github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '71c0e8e661'
${ noResults }
portainer/api/http/security/rate_limiter.go

48 lines
1.3 KiB
Raw Normal View History Unescape

feat(security): add request rate limiter on authentication endpoint (#1866)
7 years ago
package security
import (
"net/http"
"strings"
"time"
"github.com/g07cha/defender"
refactor(api): introduce libhttp usage (#2263)
6 years ago
httperror "github.com/portainer/libhttp/error"
refactor(errors): reorganize errors (#3938) * refactor(bolt): move ErrObjectNotFound to bolt * refactor(http): move ErrUnauthorized to http package * refactor(http): move ErrResourceAccessDenied to http errors * refactor(http): move security errors to package * refactor(users): move user errors to users package * refactor(errors): move single errors to their package * refactor(schedules): move schedule error to package * refactor(http): move endpoint error to http package * refactor(docker): move docker errors to package * refactor(filesystem): move filesystem errors to package * refactor(errors): remove portainer.Error * style(chisel): reorder imports * fix(stacks): remove portainer.Error
4 years ago
"github.com/portainer/portainer/api/http/errors"
feat(security): add request rate limiter on authentication endpoint (#1866)
7 years ago
)
// RateLimiter represents an entity that manages request rate limiting
type RateLimiter struct {
*defender.Defender
}
// NewRateLimiter initializes a new RateLimiter
func NewRateLimiter(maxRequests int, duration time.Duration, banDuration time.Duration) *RateLimiter {
messages := make(chan struct{})
limiter := defender.New(maxRequests, duration, banDuration)
go limiter.CleanupTask(messages)
return &RateLimiter{
limiter,
}
}
// LimitAccess wraps current request with check if remote address does not goes above the defined limits
func (limiter *RateLimiter) LimitAccess(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ip := StripAddrPort(r.RemoteAddr)
if banned := limiter.Inc(ip); banned == true {
refactor(errors): reorganize errors (#3938) * refactor(bolt): move ErrObjectNotFound to bolt * refactor(http): move ErrUnauthorized to http package * refactor(http): move ErrResourceAccessDenied to http errors * refactor(http): move security errors to package * refactor(users): move user errors to users package * refactor(errors): move single errors to their package * refactor(schedules): move schedule error to package * refactor(http): move endpoint error to http package * refactor(docker): move docker errors to package * refactor(filesystem): move filesystem errors to package * refactor(errors): remove portainer.Error * style(chisel): reorder imports * fix(stacks): remove portainer.Error
4 years ago
httperror.WriteError(w, http.StatusForbidden, "Access denied", errors.ErrResourceAccessDenied)
feat(security): add request rate limiter on authentication endpoint (#1866)
7 years ago
return
}
next.ServeHTTP(w, r)
})
}
// StripAddrPort removes port from IP address
func StripAddrPort(addr string) string {
portIndex := strings.LastIndex(addr, ":")
if portIndex != -1 {
addr = addr[:portIndex]
}
return addr
}