ratelimit

package

v0.11.0 Latest Latest Go to latest Published: Aug 28, 2020 License: MIT Imports: 6 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/gophish/gophish

Links

Open Source Insights

Documentation ¶

Overview ¶

Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute. This is meant to be used on login handlers or other sensitive transactions which should be throttled to prevent abuse.

Tracked clients are stored in a locked map, with a goroutine that runs at a configurable interval to clean up stale entries.

Note that there is no enforcement for GET requests. This is an effort to be opinionated in order to hit the most common use-cases. For more advanced use-cases, you may consider the `github.com/didip/tollbooth` package.

The enforcement mechanism is based on the blog post here: https://www.alexedwards.net/blog/how-to-rate-limit-http-requests

Index ¶

Constants
type PostLimiter
- func NewPostLimiter(opts ...PostLimiterOption) *PostLimiter
- func (limiter *PostLimiter) Cleanup()
- func (limiter *PostLimiter) Limit(next http.Handler) http.HandlerFunc
type PostLimiterOption

Constants ¶

View Source

const DefaultCleanupInterval = 1 * time.Minute

DefaultCleanupInterval determines how frequently the cleanup routine executes.

View Source

const DefaultExpiry = 10 * time.Minute

DefaultExpiry is the amount of time to track a bucket for a particular visitor.

View Source

const DefaultRequestsPerMinute = 5

DefaultRequestsPerMinute is the number of requests to allow per minute. Any requests over this interval will return a HTTP 429 error.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type PostLimiter ¶

type PostLimiter struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

PostLimiter is a simple rate limiting middleware which only allows n POST requests per minute.

func NewPostLimiter ¶

func NewPostLimiter(opts ...PostLimiterOption) *PostLimiter

NewPostLimiter returns a new instance of a PostLimiter

func (*PostLimiter) Cleanup ¶

func (limiter *PostLimiter) Cleanup()

Cleanup removes any buckets that were last seen past the configured expiry.

func (*PostLimiter) Limit ¶

func (limiter *PostLimiter) Limit(next http.Handler) http.HandlerFunc

Limit enforces the configured rate limit for POST requests.

TODO: Change the return value to an http.Handler when we clean up the way Gophish routing is done.

type PostLimiterOption ¶

type PostLimiterOption func(*PostLimiter)

PostLimiterOption is a functional option that allows callers to configure the rate limiter.

func WithCleanupInterval ¶

func WithCleanupInterval(interval time.Duration) PostLimiterOption

WithCleanupInterval sets the interval between cleaning up stale entries in the rate limit client list

func WithExpiry ¶

func WithExpiry(expiry time.Duration) PostLimiterOption

WithExpiry sets the amount of time to store client entries before they are considered stale.

func WithRequestsPerMinute ¶

func WithRequestsPerMinute(requestLimit int) PostLimiterOption

WithRequestsPerMinute sets the number of requests to allow per minute.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL