rate_limiter.ex
View Options

	# Pleroma: A lightweight social networking server
	# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
	# SPDX-License-Identifier: AGPL-3.0-only

	defmodule Pleroma.Plugs.RateLimiter do
	@moduledoc """

	## Configuration

	A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:

	* The first element: `scale` (Integer). The time scale in milliseconds.
	* The second element: `limit` (Integer). How many requests to limit in the time scale provided.

	It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated.

	To disable a limiter set its value to `nil`.

	### Example

	config :pleroma, :rate_limit,
	one: {1000, 10},
	two: [{10_000, 10}, {10_000, 50}],
	foobar: nil

	Here we have three limiters:

	* `one` which is not over 10req/1s
	* `two` which has two limits: 10req/10s for unauthenticated users and 50req/10s for authenticated users
	* `foobar` which is disabled

	## Usage

	AllowedSyntax:

	plug(Pleroma.Plugs.RateLimiter, :limiter_name)
	plug(Pleroma.Plugs.RateLimiter, {:limiter_name, options})

	Allowed options:

	* `bucket_name` overrides bucket name (e.g. to have a separate limit for a set of actions)
	* `params` appends values of specified request params (e.g. ["id"]) to bucket name

	Inside a controller:

	plug(Pleroma.Plugs.RateLimiter, :one when action == :one)
	plug(Pleroma.Plugs.RateLimiter, :two when action in [:two, :three])

	plug(
	Pleroma.Plugs.RateLimiter,
	{:status_id_action, bucket_name: "status_id_action:fav_unfav", params: ["id"]}
	when action in ~w(fav_status unfav_status)a
	)

	or inside a router pipeline:

	pipeline :api do
	...
	plug(Pleroma.Plugs.RateLimiter, :one)
	...
	end
	"""
	import Pleroma.Web.TranslationHelpers
	import Plug.Conn

	alias Pleroma.User

	def init(limiter_name) when is_atom(limiter_name) do
	init({limiter_name, []})
	end

	def init({limiter_name, opts}) do
	case Pleroma.Config.get([:rate_limit, limiter_name]) do
	nil -> nil
	config -> {limiter_name, config, opts}
	end
	end

	# Do not limit if there is no limiter configuration
	def call(conn, nil), do: conn

	def call(conn, settings) do
	case check_rate(conn, settings) do
	{:ok, _count} ->
	conn

	{:error, _count} ->
	render_throttled_error(conn)
	end
	end

	defp bucket_name(conn, limiter_name, opts) do
	bucket_name = opts[:bucket_name] \|\| limiter_name

	if params_names = opts[:params] do
	params_values = for p <- Enum.sort(params_names), do: conn.params[p]
	Enum.join([bucket_name] ++ params_values, ":")
	else
	bucket_name
	end
	end

	defp check_rate(
	%{assigns: %{user: %User{id: user_id}}} = conn,
	{limiter_name, [_, {scale, limit}], opts}
	) do
	bucket_name = bucket_name(conn, limiter_name, opts)
	ExRated.check_rate("#{bucket_name}:#{user_id}", scale, limit)
	end

	defp check_rate(conn, {limiter_name, [{scale, limit} \| _], opts}) do
	bucket_name = bucket_name(conn, limiter_name, opts)
	ExRated.check_rate("#{bucket_name}:#{ip(conn)}", scale, limit)
	end

	defp check_rate(conn, {limiter_name, {scale, limit}, opts}) do
	check_rate(conn, {limiter_name, [{scale, limit}, {scale, limit}], opts})
	end

	def ip(%{remote_ip: remote_ip}) do
	remote_ip
	\|> Tuple.to_list()
	\|> Enum.join(".")
	end

	defp render_throttled_error(conn) do
	conn
	\|> render_error(:too_many_requests, "Throttled")
	\|> halt()
	end
	end

File Metadata

Mime Type: text/x-ruby
Expires: Sat, Dec 27, 11:51 PM (19 h, 22 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 780353
Default Alt Text: rate_limiter.ex (3 KB)

rate_limiter.ex
No OneTemporary
Actions

rate_limiter.ex
View Options

File Metadata

Event Timeline

rate_limiter.exNo OneTemporaryActions

rate_limiter.exView Options

File Metadata

Event Timeline

rate_limiter.ex
No OneTemporary
Actions

rate_limiter.ex
View Options