feat(backend): add rate limiter middleware

bastean · Jan 28, 2024 · a6c1b2b · a6c1b2b
1 parent d9851aa
commit a6c1b2b
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 7 deletions.
diff --git a/src/apps/crud/backend/cmd/web/middleware/rateLimiter.go b/src/apps/crud/backend/cmd/web/middleware/rateLimiter.go
@@ -0,0 +1,31 @@
+package middleware
+
+import (
+	"net/http"
+	"time"
+
+	ratelimit "github.com/JGLTechnologies/gin-rate-limit"
+	"github.com/gin-gonic/gin"
+)
+
+func keyFunc(c *gin.Context) string {
+	return c.ClientIP()
+}
+
+func errorHandler(c *gin.Context, info ratelimit.Info) {
+	c.Status(http.StatusTooManyRequests)
+}
+
+func RateLimiter() gin.HandlerFunc {
+	store := ratelimit.InMemoryStore(&ratelimit.InMemoryOptions{
+		Rate:  time.Second,
+		Limit: 5,
+	})
+
+	limiter := ratelimit.RateLimiter(store, &ratelimit.Options{
+		ErrorHandler: errorHandler,
+		KeyFunc:      keyFunc,
+	})
+
+	return limiter
+}
diff --git a/src/apps/crud/backend/cmd/web/server/server.go b/src/apps/crud/backend/cmd/web/server/server.go
@@ -18,6 +18,8 @@ var server = gin.Default()
 func Init(files *embed.FS) *gin.Engine {
 	container.Logger.Info("starting server")
 
+	server.Use(middleware.RateLimiter())
+
 	templates := template.Must(template.ParseFS(files, "templates/**/*.html"))
 
 	server.SetHTMLTemplate(templates)

diff --git a/src/apps/crud/backend/go.mod b/src/apps/crud/backend/go.mod
@@ -9,9 +9,12 @@ require (
 )
 
 require (
+	github.com/JGLTechnologies/gin-rate-limit v1.5.4 // indirect
 	github.com/bytedance/sonic v1.10.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.1 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
@@ -28,6 +31,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
+	github.com/redis/go-redis/v9 v9.0.2 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
 	golang.org/x/arch v0.7.0 // indirect

diff --git a/src/apps/crud/backend/go.sum b/src/apps/crud/backend/go.sum
@@ -1,7 +1,11 @@
+github.com/JGLTechnologies/gin-rate-limit v1.5.4 h1:1hIaXIdGM9MZFZlXgjWJLpxaK0WHEa5MeloK49nmQsc=
+github.com/JGLTechnologies/gin-rate-limit v1.5.4/go.mod h1:mGEhNzlHEg/Tk+KH/mKylZLTfDjACnx7MVYaAlj07eU=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
 github.com/bytedance/sonic v1.10.2 h1:GQebETVBxYB7JGWJtLBi07OVzWwt+8dWA00gEVW2ZFE=
 github.com/bytedance/sonic v1.10.2/go.mod h1:iZcSUejdk5aukTND/Eu/ivjQuEL0Cu9/rf50Hi0u/g4=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
 github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
 github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d h1:77cEq6EriyTZ0g/qfRdp61a3Uu/AWrgIq2s0ClJV1g0=
@@ -12,6 +16,8 @@ github.com/chenzhuoyu/iasm v0.9.1/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLI
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gin-contrib/sessions v0.0.5 h1:CATtfHmLMQrMNpJRgzjWXD7worTh7g7ritsQfmF+0jE=
@@ -62,6 +68,8 @@ github.com/pelletier/go-toml/v2 v2.1.1 h1:LWAJwfNvjQZCFIDKWYQaM62NcYeYViCmWIwmOS
 github.com/pelletier/go-toml/v2 v2.1.1/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/redis/go-redis/v9 v9.0.2 h1:BA426Zqe/7r56kCcvxYLWe1mkaz71LKF77GwgFzSxfE=
+github.com/redis/go-redis/v9 v9.0.2/go.mod h1:/xDTe9EF1LM61hek62Poq2nzQSGj0xSrEtEHbBQevps=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=

diff --git a/src/contexts/crud/pkg/user/infrastructure/persistence/mongo.go b/src/contexts/crud/pkg/user/infrastructure/persistence/mongo.go
@@ -39,7 +39,7 @@ func (db UserCollection) Save(user *aggregate.User) {
 	}
 }
 
-func (mg UserCollection) Update(user *aggregate.User) {
+func (db UserCollection) Update(user *aggregate.User) {
 	updateFilter := bson.M{"id": user.Id.Value}
 
 	updateUser := bson.M{}
@@ -53,27 +53,27 @@ func (mg UserCollection) Update(user *aggregate.User) {
 	}
 
 	if user.Password != nil {
-		updateUser["password"] = mg.hashing.Hash(user.Password.Value)
+		updateUser["password"] = db.hashing.Hash(user.Password.Value)
 	}
 
-	_, err := mg.collection.UpdateOne(context.Background(), updateFilter, bson.M{"$set": updateUser})
+	_, err := db.collection.UpdateOne(context.Background(), updateFilter, bson.M{"$set": updateUser})
 
 	if err != nil {
 		panic(err)
 	}
 }
 
-func (mg UserCollection) Delete(id *sharedVO.Id) {
+func (db UserCollection) Delete(id *sharedVO.Id) {
 	deleteFilter := bson.M{"id": id.Value}
 
-	_, err := mg.collection.DeleteOne(context.Background(), deleteFilter)
+	_, err := db.collection.DeleteOne(context.Background(), deleteFilter)
 
 	if err != nil {
 		panic(err)
 	}
 }
 
-func (mg UserCollection) Search(filter repository.Filter) *aggregate.User {
+func (db UserCollection) Search(filter repository.Filter) *aggregate.User {
 	var searchFilter bson.M
 	var index string
 
@@ -87,7 +87,7 @@ func (mg UserCollection) Search(filter repository.Filter) *aggregate.User {
 		index = filter.Id.Value
 	}
 
-	result := mg.collection.FindOne(context.Background(), searchFilter)
+	result := db.collection.FindOne(context.Background(), searchFilter)
 
 	if err := result.Err(); err != nil {
 		persistence.HandleDocumentNotFound(index)