Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add authentication rate limiting #6865

Merged
merged 9 commits into from Mar 26, 2024
Merged

add authentication rate limiting #6865

merged 9 commits into from Mar 26, 2024

Conversation

conradludgate
Copy link
Contributor

@conradludgate conradludgate commented Feb 21, 2024
edited

Problem

https://github.com/neondatabase/cloud/issues/9642

Summary of changes

  1. Make EndpointRateLimiter generic, renamed as BucketRateLimiter
  2. Add support for claiming multiple tokens at once
  3. Add AuthRateLimiter alias.
  4. Check (Endpoint, IP) pair during authentication, weighted by how many hashes proxy would be doing.

TODO: handle ipv6 subnets. will do this in a separate PR.

Checklist before requesting a review

  • I have performed a self-review of my code.
  • If it is a core feature, I have added thorough tests.
  • Do we need to implement analytics? if so did you add the relevant metrics to the dashboard?
  • If this PR requires public announcement, mark it with /release-notes label and add several sentences in this section.

Checklist before merging

  • Do not forget to reformat commit message to not include the above checklist

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 21, 2024
edited

2718 tests run: 2580 passed, 0 failed, 138 skipped (full report)

Flaky tests (1)

Postgres 15

  • test_vm_bit_clear_on_heap_lock: debug

Code coverage* (full report)

  • functions: 28.1% (6295 of 22372 functions)
  • lines: 47.0% (44269 of 94190 lines)

* collected from Rust tests only

The comment gets automatically updated with the latest test results
7e584d6 at 2024-03-25T18:25:11.222Z :recycle:

@conradludgate conradludgate force-pushed the auth-limiter branch 4 times, most recently from 644413c to 5ca41ca Compare March 25, 2024 11:12
@conradludgate conradludgate marked this pull request as ready for review March 25, 2024 11:28
@conradludgate conradludgate requested a review from a team as a code owner March 25, 2024 11:28
khanova
khanova approved these changes Mar 25, 2024
View reviewed changes
proxy/src/auth/backend.rs Outdated Show resolved Hide resolved
proxy/src/auth/backend.rs Outdated Show resolved Hide resolved
proxy/src/auth/backend.rs Show resolved Hide resolved
proxy/src/proxy.rs Show resolved Hide resolved
khanova
khanova approved these changes Mar 25, 2024
View reviewed changes
proxy/src/auth/backend.rs Outdated Show resolved Hide resolved
proxy/src/proxy.rs Show resolved Hide resolved
@conradludgate conradludgate merged commit 12512f3 into main Mar 26, 2024
53 checks passed
@conradludgate conradludgate deleted the auth-limiter branch March 26, 2024 19:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khanova khanova khanova approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@conradludgate @khanova