rate limiting

Author: Mario Macias

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ### v2.x
 
+* Added configurable per-client rate limiter
 * Updated goldmark rendering.
 * Support github-flavored tables.
 

TODO.md

@@ -1,12 +1,14 @@
 * Configure which assets are cacheable or not (e.g. by route, by extension, by size...)
-* Improve HTTP cache control
-* Cache static assets
-* Log each URL access 
 * Configure some aspects via yaml (title, navbars, meta...)
-* Detect changes in the filesystem and recompile markdowns and templates.
 * Add github hooks. Reload blogs from hooks.
 * Read linked images from markdown folder (for an easier edition).
 * Markdown Tags processing. Adding entry tags to header
 * Support Favicon
 * Don't need to set hours in file timestamps
-* 
+
+
+## Save bandwidth of my blog
+
+* Compress HTML files
+* Put font-awesome stuff in a CDN
+* Mark images, fonts, favicons, etc... as cacheable by the browser

docs/arch_v2.puml

@@ -18,7 +18,8 @@ interface WebAssetGenerator {
 }
 
 TLSServer -> HTTPServer: wraps
-HTTPServer -> CachedHandler
+HTTPServer -> RateLimiter
+RateLimiter -> CachedHandler
 WebAssetGenerator .> WebAsset: <<creates>>
 CachedHandler --> "*" WebAssetGenerator: "selects\nby route"
 CachedHandler --> "*" WebAsset: stores

etc/config-localtest.yml

@@ -2,4 +2,6 @@ rootPath: ./etc/macias.info
 domain: localhost
 redirect:
   "/about.md": "/entry/about.md"
-entriesPerPage: 10
+entriesPerPage: 10
+maxRequests:
+  number: 60

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/caarlos0/env/v6 v6.9.1
 	github.com/floscodes/golang-tools v0.0.0-20210816125844-1d6c9227bad8
 	github.com/fsnotify/fsnotify v1.5.4
-	github.com/mariomac/guara v0.0.0-20220617140441-a74253bb0c8b
+	github.com/mariomac/guara v0.0.0-20221222112709-f95b15506aee
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.7.1
 	github.com/yuin/goldmark v1.5.3

go.sum

@@ -19,8 +19,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mariomac/guara v0.0.0-20220617140441-a74253bb0c8b h1:4DNXnhPSwCx17B34vWrYfkgnMGkFcPp6unoq04ZKJLY=
-github.com/mariomac/guara v0.0.0-20220617140441-a74253bb0c8b/go.mod h1:TMuTALUh4SPCDJdYOuOYIEwBgH2rzCDP1nNgj+lI8AE=
+github.com/mariomac/guara v0.0.0-20221222112709-f95b15506aee h1:eV2ZsJnNptnwRkLkm4TKqklf93VQTKrj0+4ulQ21USA=
+github.com/mariomac/guara v0.0.0-20221222112709-f95b15506aee/go.mod h1:TMuTALUh4SPCDJdYOuOYIEwBgH2rzCDP1nNgj+lI8AE=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

src/blog.go

@@ -65,11 +65,16 @@ func main() {
 			"automatically updated if you change any file")
 	}
 
-	var globalHandler http.Handler
+	var globalHandler http.HandlerFunc
 	if len(cfg.Redirect) == 0 {
-		globalHandler = mux
+		globalHandler = mux.ServeHTTP
 	} else {
-		globalHandler = legacy.NewRedirector(cfg.Redirect, mux)
+		globalHandler = legacy.NewRedirector(cfg.Redirect, mux).ServeHTTP
+	}
+
+	if cfg.MaxRequests.Number > 0 && cfg.MaxRequests.Period > 0 {
+		globalHandler = conn.ClientRateLimitHandler(globalHandler,
+			cfg.MaxRequests.Number, cfg.MaxRequests.Period, cfg.MaxRequests.Period)
 	}
 
 	log.Printf("Redirecting insecure traffic from port %v", cfg.InsecurePort)

src/conn/limiter.go

@@ -0,0 +1,133 @@
+package conn
+
+import (
+	"bytes"
+	"container/list"
+	"fmt"
+	"github.com/mariomac/guara/pkg/rate"
+	"hash/fnv"
+	"math"
+	"net/http"
+	"sync"
+
+	"time"
+)
+
+var clock = time.Now
+
+func ClientRateLimitHandler(inner http.HandlerFunc, maxReqs int, period, clientExpiry time.Duration) http.HandlerFunc {
+	retryAfterVal := fmt.Sprint(int(math.Ceil(0.1 * period.Seconds())))
+	limiter := NewLimiter(maxReqs, period, clientExpiry)
+	return func(rw http.ResponseWriter, req *http.Request) {
+		// assumes we are using the http.Server, which sets RemoteAddr to IP:port
+		rAddr := []byte(req.RemoteAddr)
+		li := bytes.LastIndexByte(rAddr, ':')
+		// we don't check li < 0 as long as we are sure the server package adds :port
+		if !limiter.Accept(rAddr[:li]) {
+			rw.WriteHeader(http.StatusTooManyRequests)
+			rw.Header().Add("Retry-After", retryAfterVal)
+		} else {
+			inner(rw, req)
+		}
+	}
+}
+
+
+// To avoid storing all the possible IPs, we hash it to 65K concurrent IPs
+// TODO: make size configurable for larger sites
+type IPHash uint16
+
+type Limiter struct {
+	maxReqs float64
+	period time.Duration
+
+	cache *TimedLRU[IPHash, *rate.Accepter, bool]
+}
+
+func NewLimiter(maxReqs int, period, clientExpiry time.Duration) *Limiter {
+	return &Limiter{
+		maxReqs: float64(maxReqs),
+		period: period,
+		cache: NewTimedLRU[IPHash, *rate.Accepter, bool](clientExpiry),
+	}
+}
+
+func (l *Limiter) ClearOldEntries() {
+	l.cache.RemoveOldItems()
+}
+
+func (l *Limiter) Accept(ip []byte) bool {
+	hasher := fnv.New32()
+	_, _ = hasher.Write(ip)
+	hash32 := hasher.Sum32()
+	ipHash := IPHash(hash32 >> 16 ^ hash32)
+
+	return l.cache.QueryUpdateOrCreate(ipHash, func(r **rate.Accepter) bool {
+		return (*r).Accept()
+	}, func() (*rate.Accepter, bool) {
+		return rate.NewAccepter(l.maxReqs, l.period), true
+	})
+}
+
+
+
+type TimedLRU[K comparable, V, Q any] struct {
+	mt sync.Mutex
+	maxTime time.Duration
+	ll           *list.List
+	cache        map[K]*list.Element
+}
+
+type entry[K comparable, V any] struct {
+	key   K
+	value V
+	lastTime time.Time
+}
+
+func NewTimedLRU[K comparable, V, Q any](maxTime time.Duration) *TimedLRU[K, V, Q] {
+	return &TimedLRU[K, V, Q]{
+		maxTime: maxTime,
+		ll:           list.New(),
+		cache:        map[K]*list.Element{},
+	}
+}
+
+func (c *TimedLRU[K, V, Q]) QueryUpdateOrCreate(key K, queryUpdate func(*V) Q, create func() (V, Q)) Q {
+	c.mt.Lock()
+	defer c.mt.Unlock()
+	ee, ok := c.cache[key]
+	if ok {
+		ee.Value.(*entry[K, V]).lastTime = clock()
+		return queryUpdate(&ee.Value.(*entry[K, V]).value)
+	}
+	cr, qu := create()
+	ele := c.ll.PushFront(&entry[K, V]{key: key, value: cr, lastTime: clock()})
+	c.cache[key] = ele
+	return qu
+}
+
+func (c *TimedLRU[K, V, Q]) RemoveOldItems() {
+	oldDate := clock().Add(-c.maxTime)
+	for c.removeIfOld(oldDate) {
+		// hello!
+	}
+}
+
+func (c *TimedLRU[K, V, Q]) removeIfOld(oldDate time.Time) bool {
+	c.mt.Lock()
+	defer c.mt.Unlock()
+
+	last := c.ll.Back()
+	if last == nil {
+		return false
+	}
+
+	ve := last.Value.(*entry[K, V])
+	if ve.lastTime.After(oldDate) {
+		return false
+	}
+
+	c.ll.Remove(last)
+	delete(c.cache, ve.key)
+	return true
+}

src/conn/limiter_test.go

@@ -0,0 +1,125 @@
+package conn
+
+import (
+	"fmt"
+	"github.com/stretchr/testify/assert"
+	"net"
+	"runtime"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+)
+
+func TestNewLimiter(t *testing.T) {
+	l := NewLimiter(60, 100 * time.Millisecond, time.Minute)
+
+	ip1 := net.IPv4(1,2,3,4)
+	ip2 := net.IPv4(4,3,2,1)
+
+	start := time.Now()
+
+	// should accept all the queries as long as there are less than 60/100ms
+	for time.Now().Sub(start) < 30 * time.Millisecond {
+		assert.True(t, l.Accept(ip1))
+		time.Sleep(time.Millisecond)
+	}
+	// should end up rejecting queries
+	last := true
+	for time.Now().Sub(start) < 90 * time.Millisecond {
+		last = last && l.Accept(ip1)
+	}
+	assert.False(t, last)
+
+	time.Sleep(30 * time.Millisecond)
+	l.ClearOldEntries()
+
+	// after some time, there is more room to get enough queries
+	start = time.Now()
+	for i := 0 ; i < 10 ; i++ {
+		assert.True(t, l.Accept(ip1))
+		assert.True(t, l.Accept(ip2))
+		time.Sleep(time.Millisecond)
+	}
+}
+
+func TestTimedLRU(t *testing.T) {
+	now := time.Now()
+	clock = func() time.Time {
+		return now
+	}
+	tlru := NewTimedLRU[string, string, int](time.Second)
+
+	qu := func(i *string) int {
+		*i = *i + "-"
+		return len(*i)
+	}
+	cr := func () (string, int) {
+		return "", 0
+	}
+	assert.Equal(t, 0, tlru.QueryUpdateOrCreate("hi", qu, cr))
+	assert.Equal(t, 0, tlru.QueryUpdateOrCreate("ho", qu, cr))
+	now = now.Add(800 * time.Millisecond)
+	assert.Equal(t, 0, tlru.QueryUpdateOrCreate("foo", qu, cr))
+	assert.Equal(t, 1, tlru.QueryUpdateOrCreate("ho", qu, cr))
+	now = now.Add(800 * time.Millisecond)
+	tlru.RemoveOldItems()
+	// "hi" has been deleted then it returns a fresh one
+	assert.Equal(t, 0, tlru.QueryUpdateOrCreate("hi", qu, cr))
+	assert.Equal(t, 2, tlru.QueryUpdateOrCreate("ho", qu, cr))
+	assert.Equal(t, 1, tlru.QueryUpdateOrCreate("foo", qu, cr))
+	now = now.Add(10000 * time.Millisecond)
+	tlru.RemoveOldItems()
+	// all entries have been deleted then it returns fresh instances
+	assert.Equal(t, 0, tlru.QueryUpdateOrCreate("hi", qu, cr))
+	assert.Equal(t, 0, tlru.QueryUpdateOrCreate("ho", qu, cr))
+	assert.Equal(t, 0, tlru.QueryUpdateOrCreate("foo", qu, cr))
+}
+
+func TestTimedLRU_ConcurrencyRaces(t *testing.T) {
+	timeBias := int64(0)
+	clock = func() time.Time {
+		return time.Now().Add(time.Duration(atomic.LoadInt64(&timeBias)))
+	}
+	tlru := NewTimedLRU[string, int64, bool](time.Second)
+	wg := sync.WaitGroup{}
+	wg.Add(4)
+	for i:= 0 ; i < 4 ; i++ {
+		thread := i
+		go func() {
+			start := time.Now()
+			defer wg.Done()
+			for time.Now().Sub(start) < 100 * time.Millisecond {
+				clk := clock()
+				key := fmt.Sprint(clk.UnixMilli())
+				tlru.QueryUpdateOrCreate(key, func(v *int64) bool {
+					atomic.AddInt64(v, 1)
+					return true
+				}, func() (int64, bool) {
+					return 0, true
+				})
+				tlru.RemoveOldItems()
+				runtime.Gosched()
+			}
+			if thread == 0 {
+				atomic.StoreInt64(&timeBias, int64(950 * time.Millisecond))
+				tlru.RemoveOldItems()
+			} else {
+				for time.Now().Sub(start) < 200 * time.Millisecond {
+					clk := clock()
+					key := fmt.Sprint(clk.UnixMilli())
+					tlru.QueryUpdateOrCreate(key, func(v *int64) bool {
+						atomic.AddInt64(v, 1)
+						return true
+					}, func() (int64, bool) {
+						return 0, true
+					})
+					tlru.RemoveOldItems()
+					runtime.Gosched()
+				}
+			}
+		}()
+	}
+	wg.Wait()
+	fmt.Println("hoe!")
+}

src/install/config.go

@@ -1,12 +1,18 @@
 package install
 
 import (
-	"io/ioutil"
+	"os"
+	"time"
 
 	"github.com/caarlos0/env/v6"
 	"gopkg.in/yaml.v2"
 )
 
+type MaxRequestsCfg struct {
+	Number int           `env:"GOBLOG_MAX_REQUESTS_NUMBER" yaml:"number"`
+	Period time.Duration `env:"GOBLOG_MAX_REQUESTS_PERIOD" yaml:"period"`
+}
+
 // Config of the blog installation. Via file or env vars.
 type Config struct {
 	RootPath       string            `env:"GOBLOG_ROOT" yaml:"rootPath"`
@@ -18,6 +24,7 @@ type Config struct {
 	Redirect       map[string]string `env:"GOBLOG_REDIRECT" yaml:"redirect"`
 	CacheSizeBytes int               `env:"GOBLOG_CACHE_SIZE_BYTES" yaml:"cacheSizeBytes"`
 	EntriesPerPage int               `env:"GOBLOG_ENTRIES_PER_PAGE" yaml:"entriesPerPage"`
+	MaxRequests    MaxRequestsCfg    `yaml:"maxRequests"`
 }
 
 // ReadConfig gets a Config object from the environment and the provided yamlPath (optional)
@@ -31,11 +38,14 @@ func ReadConfig(yamlPath string) (Config, error) {
 		TLSCertPath:    "",
 		CacheSizeBytes: 32 * 1024 * 1024, // 32 MB
 		EntriesPerPage: 5,
+		MaxRequests: MaxRequestsCfg{
+			Period: time.Minute,
+		},
 	}
 
 	// override them with YAML
 	if yamlPath != "" {
-		yf, err := ioutil.ReadFile(yamlPath)
+		yf, err := os.ReadFile(yamlPath)
 		if err != nil {
 			return cfg, err
 		}