Closed
Description
Allow users to piecemeal add named RateLimiters
that apply to specific endpoints - will achieve this w/ IEndpointConventionBuilder
. Some discussion starting at #41655 (comment)
namespace Microsoft.AspNetCore.RateLimiting
{
public interface IRateLimiterPolicy<TKey>
{
public int CustomRejectionStatusCode { get; }
public RateLimitPartition<TKey> GetPartition(HttpContext httpContext);
}
public sealed class RateLimiterOptions
{
public PartitionedRateLimiter<HttpContext> Limiter { get; set; }
public Func<HttpContext, RateLimitLease, Task> OnRejected { get; set; }
public int DefaultRejectionStatusCode{ get; set; }
public RateLimiterOptions AddPolicy<TKey>(string name, Func<HttpContext, RateLimitPartition<TKey>> partitioner, bool global = false)
public RateLimiterOptions AddPolicy<TKey, TPolicy>(string name, bool global = false) where TPolicy : IRateLimiterPolicy<TKey>
}
public static class RateLimiterApplicationBuilderExtensions
{
public static IApplicationBuilder UseRateLimiter(this IApplicationBuilder app)
public static IApplicationBuilder UseRateLimiter(this IApplicationBuilder app, RateLimiterOptions options)
}
public static class RateLimiterEndpointConventionBuilderExtensions
{
public static TBuilder RequireRateLimiting<TBuilder>(this TBuilder builder, String name) where TBuilder : IEndpointConventionBuilder
}
public static class RateLimiterOptionsExtensions
{
public static RateLimiterOptions AddTokenBucketRateLimiter(this RateLimiterOptions options, string name, TokenBucketRateLimiterOptions tokenBucketRateLimiterOptions, bool global = false)
public static RateLimiterOptions AddFixedWindowRateLimiter(this RateLimiterOptions options, string name, FixedWindowRateLimiterOptions fixedWindowRateLimiterOptions, bool global = false)
public static RateLimiterOptions AddSlidingWindowRateLimiter(this RateLimiterOptions options, string name, SlidingWindowRateLimiterOptions slidingWindowRateLimiterOptions, bool global = false)
public static RateLimiterOptions AddConcurrencyLimiter(this RateLimiterOptions options, string name, ConcurrencyLimiterOptions concurrencyLimiterOptions, bool global = false)
public static RateLimiterOptions AddNoLimiter(this RateLimiterOptions options, string name, bool global = false)
}
}
Metadata
Metadata
Assignees
Labels
Type
Projects
Relationships
Development
No branches or pull requests
Activity
Kahbazi commentedon Jun 12, 2022
Is
global = true
equivalent to default policy like what there is inCors
?aspnetcore/src/Middleware/CORS/src/Infrastructure/CorsOptions.cs
Line 34 in ae281e9
If not a default policy would be useful. Also there could be a
NoRateLimiting
method on endpoint too to skip the middleware completely.wtgodbe commentedon Jun 13, 2022
global = true
means the limiter can be shared across endpoints that request it, not that it will be shared across every endpoint. The default is false to avoid users accidentally supplying 2 limiter policies with the same name across 2 different endpoints - we want the default behavior to be that that is 2 separate limiters.There's not currently a way w/ the runtime APIs to mix endpoint-specific & truly global limiters - if you want a truly global limiter, you can
set
theLimiter
onRateLimiterOptions
.Good call, just added an extension method for
AddNoLimiter
wtgodbe commentedon Jun 13, 2022
Notes -
name
params should bepolicyName
Inline policies #39840 should be in for 7, not necessarily needed for this PR
bool global
should bePolicyScope
enum, which we can documentglobal
at all - Limiters can not be shared across policies (if 2 policies have same key, we'll disambiguate). Users can apply the same policy to multiple endpoints, which will share limiters across endpointsOnly 1 policy metadata will be resolved on each endpoint - last one wins (imagine applying policy to whole group, then different policy to 1 endpoint in group). Check the endpoint's metadata, see if we have any policy in our last matching that.
Follow-up - allow user to set feature on context that has policy name. Call to
.Create
checks feature, then endpoint metadataghost commentedon Jun 13, 2022
Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:
halter73 commentedon Jun 13, 2022
API Review Notes:
AddTokenBucketRateLimiter
and similar, thestring name
parameter should be astring policyName
parameter.string name
parameters should bestring policyName
.OnRejected
per policy? We can already setCustomRejectionStatusCode
withIRateLimiterPolicy
.RateLimiterOptions.Limiter
be merged with the endpoint-specific stuff? If you don't want to use the endpoint-specific stuff, you just don't define policies or callRequireRateLimiting
.string? RateLimterPolicyName
. Who would set the feature considering middleware hasn't run yet? We had a similar issue with output caching cc @sebastienrosFunc<HttpContext, string?> RateLimiterOptions.PolicyNameCallback
27 remaining items