsonSerializers | ||
import org.json4s.{DefaultFormats, Formats, Serialization, native} | ||
|
||
trait RateLimit { | ||
class RateLimit(config: RateLimitConfig) extends Directive0 with Json4sSupport { | ||
|
||
val config: JsonRpcHttpServerConfig | ||
private implicit val serialization: Serialization = native.Serialization | ||
private implicit val formats: Formats = DefaultFormats + JsonSerializers.RpcErrorJsonSerializer | ||
|
||
val latestRequestTimestamps = new LruMap[RemoteAddress, Long](config.rateLimit.latestTimestampCacheSize) | ||
private[this] lazy val minInterval = config.minRequestInterval.toSeconds | ||
|
||
val clock: Clock = Clock.systemUTC() | ||
private[this] lazy val lru = { | ||
val nanoDuration = config.minRequestInterval.toNanos | ||
val javaDuration = Duration.ofNanos(nanoDuration) | ||
val ticker: Ticker = new Ticker { | ||
override def read(): Long = getCurrentTimeNanos | ||
} | ||
CacheBuilder | ||
.newBuilder() | ||
.weakKeys() | ||
.expireAfterAccess(javaDuration) | ||
.ticker(ticker) | ||
.build[RemoteAddress, NotUsed]() | ||
} | ||
|
||
private[this] def isBelowRateLimit(ip: RemoteAddress): Boolean = { | ||
var exists = true | ||
lru.get( | ||
ip, | ||
() => { | ||
exists = false | ||
NotUsed | ||
} | ||
) | ||
exists | ||
} | ||
|
||
def isBelowRateLimit(clientAddress: RemoteAddress): Boolean = { | ||
val timeMillis = clock.instant().toEpochMilli | ||
val latestRequestTimestamp = latestRequestTimestamps.getOrElse(clientAddress, 0L) | ||
// Override this to test | ||
protected def getCurrentTimeNanos: Long = System.nanoTime() | ||
|
||
val response = latestRequestTimestamp + config.rateLimit.minRequestInterval.toMillis < timeMillis | ||
if (response) latestRequestTimestamps.put(clientAddress, timeMillis) | ||
response | ||
// Such algebras prevent if-elseif-else boilerplate in the JsonRPCServer code | ||
// It is also guaranteed that: | ||
// 1) no IP address is extracted unless config.enabled is true | ||
// 2) no LRU is created unless config.enabled is true | ||
// 3) cache is accessed only once (using get) | ||
override def tapply(f: Unit => Route): Route = { | ||
if (config.enabled) { | ||
extractClientIP { ip => | ||
if (isBelowRateLimit(ip)) { | ||
val err = JsonRpcError.RateLimitError(minInterval) | ||
complete((StatusCodes.TooManyRequests, err)) | ||
} else { | ||
f.apply(()) | ||
} | ||
} | ||
} else f.apply(()) | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters