-
Notifications
You must be signed in to change notification settings - Fork 0
/
naughtystep.go
92 lines (75 loc) · 1.87 KB
/
naughtystep.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package ratelimit
import (
"sync"
"time"
"github.com/elysiumstation/fury/logging"
"github.com/didip/tollbooth/v7"
"github.com/didip/tollbooth/v7/limiter"
"go.uber.org/zap"
)
// naughtyStep is a struct for keeping track of bad behavior and bans.
//
// You get put on the naughty step if you make requests despite having run out of tokens.
// The naughty step has it's own rate limiter, and its tokens are spent every time a failed
// (due to rate limiting) API call is made. If you run out of naughty tokens, then you get
// banned for a period of time.
type naughtyStep struct {
log *logging.Logger
lmt *limiter.Limiter
bans map[string]time.Time
mu sync.RWMutex
banFor time.Duration
}
func newNaughtyStep(log *logging.Logger, rate float64, burst int, banFor, pruneEvery time.Duration) *naughtyStep {
limitOpts := limiter.ExpirableOptions{DefaultExpirationTTL: pruneEvery}
lmt := tollbooth.NewLimiter(rate, &limitOpts)
lmt.SetBurst(burst)
ns := naughtyStep{
log: log,
lmt: lmt,
bans: make(map[string]time.Time),
banFor: banFor,
}
go func() {
for range time.Tick(pruneEvery) {
ns.prune()
}
}()
return &ns
}
func (n *naughtyStep) enabled() bool {
return n.banFor > 0
}
func (n *naughtyStep) smackBottom(ip string) {
if !n.enabled() {
return
}
if n.lmt.LimitReached(ip) {
n.ban(ip)
n.log.Info("banned for requesting past rate limit", zap.String("ip", ip))
}
}
func (n *naughtyStep) ban(ip string) {
n.mu.Lock()
defer n.mu.Unlock()
n.bans[ip] = time.Now().Add(n.banFor)
}
func (n *naughtyStep) isBanned(ip string) bool {
n.mu.RLock()
defer n.mu.RUnlock()
if bannedUntil, ok := n.bans[ip]; ok {
if time.Now().Before(bannedUntil) {
return true
}
}
return false
}
func (n *naughtyStep) prune() {
n.mu.Lock()
defer n.mu.Unlock()
for ip, until := range n.bans {
if time.Now().After(until) {
delete(n.bans, ip)
}
}
}