public async Task Invoke(HttpContext httpContext) { // check if rate limiting is enabled if (_options == null) { await _next.Invoke(httpContext); return; } // get request details var clientRequest = httpContext.GetClientRequest(_options.ClientIdHeader, _options.RealIpHeader); // check white list if (_processor.IsWhitelisted(clientRequest)) { await _next.Invoke(httpContext); return; } var rules = _processor.GetMatchingRules(clientRequest); RateLimitResult result = null; foreach (var rule in rules) { // if limit is zero or less, block the request. if (rule.Limit <= 0) { // log blocked request LogBlockedRequest(httpContext, clientRequest, rule); // return quote exceeded await ReturnQuotaExceededResponse(httpContext, rule); return; } // process request result = await _processor.ProcessRequestAsync(clientRequest, rule); // check if limit is exceeded if (!result.Success) { //compute retry after value var retryAfter = Convert.ToInt32((result.Expiry - DateTime.UtcNow).TotalSeconds) .ToString(CultureInfo.InvariantCulture); // log blocked request LogBlockedRequest(httpContext, clientRequest, rule); // return quote exceeded await ReturnQuotaExceededResponse(httpContext, rule, retryAfter); return; } } // set X-Rate-Limit headers if (result != null && !_options.DisableRateLimitHeaders) { var rule = rules.Last(); var headers = new RateLimitHeaders { Reset = result.Expiry.ToString("o", DateTimeFormatInfo.InvariantInfo), Limit = rule.Period, Remaining = result.Remaining.ToString() }; httpContext.Response.OnStarting(state => { try { var context = (HttpContext)state; context.Response.Headers["X-Rate-Limit-Limit"] = headers.Limit; context.Response.Headers["X-Rate-Limit-Remaining"] = headers.Remaining; context.Response.Headers["X-Rate-Limit-Reset"] = headers.Reset; } catch { // ignore exception adding headers } return(Task.FromResult(0)); }, httpContext); } await _next.Invoke(httpContext); }
public async Task Invoke(HttpContext httpContext) { // check if rate limiting is enabled if (_options == null) { await _next.Invoke(httpContext); return; } // compute identity from request var identity = SetIdentity(httpContext); // check white list if (_processor.IsWhitelisted(identity)) { await _next.Invoke(httpContext); return; } var rules = _processor.GetMatchingRules(identity); foreach (var rule in rules) { if (rule.Limit > 0) { // increment counter var counter = _processor.ProcessRequest(identity, rule); // check if key expired if (counter.Timestamp + rule.PeriodTimespan.Value < DateTime.UtcNow) { continue; } // check if limit is reached if (counter.TotalRequests > rule.Limit) { //compute retry after value var retryAfter = _processor.RetryAfterFrom(counter.Timestamp, rule); // log blocked request LogBlockedRequest(httpContext, identity, counter, rule); // break execution await ReturnQuotaExceededResponse(httpContext, rule, retryAfter); return; } } // if limit is zero or less, block the request. else { // process request count var counter = _processor.ProcessRequest(identity, rule); // log blocked request LogBlockedRequest(httpContext, identity, counter, rule); // break execution (Int32 max used to represent infinity) await ReturnQuotaExceededResponse(httpContext, rule, int.MaxValue.ToString(System.Globalization.CultureInfo.InvariantCulture)); return; } } //set X-Rate-Limit headers for the longest period if (rules.Any() && !_options.DisableRateLimitHeaders) { var rule = rules.OrderByDescending(x => x.PeriodTimespan.Value).First(); var headers = _processor.GetRateLimitHeaders(identity, rule); headers.Context = httpContext; httpContext.Response.OnStarting(SetRateLimitHeaders, state: headers); } await _next.Invoke(httpContext); }
public async Task Invoke(HttpContext httpContext) { // check if rate limiting is enabled if (_options == null) { await _next.Invoke(httpContext); return; } // compute identity from request var identity = SetIdentity(httpContext); _logger.LogInformation($"Identity; User:[{identity.ClientId}]; IP:[{identity.ClientIp}]"); // check white list if (_processor.IsWhitelisted(identity)) { await _next.Invoke(httpContext); return; } var rules = _processor.GetMatchingRules(identity); foreach (var rule in rules) { if (rule.Limit > 0) { // increment counter var counter = _processor.ProcessRequest(identity, rule); // check if key expired if (counter.Timestamp + rule.PeriodTimespan.Value < DateTime.UtcNow) { continue; } // check if limit is reached if (counter.TotalRequests > rule.Limit) { //compute retry after value var retryAfter = _processor.RetryAfterFrom(counter.Timestamp, rule); // log blocked request LogBlockedRequest(httpContext, identity, counter, rule); // break execution await ReturnQuotaExceededResponse(httpContext, rule, retryAfter); return; } } } //set X-Rate-Limit headers for the longest period if (rules.Any() && !_options.DisableRateLimitHeaders) { var rule = rules.OrderByDescending(x => x.PeriodTimespan.Value).First(); var headers = _processor.GetRateLimitHeaders(identity, rule); headers.Context = httpContext; httpContext.Response.OnStarting(SetRateLimitHeaders, state: headers); } await _next.Invoke(httpContext); }