Merge pull request #593 from Permify/rate-limiter

Rate limiter
Permify · Jul 27, 2023 · 4015192 · 4015192
2 parents d2af7bd + 9ff3baa
commit 4015192
Show file tree

Hide file tree

Showing 8 changed files with 21 additions and 7 deletions.
diff --git a/docs/v1/apidocs.swagger.json b/docs/v1/apidocs.swagger.json
@@ -3,7 +3,7 @@
   "info": {
     "title": "Permify API",
     "description": "Permify is an open-source authorization service for creating and maintaining fine-grained authorizations across your individual applications and services. Permify converts authorization data as relational tuples into a database you point at. We called that database a Write Database (WriteDB) and it behaves as a centralized data source for your authorization system. You can model of your authorization with Permify's DSL - Permify Schema - and perform access checks with a single API call anywhere on your stack. Access decisions made according to stored relational tuples.",
-    "version": "v0.4.7",
+    "version": "v0.4.8",
     "contact": {
       "name": "API Support",
       "url": "https://github.com/Permify/permify/issues",

diff --git a/go.mod b/go.mod
@@ -85,6 +85,7 @@ require (
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gorilla/schema v1.2.0 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.5 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-msgpack v0.5.3 // indirect

diff --git a/go.sum b/go.sum
@@ -251,6 +251,8 @@ github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyC
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI=
 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8=
+github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.5 h1:3IZOAnD058zZllQTZNBioTlrzrBG/IjpiZ133IEtusM=
+github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.5/go.mod h1:xbKERva94Pw2cPen0s79J3uXmGzbbpDYFBFDlZ4mV/w=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.1 h1:RoziI+96HlQWrbaVhgOOdFYUHtX81pwA6tCgDS9FNRo=

diff --git a/internal/info.go b/internal/info.go
@@ -20,7 +20,7 @@ var Identifier = xid.New().String()
 */
 const (
 	// Version is the last release of the Permify (e.g. v0.1.0)
-	Version = "v0.4.7"
+	Version = "v0.4.8"
 
 	// Banner is the view for terminal.
 	Banner = `

diff --git a/internal/middleware/limiter.go b/internal/middleware/limiter.go
@@ -1,8 +1,11 @@
 package middleware
 
 import (
+	"fmt"
 	"time"
 
+	"golang.org/x/net/context"
+
 	"github.com/juju/ratelimit"
 )
 
@@ -29,6 +32,14 @@ func NewRateLimiter(reqPerSec int64) *RateLimiter {
 // Limit checks if a request should be allowed based on the current state of the bucket.
 // If no tokens are available (i.e., if TakeAvailable(1) returns 0), it means the rate limit has been hit,
 // so it returns true. If a token is available, it returns false, meaning the request can proceed.
-func (l *RateLimiter) Limit() bool {
-	return l.bucket.TakeAvailable(1) == 0
+func (l *RateLimiter) Limit(_ context.Context) error {
+	tokenRes := l.bucket.TakeAvailable(1)
+
+	// When rate limit reached, return specific error for the clients.
+	if tokenRes == 0 {
+		return fmt.Errorf("reached Rate-Limiting %d", l.bucket.Available())
+	}
+
+	// Rate limit isn't reached.
+	return nil
 }
diff --git a/internal/servers/server.go b/internal/servers/server.go
@@ -9,7 +9,7 @@ import (
 	"net/http/pprof"
 	"time"
 
-	"github.com/grpc-ecosystem/go-grpc-middleware/ratelimit"
+	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/ratelimit"
 
 	grpcAuth "github.com/grpc-ecosystem/go-grpc-middleware/auth"
 

diff --git a/pkg/pb/base/v1/openapi.pb.go b/pkg/pb/base/v1/openapi.pb.go
diff --git a/proto/base/v1/openapi.proto b/proto/base/v1/openapi.proto
@@ -9,7 +9,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
   info: {
     title: "Permify API";
     description: "Permify is an open-source authorization service for creating and maintaining fine-grained authorizations across your individual applications and services. Permify converts authorization data as relational tuples into a database you point at. We called that database a Write Database (WriteDB) and it behaves as a centralized data source for your authorization system. You can model of your authorization with Permify's DSL - Permify Schema - and perform access checks with a single API call anywhere on your stack. Access decisions made according to stored relational tuples.";
-    version: "v0.4.7";
+    version: "v0.4.8";
     contact: {
       name: "API Support";
       url: "https://github.com/Permify/permify/issues";