RHCLOUD-35234: Add rate limiting (#259)

skarekrow · web-flow · commit 1615117178a1 · 2025-10-01T15:40:42.000-05:00
* RHCLOUD-35234: Add rate limiting * Add to the clowdapp as well * Let's not make this a pointer. * Setup the rate limiter in tests
diff --git a/cmd/export-service/api_server.go b/cmd/export-service/api_server.go
@@ -33,6 +33,7 @@ import (
 	emiddleware "github.com/redhatinsights/export-service-go/middleware"
 	"github.com/redhatinsights/export-service-go/models"
 	es3 "github.com/redhatinsights/export-service-go/s3"
+	"golang.org/x/time/rate"
 )
 
 // func serveWeb(cfg *config.ExportConfig, consumers []services.ConsumerService) *http.Server {
@@ -179,6 +180,8 @@ func startApiServer(cfg *config.ExportConfig, log *zap.SugaredLogger) {
 		"exportableApplications", cfg.ExportableApplications,
 		"aws_uploader_buffer_size", cfg.StorageConfig.AwsUploaderBufferSize,
 		"aws_downloader_buffer_size", cfg.StorageConfig.AwsDownloaderBufferSize,
+		"rate_limit_rate", cfg.RateLimitConfig.Rate,
+		"rate_limit_burst", cfg.RateLimitConfig.Burst,
 	)
 
 	kafkaProducerMessagesChan := make(chan *kafka.Message) // TODO: determine an appropriate buffer (if one is actually necessary)
@@ -212,12 +215,14 @@ func startApiServer(cfg *config.ExportConfig, log *zap.SugaredLogger) {
 		}),
 	}
 
+	rateLimiter := rate.NewLimiter(rate.Limit(cfg.RateLimitConfig.Rate), cfg.RateLimitConfig.Burst)
 	external := exports.Export{
 		Bucket:              cfg.StorageConfig.Bucket,
 		StorageHandler:      &storageHandler,
 		DB:                  &models.ExportDB{DB: DB, Cfg: cfg},
 		RequestAppResources: kafkaRequestAppResources,
 		Log:                 log,
+		RateLimiter:         rateLimiter,
 	}
 	wsrv := createPublicServer(cfg, external)
 
diff --git a/config/config.go b/config/config.go
@@ -33,6 +33,7 @@ type ExportConfig struct {
 	DBConfig                      dbConfig
 	StorageConfig                 storageConfig
 	KafkaConfig                   kafkaConfig
+	RateLimitConfig               rateLimitConfig
 	OpenAPIPrivatePath            string
 	OpenAPIPublicPath             string
 	Psks                          []string
@@ -92,6 +93,11 @@ type storageConfig struct {
 	AwsDownloaderBufferSize int64
 }
 
+type rateLimitConfig struct {
+	Rate  int
+	Burst int
+}
+
 var (
 	config *ExportConfig
 	doOnce sync.Once
@@ -142,6 +148,10 @@ func Get() *ExportConfig {
 		options.SetDefault("AWS_UPLOADER_BUFFER_SIZE", 10*1024*1024)
 		options.SetDefault("AWS_DOWNLOADER_BUFFER_SIZE", 10*1024*1024)
 
+		// Rate limit defaults
+		options.SetDefault("RATE_LIMIT_RATE", 100)
+		options.SetDefault("RATE_LIMIT_BURST", 60)
+
 		options.AutomaticEnv()
 
 		kubenv := viper.New()
@@ -200,6 +210,11 @@ func Get() *ExportConfig {
 			EventSchema:      options.GetString("KAFKA_EVENT_SCHEMA"),
 		}
 
+		config.RateLimitConfig = rateLimitConfig{
+			Rate:  options.GetInt("RATE_LIMIT_RATE"),
+			Burst: options.GetInt("RATE_LIMIT_BURST"),
+		}
+
 		if clowder.IsClowderEnabled() {
 			cfg := clowder.LoadedConfig
 
diff --git a/deploy/clowdapp.yaml b/deploy/clowdapp.yaml
@@ -90,6 +90,10 @@ objects:
                 value: ${PRIVATE_HTTP_SERVER_READ_TIMEOUT}
               - name: PRIVATE_HTTP_SERVER_WRITE_TIMEOUT
                 value: ${PRIVATE_HTTP_SERVER_WRITE_TIMEOUT}
+              - name: RATE_LIMIT_RATE
+                value: ${RATE_LIMIT_RATE}
+              - name: RATE_LIMIT_BURST
+                value: ${RATE_LIMIT_BURST}
             initContainers:
               - args:
                   - export-service
@@ -259,3 +263,7 @@ parameters:
     value: "5s"
   - name: PRIVATE_HTTP_SERVER_WRITE_TIMEOUT
     value: "10s"
+  - name: RATE_LIMIT_RATE
+    value: "100"
+  - name: RATE_LIMIT_BURST
+    value: "60"
diff --git a/exports/exports.go b/exports/exports.go
@@ -21,6 +21,7 @@ import (
 	"github.com/redhatinsights/export-service-go/middleware"
 	"github.com/redhatinsights/export-service-go/models"
 	es3 "github.com/redhatinsights/export-service-go/s3"
+	"golang.org/x/time/rate"
 )
 
 // Export holds any dependencies necessary for the external api endpoints
@@ -30,6 +31,7 @@ type Export struct {
 	DB                  models.DBInterface
 	Log                 *zap.SugaredLogger
 	RequestAppResources RequestApplicationResources
+	RateLimiter         *rate.Limiter
 }
 
 // ExportRouter is a router for all of the external routes for the /exports endpoint.
@@ -61,8 +63,15 @@ func (e *Export) PostExport(w http.ResponseWriter, r *http.Request) {
 
 	logger := e.Log.With(export_logger.RequestIDField(reqID), export_logger.OrgIDField(user.OrganizationID))
 
+	err := e.RateLimiter.Wait(r.Context())
+	if err != nil {
+		logger.Errorw("Rate limit reached", "error", err)
+		InternalServerError(w, err)
+		return
+	}
+
 	var apiExport ExportPayload
-	err := json.NewDecoder(r.Body).Decode(&apiExport)
+	err = json.NewDecoder(r.Body).Decode(&apiExport)
 	if err != nil {
 		logger.Errorw("error while parsing params", "error", err)
 		BadRequestError(w, err.Error())
@@ -148,6 +157,13 @@ func (e *Export) ListExports(w http.ResponseWriter, r *http.Request) {
 
 	logger := e.Log.With(export_logger.RequestIDField(reqID), export_logger.OrgIDField(user.OrganizationID))
 
+	err := e.RateLimiter.Wait(r.Context())
+	if err != nil {
+		logger.Errorw("Rate limit reached", "error", err)
+		InternalServerError(w, err)
+		return
+	}
+
 	q := r.URL.Query()
 
 	params, err := initQuery(q)
@@ -190,6 +206,13 @@ func (e *Export) GetExport(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	err := e.RateLimiter.Wait(r.Context())
+	if err != nil {
+		logger.Errorw("Rate limit reached", "error", err)
+		InternalServerError(w, err)
+		return
+	}
+
 	if export.Status != models.Complete && export.Status != models.Partial {
 		logger.Infof("'%s' not ready for download", export.ID)
 		BadRequestError(w, fmt.Sprintf("'%s' is not ready for download", export.ID))
@@ -231,6 +254,13 @@ func (e *Export) DeleteExport(w http.ResponseWriter, r *http.Request) {
 
 	logger := e.Log.With(export_logger.RequestIDField(reqID), export_logger.ExportIDField(uid), export_logger.OrgIDField(user.OrganizationID))
 
+	err = e.RateLimiter.Wait(r.Context())
+	if err != nil {
+		logger.Errorw("Rate limit reached", "error", err)
+		InternalServerError(w, err)
+		return
+	}
+
 	modelUser := mapUsertoModelUser(user)
 
 	if err := e.DB.Delete(exportUUID, modelUser); err != nil {
@@ -253,6 +283,13 @@ func (e *Export) GetExportStatus(w http.ResponseWriter, r *http.Request) {
 
 	logger := e.Log.With(export_logger.RequestIDField(reqID), export_logger.OrgIDField(user.OrganizationID))
 
+	err := e.RateLimiter.Wait(r.Context())
+	if err != nil {
+		logger.Errorw("Rate limit reached", "error", err)
+		InternalServerError(w, err)
+		return
+	}
+
 	export := e.getExportWithUser(w, r, logger)
 	if export == nil {
 		return
diff --git a/exports/exports_test.go b/exports/exports_test.go
@@ -25,6 +25,7 @@ import (
 	emiddleware "github.com/redhatinsights/export-service-go/middleware"
 	"github.com/redhatinsights/export-service-go/models"
 	es3 "github.com/redhatinsights/export-service-go/s3"
+	"golang.org/x/time/rate"
 )
 
 const (
@@ -590,6 +591,7 @@ func setupTest(requestAppResources exports.RequestApplicationResources) chi.Rout
 	var router *chi.Mux
 	config := config.Get()
 	log := logger.Get()
+	rateLimiter := rate.NewLimiter(rate.Limit(config.RateLimitConfig.Rate), config.RateLimitConfig.Burst)
 
 	fmt.Println("STARTING TEST")
 
@@ -599,6 +601,7 @@ func setupTest(requestAppResources exports.RequestApplicationResources) chi.Rout
 		DB:                  &models.ExportDB{DB: testGormDB, Cfg: config},
 		RequestAppResources: requestAppResources,
 		Log:                 log,
+		RateLimiter:         rateLimiter,
 	}
 
 	router = chi.NewRouter()
diff --git a/exports/internal_test.go b/exports/internal_test.go
@@ -20,11 +20,13 @@ import (
 	emiddleware "github.com/redhatinsights/export-service-go/middleware"
 	"github.com/redhatinsights/export-service-go/models"
 	es3 "github.com/redhatinsights/export-service-go/s3"
+	"golang.org/x/time/rate"
 )
 
 var _ = Context("Set up internal handler", func() {
 	cfg := config.Get()
 	log := logger.Get()
+	rateLimiter := rate.NewLimiter(rate.Limit(cfg.RateLimitConfig.Rate), cfg.RateLimitConfig.Burst)
 
 	var internalHandler *exports.Internal
 	var router *chi.Mux
@@ -46,6 +48,7 @@ var _ = Context("Set up internal handler", func() {
 			DB:                  &models.ExportDB{DB: testGormDB, Cfg: cfg},
 			RequestAppResources: mockKafkaCall,
 			Log:                 log,
+			RateLimiter:         rateLimiter,
 		}
 
 		router = chi.NewRouter()
diff --git a/go.mod b/go.mod
@@ -25,6 +25,7 @@ require (
 	github.com/spf13/cobra v1.1.3
 	github.com/spf13/viper v1.11.0
 	go.uber.org/zap v1.26.0
+	golang.org/x/time v0.5.0
 	gorm.io/datatypes v1.0.6
 	gorm.io/driver/postgres v1.3.4
 	gorm.io/gorm v1.23.4
diff --git a/go.sum b/go.sum
@@ -965,6 +965,8 @@ golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
