Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

add rate limiting support for REST API/web admin too

Browse Source
This commit is contained in:
Nicola Murino
2021-04-19 08:14:04 +02:00
parent 112e3b2fc2
commit f45c89fc46
15 changed files with 109 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
httpd/middleware.go
View File

@@ -3,11 +3,13 @@ package httpd
import (
"context"
"errors"
"fmt"
"net/http"
"github.com/go-chi/jwtauth/v5"
"github.com/lestrrat-go/jwx/jwt"
"github.com/drakkan/sftpgo/common"
"github.com/drakkan/sftpgo/logger"
"github.com/drakkan/sftpgo/utils"
)
@@ -141,3 +143,15 @@ func verifyCSRFHeader(next http.Handler) http.Handler {
next.ServeHTTP(w, r)
})
}
func rateLimiter(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if delay, err := common.LimitRate(common.ProtocolHTTP, utils.GetIPFromRemoteAddress(r.RemoteAddr)); err != nil {
w.Header().Set("Retry-After", fmt.Sprintf("%.0f", delay.Seconds()))
w.Header().Set("X-Retry-In", delay.String())
sendAPIResponse(w, r, err, http.StatusText(http.StatusTooManyRequests), http.StatusTooManyRequests)
return
}
next.ServeHTTP(w, r)
})
}