Commit 4655c91a authored by Georg Mittendorfer's avatar Georg Mittendorfer

Don't count command specific rate limit weight for global rate limit. Add test...

Don't count command specific rate limit weight for global rate limit. Add test case that only rate limited command content is analyzed.
parent 3e164c0c
Pipeline #60155755 passed with stage
in 4 minutes and 6 seconds
......@@ -121,7 +121,6 @@ public class IriApiHandler {
RateLimiter rateLimiter = rateLimitOperations.rateLimiter(ip, command.getCommand());
RateLimiter globalLimiter = rateLimitOperations.globalRateLimiter();
rateLimitOperations.applyContentSpecificRateLimitWeight(command, rateLimiter);
rateLimitOperations.applyContentSpecificRateLimitWeight(command, globalLimiter); // FIXME don't apply for global limit. Too difficult to configure properly.
responseEntityMono = responseEntityMono
......@@ -77,7 +77,6 @@ public class RateLimitOperations {
Objects.requireNonNull(rateLimiter, "No rate limiter. Command: " + command.getCommand() + "");
// TODO add test that only rate limited commands apply weight. otherwise configuration would get too difficult. e.g. what would be global ip limit per second?
if (rateLimitedCommands.contains(command.getCommand())) {
int weight = command.getRateLimitCount();
if (weight > 1) {
......@@ -220,7 +220,8 @@ public class IriApiHandlerTest {
verify(rateLimitOperations).applyContentSpecificRateLimitWeight(command, dummyLimiter);
verify(rateLimitOperations).applyContentSpecificRateLimitWeight(command, dummyGlobalLimiter);
// global rate limits should be configured on per command basis
verify(rateLimitOperations, never()).applyContentSpecificRateLimitWeight(command, dummyGlobalLimiter);
......@@ -92,6 +92,32 @@ public class RateLimitOperationsTest {
assertThat(limiter.getMetrics().getAvailablePermissions()).isZero(); // content specific limit - 1
public void givenNoRateLimitedCommandWhenApplyContentSpecificRateLimitThenDoNothing() {
// Explanation why we do not want to apply the weight in this case:
// if command is not rate limited it should be easy to calculate rate limits for global and per ip limiting
// therefore we exclude not rate limited commands from this complicated calculation. for example if
// wereAddressesSpentFrom is not limited it is difficult to say how many checked addresses are feasible for a
// non malicious client and how that correlates to global limits.
// malicious clients should be restricted by specifying max values in this case or a rate limiting configuration
// should be added.
RateLimiter limiter = RateLimiter.of("some-limiter", RateLimiterConfig.custom()
IriCommand command = mock(IriCommand.class);
RateLimitOperations op = new RateLimitOperations(env, rateLimiterFactory);
op.applyContentSpecificRateLimitWeight(command, limiter);
assertThat(limiter.getMetrics().getAvailablePermissions()).isEqualTo(5); // no decrease happened
public void whenApplyRateLimitWeightThenDecreaseLimit() {
when(rateLimiterFactory.getListOfRateLimitedCommands()).thenReturn(Collections.singleton("some")); // needed for init
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment