feat: add rate limiting per user email for admin #113
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My thoughts: this is going to be rather expensive and database intensive. Can we leverage Redis and our go-limiter installation with a different key? It will have the same effect with much less load on the database. @mikehelmick what are your thoughts?
@sethvargo I like using a cache for this, but not sure if that works if we also want to track keys issued? Though it would stop the hug of death that will come if someone tries to mass issue since they will get quota'd early on. |
What kind of tracking are you thinking? |
Part of the original ask was to know how many keys a given account has issued. |
…ication-server into issueQuota
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Minor performance consideration commented - we can clean that up in a followup though.
|
||
func userEmailKeyFunc() httplimit.KeyFunc { | ||
return func(r *http.Request) (string, error) { | ||
ipKeyFunc := httplimit.IPKeyFunc("X-Forwarded-For") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a nitty performance thing. We should move this outside of the return so it's only allocated once. Here it will allocate on each request.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: crwilcox, sethvargo The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Towards #76.