public async Task Invoke(HttpContext httpContext) { // check if rate limiting is enabled if (_options == null) { await _next.Invoke(httpContext); return; } // compute identity from request var identity = await _clientRequestStore.GetClientRequestIdentityAsync(httpContext); if (identity == null) { await _next.Invoke(httpContext); return; } // check white list if (_processor.IsWhitelisted(identity)) { await _next.Invoke(httpContext); return; } var rules = _processor.GetMatchingRules(identity); foreach (var rule in rules) { if(rule.Limit > 0) { // increment counter var counter = _processor.ProcessRequest(identity, rule); // check if key expired if (counter.Timestamp + rule.PeriodTimespan.Value < DateTime.UtcNow) { continue; } // check if limit is reached if (counter.TotalRequests > rule.Limit) { //compute retry after value var retryAfter = _processor.RetryAfterFrom(counter.Timestamp, rule); // log blocked request LogBlockedRequest(httpContext, identity, counter, rule); // break execution await ReturnQuotaExceededResponse(httpContext, rule, retryAfter); return; } } // if limit is zero or less, block the request. else { // process request count var counter = _processor.ProcessRequest(identity, rule); // log blocked request LogBlockedRequest(httpContext, identity, counter, rule); // break execution (Int32 max used to represent infinity) await ReturnQuotaExceededResponse(httpContext, rule, Int32.MaxValue.ToString(System.Globalization.CultureInfo.InvariantCulture)); return; } } //set X-Rate-Limit headers for the longest period if(rules.Any() && !_options.DisableRateLimitHeaders) { var rule = rules.OrderByDescending(x => x.PeriodTimespan.Value).First(); var headers = _processor.GetRateLimitHeaders(identity, rule); headers.Context = httpContext; httpContext.Response.OnStarting(SetRateLimitHeaders, state: headers); } await _next.Invoke(httpContext); }
async Task <IRequestTrackerResult> PreEvaluateRateLimitRules(IdentityServerRequestRecord requestRecord) { // ONLY CHECK THE COUNT and Deny. DO NOT MUTATE any data var identity = new ClientRequestIdentity() { ClientId = requestRecord.Client.ClientId, EndpointKey = requestRecord.EndpointKey }; var rateLimitClientsRule = _processor.GetRateLimitClientsRule(identity); if (rateLimitClientsRule == null) { // no rules for us to evaluate return(null); } var result = _serviceProvider.GetService <ClientRateLimiterRequestTrackerResult>(); result.RateLimitClientsRule = rateLimitClientsRule; result.IdentityServerRequestRecord = requestRecord; result.Directive = RequestTrackerEvaluatorDirective.AllowRequest; foreach (var rule in rateLimitClientsRule.Settings.RateLimitRules) { if (rule.Limit > 0) { // get the current counter var counter = _processor.GetCurrentRateLimitCounter(identity, rule); // check if key expired if (counter.Timestamp + rule.PeriodTimespan.Value < DateTime.UtcNow) { continue; } // check if limit is reached if (counter.TotalRequests >= rule.Limit) { //compute retry after value var retryAfter = _processor.RetryAfterFrom(counter.Timestamp, rule); // log blocked request LogBlockedRequest(requestRecord.HttpContext, identity, counter, rule); // break execution result.Directive = RequestTrackerEvaluatorDirective.DenyRequest; result.Rule = rule; result.RetryAfter = retryAfter; return(result); } } else { // process request count var counter = _processor.GetCurrentRateLimitCounter(identity, rule); // log blocked request LogBlockedRequest(requestRecord.HttpContext, identity, counter, rule); // break execution (Int32 max used to represent infinity) // break execution result.Directive = RequestTrackerEvaluatorDirective.DenyRequest; result.Rule = rule; result.RetryAfter = Int32.MaxValue.ToString(System.Globalization.CultureInfo.InvariantCulture); return(result); } } result.Rule = rateLimitClientsRule.Settings.RateLimitRules .OrderByDescending(x => x.PeriodTimespan.Value).First(); return(result); }