From daab1c9669c107903cf73b6debc1795493d4b1cf Mon Sep 17 00:00:00 2001 From: Tolga Ozen Date: Thu, 27 Jul 2023 20:49:47 +0300 Subject: [PATCH 1/2] refactor: rate limiter middleware v2 --- go.mod | 1 + go.sum | 2 ++ internal/middleware/limiter.go | 15 +++++++++++++-- internal/servers/server.go | 2 +- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ec9d2a9c9..f777acd7d 100644 --- a/go.mod +++ b/go.mod @@ -85,6 +85,7 @@ require ( github.com/google/uuid v1.3.0 // indirect github.com/gorilla/schema v1.2.0 // indirect github.com/gorilla/securecookie v1.1.1 // indirect + github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.5 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-msgpack v0.5.3 // indirect diff --git a/go.sum b/go.sum index 38ffb71b1..79f347471 100644 --- a/go.sum +++ b/go.sum @@ -251,6 +251,8 @@ github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyC github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= +github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.5 h1:3IZOAnD058zZllQTZNBioTlrzrBG/IjpiZ133IEtusM= +github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.0-rc.5/go.mod h1:xbKERva94Pw2cPen0s79J3uXmGzbbpDYFBFDlZ4mV/w= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.1 h1:RoziI+96HlQWrbaVhgOOdFYUHtX81pwA6tCgDS9FNRo= diff --git a/internal/middleware/limiter.go b/internal/middleware/limiter.go index 80c66cd92..d468da9d2 100644 --- a/internal/middleware/limiter.go +++ b/internal/middleware/limiter.go @@ -1,8 +1,11 @@ package middleware import ( + "fmt" "time" + "golang.org/x/net/context" + "github.com/juju/ratelimit" ) @@ -29,6 +32,14 @@ func NewRateLimiter(reqPerSec int64) *RateLimiter { // Limit checks if a request should be allowed based on the current state of the bucket. // If no tokens are available (i.e., if TakeAvailable(1) returns 0), it means the rate limit has been hit, // so it returns true. If a token is available, it returns false, meaning the request can proceed. -func (l *RateLimiter) Limit() bool { - return l.bucket.TakeAvailable(1) == 0 +func (l *RateLimiter) Limit(_ context.Context) error { + tokenRes := l.bucket.TakeAvailable(1) + + // When rate limit reached, return specific error for the clients. + if tokenRes == 0 { + return fmt.Errorf("reached Rate-Limiting %d", l.bucket.Available()) + } + + // Rate limit isn't reached. + return nil } diff --git a/internal/servers/server.go b/internal/servers/server.go index c1a745b43..154dcc793 100644 --- a/internal/servers/server.go +++ b/internal/servers/server.go @@ -9,7 +9,7 @@ import ( "net/http/pprof" "time" - "github.com/grpc-ecosystem/go-grpc-middleware/ratelimit" + "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/ratelimit" grpcAuth "github.com/grpc-ecosystem/go-grpc-middleware/auth" From 9ff3baa504fcd329715dfdfab97825dffdeae2f7 Mon Sep 17 00:00:00 2001 From: Tolga Ozen Date: Thu, 27 Jul 2023 20:52:25 +0300 Subject: [PATCH 2/2] *: version info update --- docs/v1/apidocs.swagger.json | 2 +- internal/info.go | 2 +- pkg/pb/base/v1/openapi.pb.go | 2 +- proto/base/v1/openapi.proto | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/v1/apidocs.swagger.json b/docs/v1/apidocs.swagger.json index 326f04020..39bcc2095 100644 --- a/docs/v1/apidocs.swagger.json +++ b/docs/v1/apidocs.swagger.json @@ -3,7 +3,7 @@ "info": { "title": "Permify API", "description": "Permify is an open-source authorization service for creating and maintaining fine-grained authorizations across your individual applications and services. Permify converts authorization data as relational tuples into a database you point at. We called that database a Write Database (WriteDB) and it behaves as a centralized data source for your authorization system. You can model of your authorization with Permify's DSL - Permify Schema - and perform access checks with a single API call anywhere on your stack. Access decisions made according to stored relational tuples.", - "version": "v0.4.7", + "version": "v0.4.8", "contact": { "name": "API Support", "url": "https://github.com/Permify/permify/issues", diff --git a/internal/info.go b/internal/info.go index 04e855383..b8c9d097c 100644 --- a/internal/info.go +++ b/internal/info.go @@ -20,7 +20,7 @@ var Identifier = xid.New().String() */ const ( // Version is the last release of the Permify (e.g. v0.1.0) - Version = "v0.4.7" + Version = "v0.4.8" // Banner is the view for terminal. Banner = ` diff --git a/pkg/pb/base/v1/openapi.pb.go b/pkg/pb/base/v1/openapi.pb.go index d5656c2d4..74426e01a 100644 --- a/pkg/pb/base/v1/openapi.pb.go +++ b/pkg/pb/base/v1/openapi.pb.go @@ -75,7 +75,7 @@ var file_base_v1_openapi_proto_rawDesc = []byte{ 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x66, 0x79, 0x2f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x66, 0x79, 0x2f, 0x62, 0x6c, 0x6f, 0x62, 0x2f, 0x6d, 0x61, 0x73, 0x74, 0x65, 0x72, 0x2f, 0x4c, 0x49, 0x43, 0x45, - 0x4e, 0x53, 0x45, 0x32, 0x06, 0x76, 0x30, 0x2e, 0x34, 0x2e, 0x37, 0x2a, 0x01, 0x02, 0x32, 0x10, + 0x4e, 0x53, 0x45, 0x32, 0x06, 0x76, 0x30, 0x2e, 0x34, 0x2e, 0x38, 0x2a, 0x01, 0x02, 0x32, 0x10, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x6a, 0x73, 0x6f, 0x6e, 0x3a, 0x10, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x6a, 0x73, 0x6f, 0x6e, 0x5a, 0x23, 0x0a, 0x21, 0x0a, 0x0a, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x41, 0x75, diff --git a/proto/base/v1/openapi.proto b/proto/base/v1/openapi.proto index fdb19d9e3..91f802ecc 100644 --- a/proto/base/v1/openapi.proto +++ b/proto/base/v1/openapi.proto @@ -9,7 +9,7 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = { info: { title: "Permify API"; description: "Permify is an open-source authorization service for creating and maintaining fine-grained authorizations across your individual applications and services. Permify converts authorization data as relational tuples into a database you point at. We called that database a Write Database (WriteDB) and it behaves as a centralized data source for your authorization system. You can model of your authorization with Permify's DSL - Permify Schema - and perform access checks with a single API call anywhere on your stack. Access decisions made according to stored relational tuples."; - version: "v0.4.7"; + version: "v0.4.8"; contact: { name: "API Support"; url: "https://github.com/Permify/permify/issues";