Enforce per-IP rate limits
This commit is contained in:
parent
087e192fac
commit
d550c69f7f
|
@ -1003,7 +1003,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
|
||||||
|
|
||||||
environment.jersey().register(new BufferingInterceptor());
|
environment.jersey().register(new BufferingInterceptor());
|
||||||
environment.jersey().register(new VirtualExecutorServiceProvider("managed-async-virtual-thread-"));
|
environment.jersey().register(new VirtualExecutorServiceProvider("managed-async-virtual-thread-"));
|
||||||
environment.jersey().register(new RateLimitByIpFilter(rateLimiters, true));
|
environment.jersey().register(new RateLimitByIpFilter(rateLimiters));
|
||||||
environment.jersey().register(new RequestStatisticsFilter(TrafficSource.HTTP));
|
environment.jersey().register(new RequestStatisticsFilter(TrafficSource.HTTP));
|
||||||
environment.jersey().register(MultiRecipientMessageProvider.class);
|
environment.jersey().register(MultiRecipientMessageProvider.class);
|
||||||
environment.jersey().register(new AuthDynamicFeature(accountAuthFilter));
|
environment.jersey().register(new AuthDynamicFeature(accountAuthFilter));
|
||||||
|
@ -1022,7 +1022,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
|
||||||
clientReleaseManager, messageDeliveryLoopMonitor));
|
clientReleaseManager, messageDeliveryLoopMonitor));
|
||||||
webSocketEnvironment.jersey()
|
webSocketEnvironment.jersey()
|
||||||
.register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
|
.register(new WebsocketRefreshApplicationEventListener(accountsManager, clientPresenceManager));
|
||||||
webSocketEnvironment.jersey().register(new RateLimitByIpFilter(rateLimiters, true));
|
webSocketEnvironment.jersey().register(new RateLimitByIpFilter(rateLimiters));
|
||||||
webSocketEnvironment.jersey().register(new RequestStatisticsFilter(TrafficSource.WEBSOCKET));
|
webSocketEnvironment.jersey().register(new RequestStatisticsFilter(TrafficSource.WEBSOCKET));
|
||||||
webSocketEnvironment.jersey().register(MultiRecipientMessageProvider.class);
|
webSocketEnvironment.jersey().register(MultiRecipientMessageProvider.class);
|
||||||
webSocketEnvironment.jersey().register(new MetricsApplicationEventListener(TrafficSource.WEBSOCKET, clientReleaseManager));
|
webSocketEnvironment.jersey().register(new MetricsApplicationEventListener(TrafficSource.WEBSOCKET, clientReleaseManager));
|
||||||
|
|
|
@ -41,15 +41,9 @@ public class RateLimitByIpFilter implements ContainerRequestFilter {
|
||||||
private static final String NO_IP_COUNTER_NAME = MetricsUtil.name(RateLimitByIpFilter.class, "noIpAddress");
|
private static final String NO_IP_COUNTER_NAME = MetricsUtil.name(RateLimitByIpFilter.class, "noIpAddress");
|
||||||
|
|
||||||
private final RateLimiters rateLimiters;
|
private final RateLimiters rateLimiters;
|
||||||
private final boolean softEnforcement;
|
|
||||||
|
|
||||||
public RateLimitByIpFilter(final RateLimiters rateLimiters, final boolean softEnforcement) {
|
|
||||||
this.rateLimiters = requireNonNull(rateLimiters);
|
|
||||||
this.softEnforcement = softEnforcement;
|
|
||||||
}
|
|
||||||
|
|
||||||
public RateLimitByIpFilter(final RateLimiters rateLimiters) {
|
public RateLimitByIpFilter(final RateLimiters rateLimiters) {
|
||||||
this(rateLimiters, false);
|
this.rateLimiters = requireNonNull(rateLimiters);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -87,9 +81,7 @@ public class RateLimitByIpFilter implements ContainerRequestFilter {
|
||||||
// checking if annotation is configured to fail when the most recent IP is not resolved
|
// checking if annotation is configured to fail when the most recent IP is not resolved
|
||||||
if (annotation.failOnUnresolvedIp()) {
|
if (annotation.failOnUnresolvedIp()) {
|
||||||
logger.error("Remote address was null");
|
logger.error("Remote address was null");
|
||||||
if (!softEnforcement) {
|
throw INVALID_HEADER_EXCEPTION;
|
||||||
throw INVALID_HEADER_EXCEPTION;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
// otherwise, allow request
|
// otherwise, allow request
|
||||||
return;
|
return;
|
||||||
|
@ -99,9 +91,7 @@ public class RateLimitByIpFilter implements ContainerRequestFilter {
|
||||||
rateLimiter.validate(remoteAddress.get());
|
rateLimiter.validate(remoteAddress.get());
|
||||||
} catch (RateLimitExceededException e) {
|
} catch (RateLimitExceededException e) {
|
||||||
final Response response = EXCEPTION_MAPPER.toResponse(e);
|
final Response response = EXCEPTION_MAPPER.toResponse(e);
|
||||||
if (!softEnforcement) {
|
throw new ClientErrorException(response);
|
||||||
throw new ClientErrorException(response);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue