From fceb298744c7a6d087604178aacff049166e10fc Mon Sep 17 00:00:00 2001 From: Aleksandr Soloshenko Date: Wed, 12 Mar 2025 17:31:20 +0700 Subject: [PATCH] [api] move devices registration rate limit to Traefik --- deployments/docker-swarm-terraform/main.tf | 75 ++++++++++++++++++++-- internal/sms-gateway/handlers/mobile.go | 2 - 2 files changed, 69 insertions(+), 8 deletions(-) diff --git a/deployments/docker-swarm-terraform/main.tf b/deployments/docker-swarm-terraform/main.tf index 055a555..c0a078b 100644 --- a/deployments/docker-swarm-terraform/main.tf +++ b/deployments/docker-swarm-terraform/main.tf @@ -68,6 +68,32 @@ resource "docker_service" "app" { label = "traefik.docker.network" value = data.docker_network.proxy.name } + + #region rate-limit_5-per-1m Middleware + labels { + label = "traefik.http.middlewares.rate-limit_5-per-1m.ratelimit.average" + value = "5" + } + + labels { + label = "traefik.http.middlewares.rate-limit_5-per-1m.ratelimit.period" + value = "1m" + } + + labels { + label = "traefik.http.middlewares.rate-limit_5-per-1m.ratelimit.sourcecriterion.ipstrategy.depth" + value = "1" + } + #endregion + + #region Add Prefix Middleware + labels { + label = "traefik.http.middlewares.${var.app-name}-new-addprefix.addprefix.prefix" + value = "/api" + } + #endregion + + #region Deprecated labels { label = "traefik.http.routers.${var.app-name}.rule" value = "Host(`${var.app-host}`) && PathPrefix(`/api`)" @@ -80,10 +106,31 @@ resource "docker_service" "app" { label = "traefik.http.routers.${var.app-name}.tls.certresolver" value = "le" } + #endregion + #region Deprecated Limited labels { - label = "traefik.http.middlewares.${var.app-name}-new-addprefix.addprefix.prefix" - value = "/api" + label = "traefik.http.routers.${var.app-name}_limited.rule" + value = "Host(`${var.app-host}`) && PathPrefix(`/api/mobile/v1/device`) && Method(`POST`)" + } + labels { + label = "traefik.http.routers.${var.app-name}_limited.middlewares" + value = "rate-limit_5-per-1m" + } + labels { + label = "traefik.http.routers.${var.app-name}_limited.entrypoints" + value = "https" + } + labels { + label = "traefik.http.routers.${var.app-name}_limited.tls.certresolver" + value = "le" + } + #endregion + + #region Primary + labels { + label = "traefik.http.routers.${var.app-name}-new.rule" + value = "Host(`api.sms-gate.app`)" } labels { label = "traefik.http.routers.${var.app-name}-new.entrypoints" @@ -93,14 +140,30 @@ resource "docker_service" "app" { label = "traefik.http.routers.${var.app-name}-new.middlewares" value = "${var.app-name}-new-addprefix" } - labels { - label = "traefik.http.routers.${var.app-name}-new.rule" - value = "Host(`api.sms-gate.app`)" - } labels { label = "traefik.http.routers.${var.app-name}-new.tls.certresolver" value = "le" } + #endregion + + #region Primary Limited + labels { + label = "traefik.http.routers.${var.app-name}-new_limited.rule" + value = "Host(`api.sms-gate.app`) && PathPrefix(`/mobile/v1/device`) && Method(`POST`)" + } + labels { + label = "traefik.http.routers.${var.app-name}-new_limited.entrypoints" + value = "https" + } + labels { + label = "traefik.http.routers.${var.app-name}-new_limited.middlewares" + value = "rate-limit_5-per-1m,${var.app-name}-new-addprefix" + } + labels { + label = "traefik.http.routers.${var.app-name}-new_limited.tls.certresolver" + value = "le" + } + #endregion labels { label = "traefik.http.services.${var.app-name}.loadbalancer.server.port" diff --git a/internal/sms-gateway/handlers/mobile.go b/internal/sms-gateway/handlers/mobile.go index e0b7666..6cabfc2 100644 --- a/internal/sms-gateway/handlers/mobile.go +++ b/internal/sms-gateway/handlers/mobile.go @@ -19,7 +19,6 @@ import ( "github.com/go-playground/validator/v10" "github.com/gofiber/fiber/v2" "github.com/gofiber/fiber/v2/middleware/keyauth" - "github.com/gofiber/fiber/v2/middleware/limiter" "github.com/jaevor/go-nanoid" "go.uber.org/fx" "go.uber.org/zap" @@ -232,7 +231,6 @@ func (h *mobileHandler) Register(router fiber.Router) { router = router.Group("/mobile/v1") router.Post("/device", - limiter.New(), userauth.New(h.authSvc), keyauth.New(keyauth.Config{ Next: func(c *fiber.Ctx) bool {