From c701c86435b9969ec87ed4787d34c885da2a808c Mon Sep 17 00:00:00 2001 From: Gerard Snaauw <33763579+gerardsn@users.noreply.github.com> Date: Wed, 6 Nov 2024 13:50:31 +0100 Subject: [PATCH] Backport: Ratelimit APIs that publish to the nuts network (#3542) * Ratelimit APIs that publish to the nuts network * release notes v6.0.1 --- docs/pages/release_notes.rst | 23 +++++++++++++++++------ http/engine.go | 22 ++++++++++++++-------- 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/docs/pages/release_notes.rst b/docs/pages/release_notes.rst index 92360079f..fe5b658d8 100644 --- a/docs/pages/release_notes.rst +++ b/docs/pages/release_notes.rst @@ -2,9 +2,20 @@ Release notes ############# -******************* +*************** +Peanut (v6.0.1) +*************** + +Release date: 2024-11-06 + +- disable rate limiting on APIs when supported DID methods does not include 'nuts' +- add rate limiting to VDR v2 APIs + +**Full Changelog**: https://github.com/nuts-foundation/nuts-node/compare/v6.0.0...v6.0.1 + +*************** Peanut (v6.0.0) -******************* +*************** Release date: 2024-10-25 @@ -103,9 +114,9 @@ The following features have been deprecated: - Network v1 API, to be removed - VDR v1 API, replaced by VDR v2 -************************ +************************* Hazelnut update (v5.4.11) -************************ +************************* Release date: 2024-09-24 @@ -113,9 +124,9 @@ Release date: 2024-09-24 **Full Changelog**: https://github.com/nuts-foundation/nuts-node/compare/v5.4.10...v5.4.11 -************************ +************************* Hazelnut update (v5.4.10) -************************ +************************* Release date: 2024-09-13 diff --git a/http/engine.go b/http/engine.go index 790f3da4b..e981e4e1d 100644 --- a/http/engine.go +++ b/http/engine.go @@ -22,10 +22,10 @@ import ( "context" "errors" "fmt" - "github.com/nuts-foundation/nuts-node/http/client" "net" "net/http" "os" + "slices" "strings" "time" @@ -33,8 +33,10 @@ import ( "github.com/labstack/echo/v4/middleware" "github.com/nuts-foundation/nuts-node/core" cryptoEngine "github.com/nuts-foundation/nuts-node/crypto" + "github.com/nuts-foundation/nuts-node/http/client" "github.com/nuts-foundation/nuts-node/http/log" "github.com/nuts-foundation/nuts-node/http/tokenV2" + "github.com/nuts-foundation/nuts-node/vdr/didnuts" ) const moduleName = "HTTP" @@ -180,15 +182,19 @@ func matchesPath(requestURI string, path string) bool { } func (h Engine) applyRateLimiterMiddleware(echoServer core.EchoRouter, serverConfig core.ServerConfig) { - // Always enabled in strict mode - if serverConfig.Strictmode || serverConfig.InternalRateLimiter { + // Always enabled in strict mode, but only if did:nuts is enabled on the node + if (serverConfig.Strictmode || serverConfig.InternalRateLimiter) && slices.Contains(serverConfig.DIDMethods, didnuts.MethodName) { echoServer.Use(newInternalRateLimiter(map[string][]string{ http.MethodPost: { - "/internal/vcr/v2/issuer/vc", // issuing new VCs - "/internal/vdr/v1/did", // creating new DIDs - "/internal/vdr/v1/did/:did/verificationmethod", // add VM to DID - "/internal/didman/v1/did/:did/endpoint", // add endpoint to DID - "/internal/didman/v1/did/:did/compoundservice", // add compound service to DID + "/internal/vcr/v2/issuer/vc", // issuing new VCs + "/internal/vdr/v1/did", // creating new DIDs + "/internal/vdr/v1/did/:did/verificationmethod", // add VM to DID + "/internal/didman/v1/did/:did/endpoint", // add endpoint to DID + "/internal/didman/v1/did/:did/compoundservice", // add compound service to DID + "/internal/vdr/v2/subject", // create new subject + "/internal/vdr/v2/subject/:id/service", // add service to subject + "/internal/vdr/v2/subject/:id/service/:serviceId", // update service for a subject + "/internal/vdr/v2/subject/:id/verificationmethod", // create new verification method for subject }, http.MethodPut: { "/internal/vdr/v1/did/:did", // updating DIDs