mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 23:10:32 +00:00
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 482a68637e | |||
| 61f8a39279 | |||
| 835a6f0b14 | |||
| 340c49bf12 | |||
| c84d13c26e |
20
.github/workflows/release.yml
vendored
20
.github/workflows/release.yml
vendored
@@ -9,25 +9,9 @@ env:
|
||||
IMAGE_NAME: ${{ github.repository }}
|
||||
|
||||
jobs:
|
||||
test:
|
||||
name: Test
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install Rust
|
||||
uses: dtolnay/rust-toolchain@stable
|
||||
|
||||
- name: Cache cargo
|
||||
uses: Swatinem/rust-cache@v2
|
||||
|
||||
- name: Run tests
|
||||
run: cargo test --package nora-registry
|
||||
|
||||
build:
|
||||
name: Build & Push
|
||||
runs-on: ubuntu-latest
|
||||
needs: test
|
||||
runs-on: self-hosted
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
@@ -63,7 +47,7 @@ jobs:
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
platforms: linux/amd64,linux/arm64
|
||||
platforms: linux/amd64
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
|
||||
@@ -219,14 +219,22 @@ async fn run_server(config: Config, storage: Storage) {
|
||||
.merge(registry::pypi_routes())
|
||||
.layer(rate_limit::upload_rate_limiter());
|
||||
|
||||
let app = Router::new()
|
||||
// Routes WITHOUT rate limiting (health, metrics, UI)
|
||||
let public_routes = Router::new()
|
||||
.merge(health::routes())
|
||||
.merge(metrics::routes())
|
||||
.merge(ui::routes())
|
||||
.merge(openapi::routes())
|
||||
.merge(openapi::routes());
|
||||
|
||||
// Routes WITH rate limiting
|
||||
let rate_limited_routes = Router::new()
|
||||
.merge(auth_routes)
|
||||
.merge(registry_routes)
|
||||
.layer(rate_limit::general_rate_limiter()) // General rate limit for all routes
|
||||
.layer(rate_limit::general_rate_limiter());
|
||||
|
||||
let app = Router::new()
|
||||
.merge(public_routes)
|
||||
.merge(rate_limited_routes)
|
||||
.layer(DefaultBodyLimit::max(100 * 1024 * 1024)) // 100MB default body limit
|
||||
.layer(middleware::from_fn(request_id::request_id_middleware))
|
||||
.layer(middleware::from_fn(metrics::metrics_middleware))
|
||||
|
||||
@@ -30,8 +30,8 @@ impl Default for RateLimitConfig {
|
||||
Self {
|
||||
auth_rps: 1, // 1 req/sec for auth (strict)
|
||||
auth_burst: 5, // Allow burst of 5
|
||||
upload_rps: 10, // 10 req/sec for uploads
|
||||
upload_burst: 20, // Allow burst of 20
|
||||
upload_rps: 200, // 200 req/sec for uploads (Docker needs high parallelism)
|
||||
upload_burst: 500, // Allow burst of 500
|
||||
general_rps: 100, // 100 req/sec general
|
||||
general_burst: 200, // Allow burst of 200
|
||||
}
|
||||
@@ -58,15 +58,16 @@ pub fn auth_rate_limiter() -> tower_governor::GovernorLayer<
|
||||
|
||||
/// Create rate limiter layer for upload endpoints
|
||||
///
|
||||
/// Default: 10 requests per second, burst of 20
|
||||
/// Default: 200 requests per second, burst of 500
|
||||
/// High limits to accommodate Docker client's aggressive parallel layer uploads
|
||||
pub fn upload_rate_limiter() -> tower_governor::GovernorLayer<
|
||||
tower_governor::key_extractor::PeerIpKeyExtractor,
|
||||
governor::middleware::StateInformationMiddleware,
|
||||
axum::body::Body,
|
||||
> {
|
||||
let config = GovernorConfigBuilder::default()
|
||||
.per_second(10)
|
||||
.burst_size(20)
|
||||
.per_second(200)
|
||||
.burst_size(500)
|
||||
.use_headers()
|
||||
.finish()
|
||||
.unwrap();
|
||||
@@ -101,7 +102,7 @@ mod tests {
|
||||
let config = RateLimitConfig::default();
|
||||
assert_eq!(config.auth_rps, 1);
|
||||
assert_eq!(config.auth_burst, 5);
|
||||
assert_eq!(config.upload_rps, 10);
|
||||
assert_eq!(config.upload_rps, 200);
|
||||
assert_eq!(config.general_rps, 100);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user