Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Anura Rate Limiter #513

Merged
merged 8 commits into from
Feb 20, 2025
Merged

feat: Anura Rate Limiter #513

merged 8 commits into from
Feb 20, 2025

Conversation

kelindi
Copy link
Contributor

@kelindi kelindi commented Feb 14, 2025
edited by bgins
Loading

Summary

This pull request makes the following changes:

  • Adds new separate routes for Anura
  • Creates a Rate Limitting middleware that only allows Anura to interface with these endpoints providing a valid signature

@kelindi kelindi requested a review from a team as a code owner February 14, 2025 21:37
@kelindi kelindi self-assigned this Feb 14, 2025
@cla-bot cla-bot bot added the cla-signed label Feb 14, 2025
@kelindi kelindi requested a review from bgins February 14, 2025 21:37
bgins
bgins reviewed Feb 14, 2025
View reviewed changes
bgins
bgins reviewed Feb 15, 2025
View reviewed changes
@bgins
Copy link
Contributor

bgins commented Feb 15, 2025

A few places where we have references to the exemption code that can be removed:

lilypad/pkg/http/types.go

Line 26 in 0fd6304

ExemptedIPs []string

lilypad/pkg/options/server.go

Lines 98 to 104 in 0fd6304

if len(options.RateLimiter.ExemptedIPs) > 0 {
for _, ip := range options.RateLimiter.ExemptedIPs {
if net.ParseIP(ip) == nil {
return fmt.Errorf("invalid IP address: %s", ip)
}
}
}

lilypad/pkg/solver/server.go

Lines 73 to 91 in 0fd6304

exemptIPs := solverServer.options.RateLimiter.ExemptedIPs
// TODO: re-enable exempt IP rate limiting
// subrouter.Use(httprate.Limit(
// solverServer.options.RateLimiter.RequestLimit,
// time.Duration(solverServer.options.RateLimiter.WindowLength)*time.Second,
// httprate.WithKeyFuncs(
// exemptIPKeyFunc(exemptIPs),
// httprate.KeyByEndpoint,
// ),
// httprate.WithLimitHandler(func(w corehttp.ResponseWriter, r *corehttp.Request) {
// key, _ := exemptIPKeyFunc(exemptIPs)(r)
// if strings.HasPrefix(key, "exempt-") {
// return
// }
// corehttp.Error(w, "Too Many Requests", corehttp.StatusTooManyRequests)
// }),
// ))

lilypad/pkg/solver/server.go

Line 99 in 0fd6304

log.Info().Strs("exemptIPs", exemptIPs).Msg("Loaded rate limit exemptions")

lilypad/pkg/solver/server.go

Lines 237 to 254 in 0fd6304

func exemptIPKeyFunc(exemptIPs []string) func(r *corehttp.Request) (string, error) {
return func(r *corehttp.Request) (string, error) {
ip, err := httprate.KeyByRealIP(r)
if err != nil {
log.Error().Err(err).Msg("error getting real ip")
return "", err
}
// Check if the IP is in the exempt list
for _, exemptIP := range exemptIPs {
if http.CanonicalizeIP(exemptIP) == ip {
return "exempt-" + ip, nil
}
}
return ip, nil
}
}

We can probably also get rid of this canonicalize helper we added for the exemption handler:

lilypad/pkg/http/utils.go

Lines 506 to 531 in 0fd6304

func CanonicalizeIP(ip string) string {
isIPv6 := false
// This is how net.ParseIP decides if an address is IPv6
// https://cs.opensource.google/go/go/+/refs/tags/go1.17.7:src/net/ip.go;l=704
for i := 0; !isIPv6 && i < len(ip); i++ {
switch ip[i] {
case '.':
// IPv4
return ip
case ':':
// IPv6
isIPv6 = true
break
}
}
if !isIPv6 {
// Not an IP address at all
return ip
}
ipv6 := net.ParseIP(ip)
if ipv6 == nil {
return ip
}
return ipv6.Mask(net.CIDRMask(64, 128)).String()
}

bgins
bgins reviewed Feb 18, 2025
View reviewed changes
bgins
bgins approved these changes Feb 19, 2025
View reviewed changes
Copy link
Contributor

@bgins bgins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! 🎉

@kelindi kelindi merged commit 8e996a7 into main Feb 20, 2025
5 checks passed
@kelindi kelindi deleted the kelindi/anura-rate-limiter branch February 20, 2025 18:39
@lilypad-releases lilypad-releases bot mentioned this pull request Feb 20, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bgins bgins bgins approved these changes

Assignees

@kelindi kelindi

Labels
cla-signed feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kelindi @bgins