mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-10-29 02:42:24 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

[feature] Add rate limit exceptions option, use ISO8601 for rate limit reset (#2151)

Browse source 
* start updating rate limiting, add exceptions

* tests, comments, tidying up

* add rate limiting exceptions to example config

* envparsing

* nolint

* apply kimbediff

* add examples
This commit is contained in:
tobi 2023-08-23 14:32:27 +02:00 committed by GitHub
commit 8f38dc2e7f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 402 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/api/ratelimiting.md
View file

@ -16,7 +16,7 @@ Every response will include the current status of the rate limit with the follow
- `X-Ratelimit-Limit`: maximum number of requests allowed per time period.
- `X-Ratelimit-Remaining`: number of remaining requests that can still be performed within.
- `X-Ratelimit-Reset`: unix timestamp indicating when the rate limit will reset.
- `X-Ratelimit-Reset`: ISO8601 timestamp indicating when the rate limit will reset.
In case the rate limit is exceeded, an [HTTP 429 Too Many Requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429) error is returned to the caller.
@ -35,3 +35,7 @@ If you don't have an HTTP proxy, then it's likely caused by NAT. In this case yo
### Can I configure the rate limit? Can I just turn it off?
Yes! Set `advanced-rate-limit-requests: 0` in the config.
### Can I exclude one or more IP addresses from rate limiting, but leave the rest in place?
Yes! Set `advanced-rate-limit-exceptions` in the config.

28
docs/configuration/advanced.md
View file

@ -52,6 +52,34 @@ advanced-cookies-samesite: "lax"
# Default: 300
advanced-rate-limit-requests: 300
# Array of string. CIDRs to except from rate limit restrictions.
# Any IPs inside the CIDR range(s) will not have rate limiting
# applied on their requests, and rate limit headers will not be
# set for those requests.
#
# This can be useful in the following example cases (and probably
# a bunch of others as well):
#
# 1. You've set up an automated service that uses the API, and
# it keeps getting rate limited, even though you trust it's
# not abusing the instance.
#
# 2. You live with multiple people who use the same instance,
# and you're all using the same router/NAT, so you all have
# the same IP address, and you keep rate limiting each other.
#
# 3. You mostly use your own home internet to access your instance,
# and you want to exempt your home internet from rate limiting.
#
# You should be careful when adjusting this setting, since you
# might inadvertently make rate limiting useless if you set too
# wide a range. If in doubt, be too restrictive rather than too
# lenient, and adjust as you go.
#
# Example: ["192.168.0.0/16"]
# Default: []
advanced-rate-limit-exceptions: []
# Int. Amount of open requests to permit per CPU, per router grouping, before applying http
# request throttling. Any requests beyond the calculated limit are held in a backlog queue for
# up to 30 seconds before either being processed or timing out. Requests that don't fit in the backlog