taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 20:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
835a6f0b14fbde6440738c4237af3fbfaac43455
nora/nora-registry/src/rate_limit.rs
DevITWay 340c49bf12 Fix formatting
2026-01-26 10:14:11 +00:00

124 lines
3.5 KiB
Rust
Raw Blame History

#![allow(dead_code)]
//! Rate limiting configuration and middleware
//!
//! Provides rate limiting to protect against:
//! - Brute-force authentication attacks
//! - DoS attacks on upload endpoints
//! - General API abuse
use tower_governor::governor::GovernorConfigBuilder;
/// Rate limit configuration
#[derive(Debug, Clone)]
pub struct RateLimitConfig {
/// Requests per second for auth endpoints (strict)
pub auth_rps: u32,
/// Burst size for auth endpoints
pub auth_burst: u32,
/// Requests per second for upload endpoints
pub upload_rps: u32,
/// Burst size for upload endpoints
pub upload_burst: u32,
/// Requests per second for general endpoints (lenient)
pub general_rps: u32,
/// Burst size for general endpoints
pub general_burst: u32,
}
impl Default for RateLimitConfig {
fn default() -> Self {
Self {
auth_rps: 1, // 1 req/sec for auth (strict)
auth_burst: 5, // Allow burst of 5
upload_rps: 50, // 50 req/sec for uploads (Docker needs parallel)
upload_burst: 100, // Allow burst of 100
general_rps: 100, // 100 req/sec general
general_burst: 200, // Allow burst of 200
}
}
}
/// Create rate limiter layer for auth endpoints (strict protection against brute-force)
///
/// Default: 1 request per second, burst of 5
pub fn auth_rate_limiter() -> tower_governor::GovernorLayer<
tower_governor::key_extractor::PeerIpKeyExtractor,
governor::middleware::StateInformationMiddleware,
axum::body::Body,
> {
let config = GovernorConfigBuilder::default()
.per_second(1)
.burst_size(5)
.use_headers()
.finish()
.unwrap();
tower_governor::GovernorLayer::new(config)
}
/// Create rate limiter layer for upload endpoints
///
/// Default: 50 requests per second, burst of 100
/// Higher limits to accommodate Docker client's parallel layer uploads
pub fn upload_rate_limiter() -> tower_governor::GovernorLayer<
tower_governor::key_extractor::PeerIpKeyExtractor,
governor::middleware::StateInformationMiddleware,
axum::body::Body,
> {
let config = GovernorConfigBuilder::default()
.per_second(50)
.burst_size(100)
.use_headers()
.finish()
.unwrap();
tower_governor::GovernorLayer::new(config)
}
/// Create rate limiter layer for general endpoints (lenient)
///
/// Default: 100 requests per second, burst of 200
pub fn general_rate_limiter() -> tower_governor::GovernorLayer<
tower_governor::key_extractor::PeerIpKeyExtractor,
governor::middleware::StateInformationMiddleware,
axum::body::Body,
> {
let config = GovernorConfigBuilder::default()
.per_second(100)
.burst_size(200)
.use_headers()
.finish()
.unwrap();
tower_governor::GovernorLayer::new(config)
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_default_config() {
let config = RateLimitConfig::default();
assert_eq!(config.auth_rps, 1);
assert_eq!(config.auth_burst, 5);
assert_eq!(config.upload_rps, 50);
assert_eq!(config.general_rps, 100);
}
#[test]
fn test_auth_rate_limiter_creation() {
let _limiter = auth_rate_limiter();
}
#[test]
fn test_upload_rate_limiter_creation() {
let _limiter = upload_rate_limiter();
}
#[test]
fn test_general_rate_limiter_creation() {
let _limiter = general_rate_limiter();
}
}
Reference in New Issue View Git Blame Copy Permalink