server

package
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2026 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const HealthzPath = "/api/v1/healthz"

HealthzPath is the Kubernetes liveness probe (process up; no dependency checks).

View Source
const ReadyzPath = "/api/v1/readyz"

ReadyzPath is the Kubernetes readiness probe (DB reachable, buffer healthy).

View Source
const VersionPath = "/api/v1/version"

VersionPath exposes build metadata for operators and kui.

Variables

This section is empty.

Functions

func WrapStats added in v0.3.0

func WrapStats(base http.Handler, rl *APIRateLimiter) http.Handler

WrapStats applies API rate limiting to /api/v1/stats/* only.

Types

type APIRateLimiter added in v0.3.0

type APIRateLimiter struct {
	// contains filtered or unexported fields
}

APIRateLimiter limits stats API requests per API key (or client IP when no key).

func NewAPIRateLimiter added in v0.3.0

func NewAPIRateLimiter(requestsPerSec, burst int) *APIRateLimiter

NewAPIRateLimiter creates a per-key token bucket for the stats API.

func (*APIRateLimiter) Middleware added in v0.3.0

func (rl *APIRateLimiter) Middleware(next http.Handler) http.Handler

Middleware wraps stats routes with per-key rate limiting.

type FilterConfig added in v0.4.0

type FilterConfig struct {
	AllowedHosts       []string
	IgnoreIPs          []string
	TrustProxy         bool
	BlockDatacenterIPs bool
	DatacenterExtra    []string
}

FilterConfig controls ingest-side rejection rules.

type HitFilter added in v0.4.0

type HitFilter struct {
	// contains filtered or unexported fields
}

HitFilter applies allowlist, bot, spam, and IP block rules.

func NewHitFilter added in v0.4.0

func NewHitFilter(cfg FilterConfig) (*HitFilter, error)

NewHitFilter builds a filter from config. Datacenter blocklist is optional.

func (*HitFilter) Check added in v0.4.0

func (f *HitFilter) Check(h hit.Hit, r *http.Request) (RejectReason, string)

Check returns a reject reason or empty when the hit should be accepted.

type HostRateLimiter added in v0.4.0

type HostRateLimiter struct {
	// contains filtered or unexported fields
}

HostRateLimiter applies a per-site-host token bucket on ingest.

func NewHostRateLimiter added in v0.4.0

func NewHostRateLimiter(requestsPerSec, burst int) *HostRateLimiter

NewHostRateLimiter creates a per-host limiter. requestsPerSec <= 0 disables limits.

func (*HostRateLimiter) Allow added in v0.4.0

func (h *HostRateLimiter) Allow(host string) bool

Allow reports whether another hit for host may proceed.

type MiddlewareSkip added in v0.2.0

type MiddlewareSkip struct {
	Exact    []string
	Prefixes []string
}

MiddlewareSkip lists request paths exempt from rate limiting.

func PublicMiddlewareSkip added in v0.2.0

func PublicMiddlewareSkip() MiddlewareSkip

PublicMiddlewareSkip returns paths that must stay reachable without rate limits (probes, static tracking script).

func StatsMiddlewareSkip added in v0.3.0

func StatsMiddlewareSkip() MiddlewareSkip

StatsMiddlewareSkip returns paths exempt from ingest rate limits but not stats auth.

type RateLimitConfig added in v0.2.0

type RateLimitConfig struct {
	RequestsPerSec int
	Burst          int
	TrustProxy     bool
}

RateLimitConfig holds rate limiter parameters (requests per second).

type RateLimiter added in v0.2.0

type RateLimiter struct {
	// contains filtered or unexported fields
}

RateLimiter is a per-IP token-bucket rate limiter.

func NewRateLimiter added in v0.2.0

func NewRateLimiter(cfg RateLimitConfig) *RateLimiter

NewRateLimiter creates a per-IP token bucket rate limiter. Call Shutdown on cleanup.

func (*RateLimiter) Middleware added in v0.2.0

func (rl *RateLimiter) Middleware(next http.Handler, skip MiddlewareSkip) http.Handler

Middleware wraps next with per-IP rate limiting. Paths in skip are exempt.

func (*RateLimiter) Shutdown added in v0.2.0

func (rl *RateLimiter) Shutdown()

Shutdown stops the background cleanup goroutine.

type RejectReason added in v0.4.0

type RejectReason string

RejectReason explains why a hit was dropped.

const (
	RejectNone          RejectReason = ""
	RejectNotAllowed    RejectReason = "not_allowed"
	RejectPrefetch      RejectReason = "prefetch"
	RejectBot           RejectReason = "bot"
	RejectReferrerSpam  RejectReason = "referrer_spam"
	RejectIgnoredIP     RejectReason = "ignored_ip"
	RejectDatacenterIP  RejectReason = "datacenter_ip"
	RejectNoClientIP    RejectReason = "no_client_ip"
	RejectHostRateLimit RejectReason = "host_rate_limit"
)

type Server

type Server struct {
	// contains filtered or unexported fields
}

func New

func New(s store.Store, buf hit.Buffer, l *log.Logger, v visitor.Hasher, rl *RateLimiter, opts ...ServerOption) *Server

func (*Server) Handler

func (s *Server) Handler() http.Handler

type ServerOption added in v0.3.0

type ServerOption func(*Server)

ServerOption configures optional Server behavior.

func WithIngest added in v0.4.0

func WithIngest(filter *HitFilter, hostRL *HostRateLimiter, trustProxy bool) ServerOption

WithIngest configures hit filtering and per-host rate limits.

func WithStats added in v0.3.0

func WithStats(cfg StatsConfig, apiRL *APIRateLimiter) ServerOption

WithStats enables the read-only stats API.

type StatsConfig added in v0.3.0

type StatsConfig struct {
	APIKey string
}

StatsConfig configures the read-only stats API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL