v0.12.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2022 License: MIT Imports: 6 Imported by: 4



Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute. This is meant to be used on login handlers or other sensitive transactions which should be throttled to prevent abuse.

Tracked clients are stored in a locked map, with a goroutine that runs at a configurable interval to clean up stale entries.

Note that there is no enforcement for GET requests. This is an effort to be opinionated in order to hit the most common use-cases. For more advanced use-cases, you may consider the `github.com/didip/tollbooth` package.

The enforcement mechanism is based on the blog post here: https://www.alexedwards.net/blog/how-to-rate-limit-http-requests



View Source
const DefaultCleanupInterval = 1 * time.Minute

DefaultCleanupInterval determines how frequently the cleanup routine executes.

View Source
const DefaultExpiry = 10 * time.Minute

DefaultExpiry is the amount of time to track a bucket for a particular visitor.

View Source
const DefaultRequestsPerMinute = 5

DefaultRequestsPerMinute is the number of requests to allow per minute. Any requests over this interval will return a HTTP 429 error.


This section is empty.


This section is empty.


type PostLimiter

type PostLimiter struct {
	// contains filtered or unexported fields

PostLimiter is a simple rate limiting middleware which only allows n POST requests per minute.

func NewPostLimiter

func NewPostLimiter(opts ...PostLimiterOption) *PostLimiter

NewPostLimiter returns a new instance of a PostLimiter

func (*PostLimiter) Cleanup

func (limiter *PostLimiter) Cleanup()

Cleanup removes any buckets that were last seen past the configured expiry.

func (*PostLimiter) Limit

func (limiter *PostLimiter) Limit(next http.Handler) http.HandlerFunc

Limit enforces the configured rate limit for POST requests.

TODO: Change the return value to an http.Handler when we clean up the way Gophish routing is done.

type PostLimiterOption

type PostLimiterOption func(*PostLimiter)

PostLimiterOption is a functional option that allows callers to configure the rate limiter.

func WithCleanupInterval

func WithCleanupInterval(interval time.Duration) PostLimiterOption

WithCleanupInterval sets the interval between cleaning up stale entries in the rate limit client list

func WithExpiry

func WithExpiry(expiry time.Duration) PostLimiterOption

WithExpiry sets the amount of time to store client entries before they are considered stale.

func WithRequestsPerMinute

func WithRequestsPerMinute(requestLimit int) PostLimiterOption

WithRequestsPerMinute sets the number of requests to allow per minute.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL