[feature] HTTP request throttling middleware (#1297)

* [feature] Add throttling middleware to AP endpoints * refactor a lil bit * use config setting, start updating docs * doc updates * use relative links in faq doc * small docs fixes * return code 503 instead of 429 when throttled * throttle other endpoints too * simplify token channel prefills
2025-12-10 14:28:07 -06:00 · 2023-01-04 11:57:59 +01:00 · 2023-01-04 11:57:59 +01:00 · 90a14abb0c
commit 90a14abb0c
parent 0b8eafec5c
16 changed files with 313 additions and 27 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -127,8 +127,9 @@ type Configuration struct {
 	SyslogProtocol string `name:"syslog-protocol" usage:"Protocol to use when directing logs to syslog. Leave empty to connect to local syslog."`
 	SyslogAddress  string `name:"syslog-address" usage:"Address:port to send syslog logs to. Leave empty to connect to local syslog."`

-	AdvancedCookiesSamesite   string `name:"advanced-cookies-samesite" usage:"'strict' or 'lax', see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"`
-	AdvancedRateLimitRequests int    `name:"advanced-rate-limit-requests" usage:"Amount of HTTP requests to permit within a 5 minute window. 0 or less turns rate limiting off."`
+	AdvancedCookiesSamesite      string `name:"advanced-cookies-samesite" usage:"'strict' or 'lax', see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"`
+	AdvancedRateLimitRequests    int    `name:"advanced-rate-limit-requests" usage:"Amount of HTTP requests to permit within a 5 minute window. 0 or less turns rate limiting off."`
+	AdvancedThrottlingMultiplier int    `name:"advanced-throttling-multiplier" usage:"Multiplier to use per cpu for http request throttling. 0 or less turns throttling off."`

 	// Cache configuration vars.
 	Cache CacheConfiguration `name:"cache"`
--- a/internal/config/defaults.go
+++ b/internal/config/defaults.go
@ -104,8 +104,9 @@ var Defaults = Configuration{
 	SyslogProtocol: "udp",
 	SyslogAddress:  "localhost:514",

-	AdvancedCookiesSamesite:   "lax",
-	AdvancedRateLimitRequests: 300, // 1 per second per 5 minutes
+	AdvancedCookiesSamesite:      "lax",
+	AdvancedRateLimitRequests:    300, // 1 per second per 5 minutes
+	AdvancedThrottlingMultiplier: 8,   // 8 open requests per CPU

 	Cache: CacheConfiguration{
 		GTS: GTSCacheConfiguration{
--- a/internal/config/flags.go
+++ b/internal/config/flags.go
@ -132,6 +132,7 @@ func (s *ConfigState) AddServerFlags(cmd *cobra.Command) {
 		// Advanced flags
 		cmd.Flags().String(AdvancedCookiesSamesiteFlag(), cfg.AdvancedCookiesSamesite, fieldtag("AdvancedCookiesSamesite", "usage"))
 		cmd.Flags().Int(AdvancedRateLimitRequestsFlag(), cfg.AdvancedRateLimitRequests, fieldtag("AdvancedRateLimitRequests", "usage"))
+		cmd.Flags().Int(AdvancedThrottlingMultiplierFlag(), cfg.AdvancedThrottlingMultiplier, fieldtag("AdvancedThrottlingMultiplier", "usage"))
 	})
 }

--- a/internal/config/helpers.gen.go
+++ b/internal/config/helpers.gen.go
@ -1824,6 +1824,31 @@ func GetAdvancedRateLimitRequests() int { return global.GetAdvancedRateLimitRequ
 // SetAdvancedRateLimitRequests safely sets the value for global configuration 'AdvancedRateLimitRequests' field
 func SetAdvancedRateLimitRequests(v int) { global.SetAdvancedRateLimitRequests(v) }

+// GetAdvancedThrottlingMultiplier safely fetches the Configuration value for state's 'AdvancedThrottlingMultiplier' field
+func (st *ConfigState) GetAdvancedThrottlingMultiplier() (v int) {
+	st.mutex.Lock()
+	v = st.config.AdvancedThrottlingMultiplier
+	st.mutex.Unlock()
+	return
+}
+
+// SetAdvancedThrottlingMultiplier safely sets the Configuration value for state's 'AdvancedThrottlingMultiplier' field
+func (st *ConfigState) SetAdvancedThrottlingMultiplier(v int) {
+	st.mutex.Lock()
+	defer st.mutex.Unlock()
+	st.config.AdvancedThrottlingMultiplier = v
+	st.reloadToViper()
+}
+
+// AdvancedThrottlingMultiplierFlag returns the flag name for the 'AdvancedThrottlingMultiplier' field
+func AdvancedThrottlingMultiplierFlag() string { return "advanced-throttling-multiplier" }
+
+// GetAdvancedThrottlingMultiplier safely fetches the value for global configuration 'AdvancedThrottlingMultiplier' field
+func GetAdvancedThrottlingMultiplier() int { return global.GetAdvancedThrottlingMultiplier() }
+
+// SetAdvancedThrottlingMultiplier safely sets the value for global configuration 'AdvancedThrottlingMultiplier' field
+func SetAdvancedThrottlingMultiplier(v int) { global.SetAdvancedThrottlingMultiplier(v) }
+
 // GetCacheGTSAccountMaxSize safely fetches the Configuration value for state's 'Cache.GTS.AccountMaxSize' field
 func (st *ConfigState) GetCacheGTSAccountMaxSize() (v int) {
 	st.mutex.Lock()