devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

feat: add Redis based rate limiting for multiple instances

Browse Source
This commit is contained in:
Jonas Kaninda
2024-11-14 13:17:28 +01:00
parent a874d14194
commit 5951616153
11 changed files with 99 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/middleware/access-middleware.go
View File

@@ -30,7 +30,7 @@ func (blockList AccessListMiddleware) AccessMiddleware(next http.Handler) http.H
for _, block := range blockList.List { for _, block := range blockList.List {
if isPathBlocked(r.URL.Path, util.ParseURLPath(blockList.Path+block)) { if isPathBlocked(r.URL.Path, util.ParseURLPath(blockList.Path+block)) {
logger.Error("%s: %s access forbidden", getRealIP(r), r.URL.Path) logger.Error("%s: %s access forbidden", getRealIP(r), r.URL.Path)
RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d you do not have permission to access this resource", http.StatusForbidden), blockList.ErrorInterceptor) RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d you do not have permission to access this resource"))
return return
} }
} }
@@ -54,7 +54,7 @@ func isPathBlocked(requestPath, blockedPath string) bool {
return false return false
} }
// NewRateLimiter creates a new rate limiter with the specified refill rate and token capacity // NewRateLimiter creates a new requests limiter with the specified refill requests and token capacity
func NewRateLimiter(maxTokens int, refillRate time.Duration) *TokenRateLimiter { func NewRateLimiter(maxTokens int, refillRate time.Duration) *TokenRateLimiter {
return &TokenRateLimiter{ return &TokenRateLimiter{
tokens: maxTokens, tokens: maxTokens,

4
internal/middleware/block-common-exploits.go
View File

@@ -46,7 +46,7 @@ func (blockCommon BlockCommon) BlockExploitsMiddleware(next http.Handler) http.H
pathTraversalPattern.MatchString(r.URL.Path) || pathTraversalPattern.MatchString(r.URL.Path) ||
xssPattern.MatchString(r.URL.RawQuery) { xssPattern.MatchString(r.URL.RawQuery) {
logger.Error("%s: %s Forbidden - Potential exploit detected", getRealIP(r), r.URL.Path) logger.Error("%s: %s Forbidden - Potential exploit detected", getRealIP(r), r.URL.Path)
RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden), blockCommon.ErrorInterceptor) RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden))
return return
} }
@@ -57,7 +57,7 @@ func (blockCommon BlockCommon) BlockExploitsMiddleware(next http.Handler) http.H
for _, value := range values { for _, value := range values {
if sqlInjectionPattern.MatchString(value) || xssPattern.MatchString(value) { if sqlInjectionPattern.MatchString(value) || xssPattern.MatchString(value) {
logger.Error("%s: %s %s Forbidden - Potential exploit detected", getRealIP(r), r.Method, r.URL.Path) logger.Error("%s: %s %s Forbidden - Potential exploit detected", getRealIP(r), r.Method, r.URL.Path)
RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden), blockCommon.ErrorInterceptor) RespondWithError(w, http.StatusForbidden, fmt.Sprintf("%d Forbidden - Potential exploit detected", http.StatusForbidden))
return return
} }
} }

12
internal/middleware/error-interceptor.go
View File

@@ -18,7 +18,6 @@ package middleware
*/ */
import ( import (
"bytes" "bytes"
"encoding/json"
"github.com/jkaninda/goma-gateway/pkg/logger" "github.com/jkaninda/goma-gateway/pkg/logger"
"io" "io"
"net/http" "net/http"
@@ -49,20 +48,11 @@ func (intercept InterceptErrors) ErrorInterceptor(next http.Handler) http.Handle
if canIntercept(rec.statusCode, intercept.Errors) { if canIntercept(rec.statusCode, intercept.Errors) {
logger.Debug("Backend error") logger.Debug("Backend error")
logger.Error("An error occurred from the backend with the status code: %d", rec.statusCode) logger.Error("An error occurred from the backend with the status code: %d", rec.statusCode)
w.Header().Set("Content-Type", "application/json")
//Update Origin Cors Headers //Update Origin Cors Headers
if allowedOrigin(intercept.Origins, r.Header.Get("Origin")) { if allowedOrigin(intercept.Origins, r.Header.Get("Origin")) {
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin")) w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
} }
w.WriteHeader(rec.statusCode) RespondWithError(w, rec.statusCode, http.StatusText(rec.statusCode))
err := json.NewEncoder(w).Encode(ProxyResponseError{
Success: false,
Code: rec.statusCode,
Message: http.StatusText(rec.statusCode),
})
if err != nil {
return
}
return return
} else { } else {
// No error: write buffered response to client // No error: write buffered response to client

8
internal/middleware/helpers.go
View File

@@ -60,14 +60,14 @@ func errMessage(code int, errors []errorinterceptor.Error) (string, error) {
} }
// RespondWithError is a helper function to handle error responses with flexible content type // RespondWithError is a helper function to handle error responses with flexible content type
func RespondWithError(w http.ResponseWriter, statusCode int, logMessage string, errorIntercept errorinterceptor.ErrorInterceptor) { func RespondWithError(w http.ResponseWriter, statusCode int, logMessage string) {
message, err := errMessage(statusCode, errorIntercept.Errors) message := http.StatusText(statusCode)
if err != nil { if len(logMessage) != 0 {
message = logMessage message = logMessage
} }
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
w.WriteHeader(statusCode) w.WriteHeader(statusCode)
err = json.NewEncoder(w).Encode(ProxyResponseError{ err := json.NewEncoder(w).Encode(ProxyResponseError{
Success: false, Success: false,
Code: statusCode, Code: statusCode,
Message: message, Message: message,

16
internal/middleware/middleware.go
View File

@@ -37,7 +37,7 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
if allowedOrigin(jwtAuth.Origins, r.Header.Get("Origin")) { if allowedOrigin(jwtAuth.Origins, r.Header.Get("Origin")) {
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin")) w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
} }
RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), jwtAuth.ErrorInterceptor) RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
return return
} }
@@ -46,14 +46,14 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
authURL, err := url.Parse(jwtAuth.AuthURL) authURL, err := url.Parse(jwtAuth.AuthURL)
if err != nil { if err != nil {
logger.Error("Error parsing auth URL: %v", err) logger.Error("Error parsing auth URL: %v", err)
RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), jwtAuth.ErrorInterceptor) RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
return return
} }
// Create a new request for /authentication // Create a new request for /authentication
authReq, err := http.NewRequest("GET", authURL.String(), nil) authReq, err := http.NewRequest("GET", authURL.String(), nil)
if err != nil { if err != nil {
logger.Error("Proxy error creating authentication request: %v", err) logger.Error("Proxy error creating authentication request: %v", err)
RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), jwtAuth.ErrorInterceptor) RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
return return
} }
logger.Trace("JWT Auth response headers: %v", authReq.Header) logger.Trace("JWT Auth response headers: %v", authReq.Header)
@@ -73,7 +73,7 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
if err != nil || authResp.StatusCode != http.StatusOK { if err != nil || authResp.StatusCode != http.StatusOK {
logger.Debug("%s %s %s %s", r.Method, getRealIP(r), r.URL, r.UserAgent()) logger.Debug("%s %s %s %s", r.Method, getRealIP(r), r.URL, r.UserAgent())
logger.Debug("Proxy authentication error") logger.Debug("Proxy authentication error")
RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), jwtAuth.ErrorInterceptor) RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
return return
} }
defer func(Body io.ReadCloser) { defer func(Body io.ReadCloser) {
@@ -111,13 +111,13 @@ func (basicAuth AuthBasic) AuthMiddleware(next http.Handler) http.Handler {
if authHeader == "" { if authHeader == "" {
logger.Debug("Proxy error, missing Authorization header") logger.Debug("Proxy error, missing Authorization header")
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor) RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
return return
} }
// Check if the Authorization header contains "Basic" scheme // Check if the Authorization header contains "Basic" scheme
if !strings.HasPrefix(authHeader, "Basic ") { if !strings.HasPrefix(authHeader, "Basic ") {
logger.Error("Proxy error, missing Basic Authorization header") logger.Error("Proxy error, missing Basic Authorization header")
RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor) RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
return return
} }
@@ -126,7 +126,7 @@ func (basicAuth AuthBasic) AuthMiddleware(next http.Handler) http.Handler {
payload, err := base64.StdEncoding.DecodeString(authHeader[len("Basic "):]) payload, err := base64.StdEncoding.DecodeString(authHeader[len("Basic "):])
if err != nil { if err != nil {
logger.Debug("Proxy error, missing Basic Authorization header") logger.Debug("Proxy error, missing Basic Authorization header")
RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor) RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
return return
} }
@@ -134,7 +134,7 @@ func (basicAuth AuthBasic) AuthMiddleware(next http.Handler) http.Handler {
pair := strings.SplitN(string(payload), ":", 2) pair := strings.SplitN(string(payload), ":", 2)
if len(pair) != 2 || pair[0] != basicAuth.Username || pair[1] != basicAuth.Password { if len(pair) != 2 || pair[0] != basicAuth.Username || pair[1] != basicAuth.Password {
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized), basicAuth.ErrorInterceptor) RespondWithError(w, http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized))
return return
} }

33
internal/middleware/rate-limit.go
View File

@@ -37,13 +37,13 @@ func (rl *TokenRateLimiter) RateLimitMiddleware() mux.MiddlewareFunc {
// Rate limit exceeded, return a 429 Too Many Requests response // Rate limit exceeded, return a 429 Too Many Requests response
w.WriteHeader(http.StatusTooManyRequests) w.WriteHeader(http.StatusTooManyRequests)
_, err := w.Write([]byte(fmt.Sprintf("%d Too many requests, API rate limit exceeded. Please try again later", http.StatusTooManyRequests))) _, err := w.Write([]byte(fmt.Sprintf("%d Too many requests, API requests limit exceeded. Please try again later", http.StatusTooManyRequests)))
if err != nil { if err != nil {
return return
} }
return return
} }
// Proceed to the next handler if rate limit is not exceeded // Proceed to the next handler if requests limit is not exceeded
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })
} }
@@ -54,40 +54,39 @@ func (rl *RateLimiter) RateLimitMiddleware() mux.MiddlewareFunc {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
clientIP := getRealIP(r) clientIP := getRealIP(r)
logger.Debug("rate limiter: clientID: %s, redisBased: %s", clientIP, rl.RedisBased) clientID := fmt.Sprintf("%d-%s", rl.id, clientIP) // Generate client Id, ID+ route ID
if rl.RedisBased { logger.Debug("requests limiter: clientIP: %s, redisBased: %s", clientIP, rl.redisBased)
err := redisRateLimiter(clientIP, rl.Requests) if rl.redisBased {
err := redisRateLimiter(clientID, rl.requests)
if err != nil { if err != nil {
logger.Error("Redis Rate limiter error: %s", err.Error()) logger.Error("Redis Rate limiter error: %s", err.Error())
RespondWithError(w, http.StatusTooManyRequests, fmt.Sprintf("%d Too many requests, API rate limit exceeded. Please try again later", http.StatusTooManyRequests), rl.ErrorInterceptor) logger.Error("Too many requests from IP: %s %s %s", clientIP, r.URL, r.UserAgent())
RespondWithError(w, http.StatusTooManyRequests, fmt.Sprintf("%d Too many requests, API requests limit exceeded. Please try again later", http.StatusTooManyRequests))
return return
} }
// Proceed to the next handler if rate limit is not exceeded
next.ServeHTTP(w, r)
} else { } else {
rl.mu.Lock() rl.mu.Lock()
client, exists := rl.ClientMap[clientIP] client, exists := rl.clientMap[clientID]
if !exists || time.Now().After(client.ExpiresAt) { if !exists || time.Now().After(client.ExpiresAt) {
client = &Client{ client = &Client{
RequestCount: 0, RequestCount: 0,
ExpiresAt: time.Now().Add(rl.Window), ExpiresAt: time.Now().Add(rl.window),
} }
rl.ClientMap[clientIP] = client rl.clientMap[clientID] = client
} }
client.RequestCount++ client.RequestCount++
rl.mu.Unlock() rl.mu.Unlock()
if client.RequestCount > rl.Requests { if client.RequestCount > rl.requests {
logger.Error("Too many requests from IP: %s %s %s", clientIP, r.URL, r.UserAgent()) logger.Error("Too many requests from IP: %s %s %s", clientIP, r.URL, r.UserAgent())
//Update Origin Cors Headers //Update Origin Cors Headers
if allowedOrigin(rl.Origins, r.Header.Get("Origin")) { if allowedOrigin(rl.origins, r.Header.Get("Origin")) {
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin")) w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
} }
RespondWithError(w, http.StatusTooManyRequests, fmt.Sprintf("%d Too many requests, API rate limit exceeded. Please try again later", http.StatusTooManyRequests), rl.ErrorInterceptor) RespondWithError(w, http.StatusTooManyRequests, fmt.Sprintf("%d Too many requests, API requests limit exceeded. Please try again later", http.StatusTooManyRequests))
return
} }
} }
// Proceed to the next handler if rate limit is not exceeded // Proceed to the next handler if requests limit is not exceeded
next.ServeHTTP(w, r) next.ServeHTTP(w, r)
}) })
} }
@@ -100,7 +99,7 @@ func redisRateLimiter(clientIP string, rate int) error {
return err return err
} }
if res.Remaining == 0 { if res.Remaining == 0 {
return errors.New("rate limit exceeded") return errors.New("requests limit exceeded")
} }
return nil return nil

58
internal/middleware/route_error_interceptor.go
View File

@@ -1,58 +0,0 @@
package middleware
/*
* Copyright 2024 Jonas Kaninda
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
import (
"github.com/jkaninda/goma-gateway/pkg/errorinterceptor"
"github.com/jkaninda/goma-gateway/pkg/logger"
"io"
"net/http"
)
// RouteErrorInterceptor contains backend status code errors to intercept
type RouteErrorInterceptor struct {
Origins []string
ErrorInterceptor errorinterceptor.ErrorInterceptor
}
// RouteErrorInterceptor Middleware intercepts backend route errors
func (intercept RouteErrorInterceptor) RouteErrorInterceptor(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
rec := newResponseRecorder(w)
next.ServeHTTP(rec, r)
if canInterceptError(rec.statusCode, intercept.ErrorInterceptor.Errors) {
logger.Debug("Backend error")
logger.Error("An error occurred from the backend with the status code: %d", rec.statusCode)
//Update Origin Cors Headers
if allowedOrigin(intercept.Origins, r.Header.Get("Origin")) {
w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
}
RespondWithError(w, rec.statusCode, http.StatusText(rec.statusCode), intercept.ErrorInterceptor)
return
} else {
// No error: write buffered response to client
w.WriteHeader(rec.statusCode)
_, err := io.Copy(w, rec.body)
if err != nil {
return
}
return
}
})
}

75
internal/middleware/types.go
View File

@@ -19,21 +19,21 @@ package middleware
import ( import (
"bytes" "bytes"
errorinterceptor "github.com/jkaninda/goma-gateway/pkg/errorinterceptor"
"net/http" "net/http"
"sync" "sync"
"time" "time"
) )
// RateLimiter defines rate limit properties. // RateLimiter defines requests limit properties.
type RateLimiter struct { type RateLimiter struct {
Requests int requests int
Window time.Duration id int
ClientMap map[string]*Client window time.Duration
mu sync.Mutex clientMap map[string]*Client
Origins []string mu sync.Mutex
ErrorInterceptor errorinterceptor.ErrorInterceptor origins []string
RedisBased bool hosts []string
redisBased bool
} }
// Client stores request count and window expiration for each client. // Client stores request count and window expiration for each client.
@@ -41,15 +41,24 @@ type Client struct {
RequestCount int RequestCount int
ExpiresAt time.Time ExpiresAt time.Time
} }
type RateLimit struct {
Id int
Requests int
Window time.Duration
Origins []string
Hosts []string
RedisBased bool
}
// NewRateLimiterWindow creates a new RateLimiter. // NewRateLimiterWindow creates a new RateLimiter.
func NewRateLimiterWindow(requests int, window time.Duration, redisBased bool, origin []string) *RateLimiter { func (rateLimit RateLimit) NewRateLimiterWindow() *RateLimiter {
return &RateLimiter{ return &RateLimiter{
Requests: requests, id: rateLimit.Id,
Window: window, requests: rateLimit.Requests,
ClientMap: make(map[string]*Client), window: rateLimit.Window,
Origins: origin, clientMap: make(map[string]*Client),
RedisBased: redisBased, origins: rateLimit.Origins,
redisBased: rateLimit.RedisBased,
} }
} }
@@ -71,12 +80,11 @@ type ProxyResponseError struct {
// JwtAuth stores JWT configuration // JwtAuth stores JWT configuration
type JwtAuth struct { type JwtAuth struct {
AuthURL string AuthURL string
RequiredHeaders []string RequiredHeaders []string
Headers map[string]string Headers map[string]string
Params map[string]string Params map[string]string
Origins []string Origins []string
ErrorInterceptor errorinterceptor.ErrorInterceptor
} }
// AuthenticationMiddleware Define struct // AuthenticationMiddleware Define struct
@@ -87,19 +95,17 @@ type AuthenticationMiddleware struct {
Params map[string]string Params map[string]string
} }
type AccessListMiddleware struct { type AccessListMiddleware struct {
Path string Path string
Destination string Destination string
List []string List []string
ErrorInterceptor errorinterceptor.ErrorInterceptor
} }
// AuthBasic contains Basic auth configuration // AuthBasic contains Basic auth configuration
type AuthBasic struct { type AuthBasic struct {
Username string Username string
Password string Password string
Headers map[string]string Headers map[string]string
Params map[string]string Params map[string]string
ErrorInterceptor errorinterceptor.ErrorInterceptor
} }
// InterceptErrors contains backend status code errors to intercept // InterceptErrors contains backend status code errors to intercept
@@ -127,11 +133,10 @@ type Oauth struct {
// Scope specifies optional requested permissions. // Scope specifies optional requested permissions.
Scopes []string Scopes []string
// contains filtered or unexported fields // contains filtered or unexported fields
State string State string
Origins []string Origins []string
JWTSecret string JWTSecret string
Provider string Provider string
ErrorInterceptor errorinterceptor.ErrorInterceptor
} }
type OauthEndpoint struct { type OauthEndpoint struct {
AuthURL string AuthURL string

4
internal/proxy.go
View File

@@ -37,7 +37,7 @@ func (proxyRoute ProxyRoute) ProxyHandler() http.HandlerFunc {
if len(proxyRoute.methods) > 0 { if len(proxyRoute.methods) > 0 {
if !slices.Contains(proxyRoute.methods, r.Method) { if !slices.Contains(proxyRoute.methods, r.Method) {
logger.Error("%s Method is not allowed", r.Method) logger.Error("%s Method is not allowed", r.Method)
middleware.RespondWithError(w, http.StatusMethodNotAllowed, fmt.Sprintf("%d %s method is not allowed", http.StatusMethodNotAllowed, r.Method), proxyRoute.ErrorInterceptor) middleware.RespondWithError(w, http.StatusMethodNotAllowed, fmt.Sprintf("%d %s method is not allowed", http.StatusMethodNotAllowed, r.Method))
return return
} }
} }
@@ -60,7 +60,7 @@ func (proxyRoute ProxyRoute) ProxyHandler() http.HandlerFunc {
targetURL, err := url.Parse(proxyRoute.destination) targetURL, err := url.Parse(proxyRoute.destination)
if err != nil { if err != nil {
logger.Error("Error parsing backend URL: %s", err) logger.Error("Error parsing backend URL: %s", err)
middleware.RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError), proxyRoute.ErrorInterceptor) middleware.RespondWithError(w, http.StatusInternalServerError, http.StatusText(http.StatusInternalServerError))
return return
} }
r.Header.Set("X-Forwarded-Host", r.Header.Get("Host")) r.Header.Set("X-Forwarded-Host", r.Header.Get("Host"))

34
internal/route.go
View File

@@ -66,12 +66,20 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
r.Use(blockCommon.BlockExploitsMiddleware) r.Use(blockCommon.BlockExploitsMiddleware)
} }
if gateway.RateLimit > 0 { if gateway.RateLimit > 0 {
//rateLimiter := middleware.NewRateLimiter(gateway.RateLimit, time.Minute)
limiter := middleware.NewRateLimiterWindow(gateway.RateLimit, time.Minute, redisBased, gateway.Cors.Origins) // requests per minute
// Add rate limit middleware to all routes, if defined // Add rate limit middleware to all routes, if defined
rateLimit := middleware.RateLimit{
Id: 1,
Requests: gateway.RateLimit,
Window: time.Minute, // requests per minute
Origins: gateway.Cors.Origins,
Hosts: []string{},
RedisBased: redisBased,
}
limiter := rateLimit.NewRateLimiterWindow()
// Add rate limit middleware
r.Use(limiter.RateLimitMiddleware()) r.Use(limiter.RateLimitMiddleware())
} }
for _, route := range gateway.Routes { for rIndex, route := range gateway.Routes {
if route.Path != "" { if route.Path != "" {
if route.Destination == "" && len(route.Backends) == 0 { if route.Destination == "" && len(route.Backends) == 0 {
logger.Fatal("Route %s : destination or backends should not be empty", route.Name) logger.Fatal("Route %s : destination or backends should not be empty", route.Name)
@@ -232,9 +240,16 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
} }
// Apply route rate limit // Apply route rate limit
if route.RateLimit > 0 { if route.RateLimit > 0 {
//rateLimiter := middleware.NewRateLimiter(gateway.RateLimit, time.Minute) rateLimit := middleware.RateLimit{
limiter := middleware.NewRateLimiterWindow(route.RateLimit, time.Minute, redisBased, route.Cors.Origins) // requests per minute Id: rIndex,
// Add rate limit middleware to all routes, if defined Requests: route.RateLimit,
Window: time.Minute, // requests per minute
Origins: route.Cors.Origins,
Hosts: route.Hosts,
RedisBased: redisBased,
}
limiter := rateLimit.NewRateLimiterWindow()
// Add rate limit middleware
router.Use(limiter.RateLimitMiddleware()) router.Use(limiter.RateLimitMiddleware())
} }
// Apply route Cors // Apply route Cors
@@ -255,11 +270,10 @@ func (gatewayServer GatewayServer) Initialize() *mux.Router {
router.Use(pr.prometheusMiddleware) router.Use(pr.prometheusMiddleware)
} }
// Apply route Error interceptor middleware // Apply route Error interceptor middleware
interceptErrors := middleware.RouteErrorInterceptor{ interceptErrors := middleware.InterceptErrors{
Origins: gateway.Cors.Origins, Origins: gateway.Cors.Origins,
ErrorInterceptor: route.ErrorInterceptor,
} }
r.Use(interceptErrors.RouteErrorInterceptor) router.Use(interceptErrors.ErrorInterceptor)
} else { } else {
logger.Error("Error, path is empty in route %s", route.Name) logger.Error("Error, path is empty in route %s", route.Name)
logger.Error("Route path ignored: %s", route.Path) logger.Error("Route path ignored: %s", route.Path)

1
internal/types.go
View File

@@ -246,7 +246,6 @@ type ProxyRoute struct {
methods []string methods []string
cors Cors cors Cors
disableHostFording bool disableHostFording bool
ErrorInterceptor errorinterceptor.ErrorInterceptor
} }
type RoutePath struct { type RoutePath struct {
route Route route Route