allow separate limiter for updates and posts, agressive default limit

umputun · Jan 17, 2019 · 2a3051c · 2a3051c
1 parent 953ff03
commit 2a3051c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/backend/app/cmd/server.go b/backend/app/cmd/server.go
@@ -58,6 +58,7 @@ type ServerCommand struct {
 	EditDuration   time.Duration `long:"edit-time" env:"EDIT_TIME" default:"5m" description:"edit window"`
 	Port           int           `long:"port" env:"REMARK_PORT" default:"8080" description:"port"`
 	WebRoot        string        `long:"web-root" env:"REMARK_WEB_ROOT" default:"./web" description:"web root directory"`
+	UpdateLimit    float64       `long:"update-limit" env:"UPDATE_LIMIT" default:"0.5" description:"updates/sec limit"`
 
 	Auth struct {
 		TTL struct {
@@ -269,6 +270,7 @@ func (s *ServerCommand) newServerApp() (*serverApp, error) {
 		Cache:            loadingCache,
 		NotifyService:    notifyService,
 		SSLConfig:        sslConfig,
+		UpdateLimiter:    s.UpdateLimit,
 	}
 
 	srv.ScoreThresholds.Low, srv.ScoreThresholds.Critical = s.LowScore, s.CriticalScore

diff --git a/backend/app/rest/api/rest.go b/backend/app/rest/api/rest.go
@@ -53,6 +53,7 @@ type Rest struct {
 		Low      int
 		Critical int
 	}
+	UpdateLimiter float64
 
 	SSLConfig   SSLConfig
 	httpsServer *http.Server
@@ -229,16 +230,29 @@ func (s *Rest) routes() chi.Router {
 			rauth.Use(authMiddleware.Auth)
 			rauth.Use(logger.New(logger.Flags(logger.All), logger.Log(log.Default()),
 				logger.Prefix("[INFO]"), logger.IPfn(ipFn)).Handler)
-			rauth.Post("/comment", s.createCommentCtrl)
-			rauth.Put("/comment/{id}", s.updateCommentCtrl)
 			rauth.Get("/user", s.userInfoCtrl)
-			rauth.Put("/vote/{id}", s.voteCtrl)
 			rauth.Get("/userdata", s.userAllDataCtrl)
-			rauth.Post("/deleteme", s.deleteMeCtrl)
 
 			// admin routes, admin users only
 			rauth.Mount("/admin", s.adminService.routes(authMiddleware.AdminOnly))
 		})
+
+		// protected routes, throttled to 10/s by default, th
+		rapi.Group(func(rauth chi.Router) {
+			lmt := 10.0
+			if s.UpdateLimiter > 0 {
+				lmt = s.UpdateLimiter
+			}
+			rauth.Use(tollbooth_chi.LimitHandler(tollbooth.NewLimiter(lmt, nil)))
+			rauth.Use(authMiddleware.Auth)
+			rauth.Use(logger.New(logger.Flags(logger.All), logger.Log(log.Default()),
+				logger.Prefix("[DEBUG]"), logger.IPfn(ipFn)).Handler)
+
+			rauth.Put("/comment/{id}", s.updateCommentCtrl)
+			rauth.Post("/comment", s.createCommentCtrl)
+			rauth.Put("/vote/{id}", s.voteCtrl)
+			rauth.Post("/deleteme", s.deleteMeCtrl)
+		})
 	})
 
 	// respond to /robots.txt with the list of allowed paths