gophish: Index | Files

package ratelimit

import ""

Package ratelimit provides a simple token-bucket rate limiting middleware which only allows n POST requests every minute. This is meant to be used on login handlers or other sensitive transactions which should be throttled to prevent abuse.

Tracked clients are stored in a locked map, with a goroutine that runs at a configurable interval to clean up stale entries.

Note that there is no enforcement for GET requests. This is an effort to be opinionated in order to hit the most common use-cases. For more advanced use-cases, you may consider the `` package.

The enforcement mechanism is based on the blog post here:


Package Files

doc.go ratelimit.go


const DefaultCleanupInterval = 1 * time.Minute

DefaultCleanupInterval determines how frequently the cleanup routine executes.

const DefaultExpiry = 10 * time.Minute

DefaultExpiry is the amount of time to track a bucket for a particular visitor.

const DefaultRequestsPerMinute = 5

DefaultRequestsPerMinute is the number of requests to allow per minute. Any requests over this interval will return a HTTP 429 error.

type PostLimiter Uses

type PostLimiter struct {
    // contains filtered or unexported fields

PostLimiter is a simple rate limiting middleware which only allows n POST requests per minute.

func NewPostLimiter Uses

func NewPostLimiter(opts ...PostLimiterOption) *PostLimiter

NewPostLimiter returns a new instance of a PostLimiter

func (*PostLimiter) Cleanup Uses

func (limiter *PostLimiter) Cleanup()

Cleanup removes any buckets that were last seen past the configured expiry.

func (*PostLimiter) Limit Uses

func (limiter *PostLimiter) Limit(next http.Handler) http.HandlerFunc

Limit enforces the configured rate limit for POST requests.

TODO: Change the return value to an http.Handler when we clean up the way Gophish routing is done.

type PostLimiterOption Uses

type PostLimiterOption func(*PostLimiter)

PostLimiterOption is a functional option that allows callers to configure the rate limiter.

func WithCleanupInterval Uses

func WithCleanupInterval(interval time.Duration) PostLimiterOption

WithCleanupInterval sets the interval between cleaning up stale entries in the rate limit client list

func WithExpiry Uses

func WithExpiry(expiry time.Duration) PostLimiterOption

WithExpiry sets the amount of time to store client entries before they are considered stale.

func WithRequestsPerMinute Uses

func WithRequestsPerMinute(requestLimit int) PostLimiterOption

WithRequestsPerMinute sets the number of requests to allow per minute.

Package ratelimit imports 6 packages (graph) and is imported by 2 packages. Updated 2020-10-15. Refresh now. Tools for package owners.