Documentation ¶
Overview ¶
Package limiter provides an IP request rate limiter with Gin middleware.
Copyright (c) 2018 - 2024 PhotoPrism UG. All rights reserved.
This program is free software: you can redistribute it and/or modify it under Version 3 of the GNU Affero General Public License (the "AGPL"): <https://docs.photoprism.app/license/agpl> This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. The AGPL is supplemented by our Trademark and Brand Guidelines, which describe how our Brand Assets may be used: <https://www.photoprism.app/trademark>
Feel free to send an email to hello@photoprism.app if you have questions, want to support our work, or just want to say hello.
Additional information can be found in our Developer Guide: <https://docs.photoprism.app/developer-guide/>
Index ¶
- Constants
- Variables
- func Abort(c *gin.Context)
- func AbortJSON(c *gin.Context)
- func Middleware(limiter *Limit) gin.HandlerFunc
- type Limit
- func (i *Limit) AddIP(ip string) *rate.Limiter
- func (i *Limit) Allow(ip string) bool
- func (i *Limit) AllowN(ip string, n int) bool
- func (i *Limit) IP(ip string) *rate.Limiter
- func (i *Limit) Reject(ip string) bool
- func (i *Limit) Request(ip string) *Request
- func (i *Limit) RequestN(ip string, n int) *Request
- func (i *Limit) Reserve(ip string) *rate.Reservation
- func (i *Limit) ReserveN(ip string, n int) *rate.Reservation
- type Request
Constants ¶
const ( DefaultAuthInterval = time.Second * 10 // average authentication errors per second DefaultAuthLimit = 60 // authentication failure burst rate limit (for access tokens) )
const ( DefaultLoginInterval = time.Minute // average failed logins per second DefaultLoginLimit = 10 // login failure burst rate limit (for passwords and 2FA) )
const (
DefaultIP = "0.0.0.0"
)
Variables ¶
var Auth = NewLimit(rate.Every(DefaultAuthInterval), DefaultAuthLimit)
Auth limits the number of authentication errors from a single IP per time interval (every 15 seconds by default).
var Login = NewLimit(rate.Every(DefaultLoginInterval), DefaultLoginLimit)
Login limits the number of failed login attempts from a single IP per time interval (one per minute by default).
Functions ¶
func Middleware ¶
func Middleware(limiter *Limit) gin.HandlerFunc
Middleware registers the IP rate limiter middleware.
Types ¶
type Limit ¶
type Limit struct {
// contains filtered or unexported fields
}
Limit represents an IP-based rate limiter.
func NewLimit ¶
NewLimit returns a new Limit with the specified request and burst rate limit per second.
func (*Limit) Allow ¶
Allow checks if a new request is allowed at this time and increments the request counter by 1.
func (*Limit) AllowN ¶
AllowN checks if a new request is allowed at this time and increments the request counter by n.
func (*Limit) IP ¶
IP returns the rate limiter for the specified IP address. TODO: Normalize IPv6 addresses so that hosts with multiple addresses cannot be used for spray attacks.
func (*Limit) Reject ¶
Reject checks if the request rate limit has been exceeded, but does not modify the counter.
func (*Limit) Request ¶
Request tries to increment the request counter and returns the result as new *Request.
func (*Limit) RequestN ¶
RequestN tries to increment the request counter by n and returns the result as new *Request.
type Request ¶
type Request struct { Tokens int // contains filtered or unexported fields }
Request represents a request for the specified number of limiter tokens.
func NewRequest ¶
NewRequest checks if a request is allowed, reserves the required tokens, and returns a new Request to revert the reservation if successful.