-
Notifications
You must be signed in to change notification settings - Fork 205
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ratelimit by header value creates keys using cached values #66
Comments
I was actually thinking the same; @didip can you please give your comments on this issue? |
Agreed the headerValues part of the code looks not right. It's not checking the configured values against the request value, and also not using the request value to build the key. |
Man, I keep not getting notified over email. This does look like a bug. I will take a look at it closer, it has been a while. |
This is a legitimate bug, see fix SHA above. |
@didip For the case of a configured header name with no value, the new code puts the header name into the key but no value. I thought it's supposed to include the header value in the request as part of the key? Or did I misunderstand the intended use case? Example: |
@jack-chung If you only define request header (without values) and if everyone visiting has Do you think they should all be limited as individual limit? |
…oth, Create individual bucket by using request header’s own value, so that we can rate-limit individually. Also fix a regression where we didn’t pass BasicAuth username on one of the possible path of key building.
|
@didip Yes that's how I see this feature should work, based on the use case I outlined above. Also, this new code still supports the "aggregated limit" use case if needed. Just set the header value to a static value for all users, then it works just like before. |
Hello! First of all, thanks for the great library. It worked great, until I had to add rate limiting by user id in the request header.
I came across #43, however I found that the function
tollbooth.BuildKeys
build keys using existing header values in the cache. Specifically this line:tollbooth/tollbooth.go
Line 89 in b10a036
Should the key be created this way instead of looping through existing values?
As I understand it, this
sliceKeys
is then used to lookup against the rate limit cache. IfsliceKeys
contain existing headers, the current request would get rate limited due to one of the existing headers.If I have used the package wrongly, please help me to understand how I should use it.
Here are the middleware I wrote and the test.
The text was updated successfully, but these errors were encountered: