Feature/Rate Limiter (!1266) · Merge requests · Pleroma / pleroma

minibikini requested to merge minibikini/pleroma:feature/rate-limiter into develop Jun 11, 2019

Summary

Adds rate limiter plug.
Implements rate limit for the search endpoints (10req/s for unauthenticated and 30req/s for authenticated users). Closes #943 (closed).
Replaces MastodonAPIController.account_register/2 rate limiter.

Rate Limiter Configuration

A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:

The first element: scale (Integer). The time scale in milliseconds.
The second element: limit (Integer). How many requests to limit in the time scale provided.

It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated.

Example

config :pleroma, :rate_limit,
  one: {1000, 10},
  two: [{10_000, 10}, {10_000, 50}]

Here we have two limiters: one which is not over 10req/1s and two which has two limits 10req/10s for unauthenticated users and 50req/10s for authenticated users.

Usage

Inside a controller:

plug(Pleroma.Plugs.RateLimiter, :one when action == :one)
plug(Pleroma.Plugs.RateLimiter, :two when action in [:two, :three])

or inside a router pipiline:

pipeline :api do
  ...
  plug(Pleroma.Plugs.RateLimiter, :one)
  ...
end

Feature/Rate Limiter

Summary

Rate Limiter Configuration

Example

Usage

Merge request reports