internal bool IsWhitelisted(RequestIdentity requestIdentity)
{
if (Policy.IpThrottling)
{
if (Policy.IpWhitelist != null && ContainsIp(Policy.IpWhitelist, requestIdentity.ClientIp))
{
return true;
}
}
if (Policy.ClientThrottling)
{
if (Policy.ClientWhitelist != null && Policy.ClientWhitelist.Contains(requestIdentity.ClientKey))
{
return true;
}
}
if (Policy.EndpointThrottling)
{
if (Policy.EndpointWhitelist != null
&& Policy.EndpointWhitelist.Any(x => requestIdentity.Endpoint.Contains(x.ToLowerInvariant())))
{
return true;
}
}
return false;
}
protected virtual RequestIdentity SetIndentity(HttpRequestMessage request)
{
var entry = new RequestIdentity();
entry.ClientIp = core.GetClientIp(request).ToString();
entry.Endpoint = request.RequestUri.AbsolutePath.ToLowerInvariant();
entry.ClientKey = request.Headers.Contains("Authorization-Token") ? request.Headers.GetValues("Authorization-Token").First() : "anon";
return(entry);
}
protected virtual RequestIdentity SetIdentity(IOwinRequest request)
{
var entry = new RequestIdentity();
entry.ClientIp = request.RemoteIpAddress;
entry.Endpoint = request.Uri.AbsolutePath.ToLowerInvariant();
entry.ClientKey = request.Headers.Keys.Contains("Authorization-Token")
? request.Headers.GetValues("Authorization-Token").First()
: "anon";
return(entry);
}
public bool Match(RequestIdentity request)
{
if (!pathRegex.IsMatch(request.Endpoint))
{
return(false);
}
if (method != null && method != request.Method)
{
return(false);
}
return(true);
}
internal ThrottleLogEntry ComputeLogEntry(string requestId, RequestIdentity identity, ThrottleCounter throttleCounter, string rateLimitPeriod, long rateLimit, HttpRequestMessage request)
{
return(new ThrottleLogEntry
{
ClientIp = identity.ClientIp,
ClientKey = identity.ClientKey,
Endpoint = identity.Endpoint,
LogDate = DateTime.UtcNow,
RateLimit = rateLimit,
RateLimitPeriod = rateLimitPeriod,
RequestId = requestId,
StartPeriod = throttleCounter.Timestamp,
TotalRequests = throttleCounter.TotalRequests,
Request = request
});
}
internal ThrottleLogEntry ComputeLogEntry(string requestId, RequestIdentity identity, ThrottleCounter throttleCounter, string rateLimitPeriod, long rateLimit, HttpRequestMessage request)
{
return new ThrottleLogEntry
{
ClientIp = identity.ClientIp,
ClientKey = identity.ClientKey,
Endpoint = identity.Endpoint,
LogDate = DateTime.UtcNow,
RateLimit = rateLimit,
RateLimitPeriod = rateLimitPeriod,
RequestId = requestId,
StartPeriod = throttleCounter.Timestamp,
TotalRequests = throttleCounter.TotalRequests,
Request = request
};
}
internal ThrottleCounter ProcessRequest(RequestIdentity requestIdentity, TimeSpan timeSpan, RateLimitPeriod period, long rateLimit, long suspendTime, out string id)
{
var throttleCounter = new ThrottleCounter()
{
Timestamp = DateTime.UtcNow,
TotalRequests = 1
};
id = ComputeThrottleKey(requestIdentity, period);
TimeSpan suspendSpan = TimeSpan.FromSeconds(0);
// serial reads and writes
lock (ProcessLocker)
{
var entry = Repository.FirstOrDefault(id);
if (entry.HasValue)
{
var timeStamp = entry.Value.Timestamp;
if (entry.Value.TotalRequests >= rateLimit && suspendTime > 0)
{
timeSpan = GetSuspendSpanFromPeriod(period, timeSpan, suspendTime);
}
// entry has not expired
if (entry.Value.Timestamp + timeSpan >= DateTime.UtcNow)
{
// increment request count
var totalRequests = entry.Value.TotalRequests + 1;
// deep copy
throttleCounter = new ThrottleCounter
{
Timestamp = timeStamp,
TotalRequests = totalRequests
};
}
}
// stores: id (string) - timestamp (datetime) - total (long)
Repository.Save(id, throttleCounter, timeSpan);
}
return(throttleCounter);
}
internal void ApplyRules(RequestIdentity identity, TimeSpan timeSpan, RateLimitPeriod rateLimitPeriod, ref long rateLimit)
{
// apply endpoint rate limits
if (Policy.EndpointRules != null)
{
var rules = Policy.EndpointRules.Where(x => identity.Endpoint.IndexOf(x.Key, 0, StringComparison.InvariantCultureIgnoreCase) != -1).ToList();
//var rules = Policy.EndpointRules.Where(x => Regex.IsMatch(identity.Endpoint, x.Key, RegexOptions.IgnoreCase)).ToList();
if (rules.Any())
{
// get the lower limit from all applying rules
var customRate = (from r in rules let rateValue = r.Value.GetLimit(rateLimitPeriod) select rateValue).Min();
if (customRate > 0)
{
rateLimit = customRate;
}
}
}
// apply custom rate limit for clients that will override endpoint limits
if (Policy.ClientRules != null && Policy.ClientRules.Keys.Contains(identity.ClientKey))
{
var limit = Policy.ClientRules[identity.ClientKey].GetLimit(rateLimitPeriod);
if (limit > 0)
{
rateLimit = limit;
}
}
// enforce ip rate limit as is most specific
string ipRule = null;
if (Policy.IpRules != null && ContainsIp(Policy.IpRules.Keys.ToList(), identity.ClientIp, out ipRule))
{
var limit = Policy.IpRules[ipRule].GetLimit(rateLimitPeriod);
if (limit > 0)
{
rateLimit = limit;
}
}
}
internal void ApplyRules(RequestIdentity identity, TimeSpan timeSpan, RateLimitPeriod rateLimitPeriod, ref long rateLimit)
{
// apply endpoint rate limits
if (Policy.EndpointRules != null)
{
var rules = Policy.EndpointRules.Where(x => x.Match(identity)).ToList();
if (rules.Any())
{
// get the lower limit from all applying rules
var customRate = (from r in rules let rateValue = r.limits.GetLimit(rateLimitPeriod) select rateValue).Min();
if (customRate > 0)
{
rateLimit = customRate;
}
}
}
// apply custom rate limit for clients that will override endpoint limits
if (Policy.ClientRules != null && Policy.ClientRules.Keys.Contains(identity.ClientKey))
{
var limit = Policy.ClientRules[identity.ClientKey].GetLimit(rateLimitPeriod);
if (limit > 0)
{
rateLimit = limit;
}
}
// enforce ip rate limit as is most specific
string ipRule = null;
if (Policy.IpRules != null && ContainsIp(Policy.IpRules.Keys.ToList(), identity.ClientIp, out ipRule))
{
var limit = Policy.IpRules[ipRule].GetLimit(rateLimitPeriod);
if (limit > 0)
{
rateLimit = limit;
}
}
}
internal void ApplyRules(RequestIdentity identity, TimeSpan timeSpan, RateLimitPeriod rateLimitPeriod, ref long rateLimit)
{
// apply endpoint rate limits
if (Policy.EndpointRules != null)
{
var rules = Policy.EndpointRules.Where(x => identity.EndpointWithMethod.Contains(x.Key.ToLowerInvariant())).ToList();
if (rules.Any())
{
// get the lower limit from all applying rules
var customRate = (from r in rules let rateValue = r.Value.GetLimit(rateLimitPeriod) select rateValue).Min();
if (customRate > 0)
{
rateLimit = customRate;
}
}
}
// apply custom rate limit for clients that will override endpoint limits
if (Policy.ClientRules != null && Policy.ClientRules.Keys.Contains(identity.ClientKey))
{
var limit = Policy.ClientRules[identity.ClientKey].GetLimit(rateLimitPeriod);
if (limit > 0)
{
rateLimit = limit;
}
}
// enforce ip rate limit as is most specific
string ipRule = null;
if (Policy.IpRules != null && ContainsIp(Policy.IpRules.Keys.ToList(), identity.ClientIp, out ipRule))
{
var limit = Policy.IpRules[ipRule].GetLimit(rateLimitPeriod);
if (limit > 0)
{
rateLimit = limit;
}
}
}
internal string ComputeThrottleKey(RequestIdentity requestIdentity, RateLimitPeriod period)
{
var keyValues = new List <string>()
{
ThrottleManager.GetThrottleKey()
};
if (Policy.IpThrottling)
{
keyValues.Add(requestIdentity.ClientIp);
}
if (Policy.ClientThrottling)
{
keyValues.Add(requestIdentity.ClientKey);
}
if (Policy.EndpointThrottling)
{
keyValues.Add(requestIdentity.Endpoint);
}
keyValues.Add(period.ToString());
var id = string.Join("_", keyValues);
var idBytes = Encoding.UTF8.GetBytes(id);
byte[] hashBytes;
using (var algorithm = System.Security.Cryptography.SHA1.Create())
{
hashBytes = algorithm.ComputeHash(idBytes);
}
var hex = BitConverter.ToString(hashBytes).Replace("-", string.Empty);
return(hex);
}
internal ThrottleCounter ProcessRequest(RequestIdentity requestIdentity, TimeSpan timeSpan, RateLimitPeriod period, out string id)
{
var throttleCounter = new ThrottleCounter()
{
Timestamp = DateTime.UtcNow,
TotalRequests = 1
};
id = ComputeThrottleKey(requestIdentity, period);
// serial reads and writes
lock (ProcessLocker)
{
var entry = Repository.FirstOrDefault(id);
if (entry.HasValue)
{
// entry has not expired
if (entry.Value.Timestamp + timeSpan >= DateTime.UtcNow)
{
// increment request count
var totalRequests = entry.Value.TotalRequests + 1;
// deep copy
throttleCounter = new ThrottleCounter
{
Timestamp = entry.Value.Timestamp,
TotalRequests = totalRequests
};
}
}
// stores: id (string) - timestamp (datetime) - total (long)
Repository.Save(id, throttleCounter, timeSpan, requestIdentity.ClientKey);
}
return(throttleCounter);
}
protected virtual string ComputeThrottleKey(RequestIdentity requestIdentity, RateLimitPeriod period)
{
var keyValues = new List<string>()
{
"throttle"
};
if (Policy.IpThrottling)
keyValues.Add(requestIdentity.ClientIp);
if (Policy.ClientThrottling)
keyValues.Add(requestIdentity.ClientKey);
if (Policy.EndpointThrottling)
keyValues.Add(requestIdentity.Endpoint);
keyValues.Add(period.ToString());
var id = string.Join("_", keyValues);
var idBytes = Encoding.UTF8.GetBytes(id);
var hashBytes = new System.Security.Cryptography.SHA1Managed().ComputeHash(idBytes);
var hex = BitConverter.ToString(hashBytes).Replace("-", "");
return hex;
}
internal string ComputeThrottleKey(RequestIdentity requestIdentity, RateLimitPeriod period)
{
var keyValues = new List<string>()
{
ThrottleManager.GetThrottleKey()
};
if (Policy.IpThrottling)
{
keyValues.Add(requestIdentity.ClientIp);
}
if (Policy.ClientThrottling)
{
keyValues.Add(requestIdentity.ClientKey);
}
if (Policy.EndpointThrottling)
{
keyValues.Add(requestIdentity.Endpoint);
}
keyValues.Add(period.ToString());
var id = string.Join("_", keyValues);
var idBytes = Encoding.UTF8.GetBytes(id);
byte[] hashBytes;
using (var algorithm = System.Security.Cryptography.HashAlgorithm.Create("SHA1"))
{
hashBytes = algorithm.ComputeHash(idBytes);
}
var hex = BitConverter.ToString(hashBytes).Replace("-", string.Empty);
return hex;
}
protected virtual string ComputeThrottleKey(RequestIdentity requestIdentity, RateLimitPeriod period)
{
return core.ComputeThrottleKey(requestIdentity, period);
}
protected virtual RequestIdentity SetIndentity(HttpRequestMessage request)
{
var entry = new RequestIdentity();
entry.ClientIp = core.GetClientIp(request).ToString();
entry.Endpoint = request.RequestUri.AbsolutePath.ToLowerInvariant();
entry.ClientKey = request.Headers.Contains("Authorization-Token") ? request.Headers.GetValues("Authorization-Token").First() : "anon";
return entry;
}
private ThrottleCounter ProcessRequest(RequestIdentity requestIdentity, TimeSpan timeSpan, RateLimitPeriod period, out string id)
{
var throttleCounter = new ThrottleCounter()
{
Timestamp = DateTime.UtcNow,
TotalRequests = 1
};
id = ComputeThrottleKey(requestIdentity, period);
//serial reads and writes
lock (_processLocker)
{
var entry = Repository.FirstOrDefault(id);
if (entry.HasValue)
{
//entry has not expired
if (entry.Value.Timestamp + timeSpan >= DateTime.UtcNow)
{
//increment request count
var totalRequests = entry.Value.TotalRequests + 1;
//deep copy
throttleCounter = new ThrottleCounter
{
Timestamp = entry.Value.Timestamp,
TotalRequests = totalRequests
};
}
}
//stores: id (string) - timestamp (datetime) - total (long)
Repository.Save(id, throttleCounter, timeSpan);
}
return throttleCounter;
}
internal bool IsEndpointMonitored(RequestIdentity identity)
{
var endpoints = Policy.Endpoints.Where(x => Regex.IsMatch(identity.Endpoint, x, RegexOptions.IgnoreCase)).ToList();
return(endpoints.Any());
}
internal bool IsWhitelisted(RequestIdentity requestIdentity)
{
if (requestIdentity.ForceWhiteList)
{
return true;
}
if (Policy.IpThrottling)
{
if (Policy.IpWhitelist != null && ContainsIp(Policy.IpWhitelist, requestIdentity.ClientIp))
{
return true;
}
}
if (Policy.ClientThrottling)
{
if (Policy.ClientWhitelist != null && Policy.ClientWhitelist.Contains(requestIdentity.ClientKey))
{
return true;
}
}
if (Policy.EndpointThrottling)
{
if (Policy.EndpointWhitelist != null
&& Policy.EndpointWhitelist.Any(x => requestIdentity.Endpoint.IndexOf(x, 0, StringComparison.InvariantCultureIgnoreCase) != -1))
{
return true;
}
}
return false;
}
internal string ComputeThrottleKey(RequestIdentity requestIdentity, RateLimitPeriod period)
{
var keyValues = new List<string>()
{
ThrottleManager.GetThrottleKey()
};
if (Policy.IpThrottling)
{
keyValues.Add(requestIdentity.ClientIp);
}
if (Policy.ClientThrottling)
{
keyValues.Add(requestIdentity.ClientKey);
}
if (Policy.EndpointThrottling)
{
if (Policy.EndpointThrottleMethod == EndpointThrottlingMethod.Action &&
!string.IsNullOrWhiteSpace(requestIdentity.ActionName) &&
!string.IsNullOrWhiteSpace(requestIdentity.ControllerName))
{
//TODO: think of a better way to do this
keyValues.Add(requestIdentity.ControllerName + "." + requestIdentity.ActionName);
}
else if (Policy.EndpointThrottleMethod == EndpointThrottlingMethod.Url)
{
keyValues.Add(requestIdentity.Endpoint);
}
}
keyValues.Add(period.ToString());
var id = string.Join("_", keyValues);
var idBytes = Encoding.UTF8.GetBytes(id);
byte[] hashBytes;
using (var algorithm = System.Security.Cryptography.HashAlgorithm.Create("SHA1"))
{
hashBytes = algorithm.ComputeHash(idBytes);
}
var hex = BitConverter.ToString(hashBytes).Replace("-", string.Empty);
return hex;
}
protected virtual RequestIdentity SetIndentity(IOwinRequest request)
{
var entry = new RequestIdentity();
entry.ClientIp = request.RemoteIpAddress;
entry.Endpoint = request.Uri.AbsolutePath.ToLowerInvariant();
entry.ClientKey = request.Headers.Keys.Contains("Authorization-Token")
? request.Headers.GetValues("Authorization-Token").First()
: "anon";
return entry;
}
protected virtual RequestIdentity SetIndentity(HttpRequestMessage request)
{
var entry = new RequestIdentity();
entry.ClientIp = core.GetClientIp(request).ToString();
entry.Endpoint = request.RequestUri.AbsolutePath.ToLowerInvariant();
entry.ClientKey = request.Headers.Contains("Authorization-Token") ? request.Headers.GetValues("Authorization-Token").First() : "anon";
var actionDescriptor = request.GetActionDescriptor();
if (actionDescriptor == null)
return entry;
entry.ActionName = actionDescriptor.ActionName;
if(actionDescriptor.ControllerDescriptor != null)
entry.ControllerName = actionDescriptor.ControllerDescriptor.ControllerName;
return entry;
}
protected virtual string ComputeThrottleKey(RequestIdentity requestIdentity, RateLimitPeriod period)
{
return(core.ComputeThrottleKey(requestIdentity, period));
}
private bool IsWhitelisted(RequestIdentity requestIdentity)
{
if (Policy.IpThrottling)
if (Policy.IpWhitelist != null && ContainsIp(Policy.IpWhitelist, requestIdentity.ClientIp))
return true;
if (Policy.ClientThrottling)
if (Policy.ClientWhitelist != null && Policy.ClientWhitelist.Contains(requestIdentity.ClientKey))
return true;
if (Policy.EndpointThrottling)
if (Policy.EndpointWhitelist != null && Policy.EndpointWhitelist.Any(x => requestIdentity.Endpoint.Contains(x)))
return true;
return false;
}
