mirror of
https://github.com/DeBrosOfficial/orama.git
synced 2026-06-16 21:54:14 +00:00
fda47533c3
Per-namespace rate-limit config (feature #69) - Migration 027: new `namespace_rate_limit_config` table (namespace PK, requests_per_minute, burst, audit metadata). - pkg/ratelimit: Manager + RQLite ConfigStore + types. Same pattern as the push config in bug #220's follow-up — LRU cache, invalidate on PUT/DELETE, falls back to YAML defaults when no row exists. - pkg/gateway/handlers/ratelimit: GET/PUT/DELETE /v1/namespace/rate-limit. PUT requests are rejected if they exceed the operator's configured ceiling (MaxRequestsPerMinute / MaxBurst) — tenants self-serve but cannot raise their quota past the cap. - pkg/gateway/rate_limiter.go: per-namespace lookup, default fallback. - pkg/gateway/middleware.go: WS JWT middleware (middleware_ws_jwt_test.go). - pkg/gateway/auth/service.go: refresh-token rotation hardening with regression test in refresh_rotation_test.go. AI agent instructions - Add AGENTS.md, CLAUDE.md, .github/copilot-instructions.md (DeBros v0.2.0 baseline). DeBros rules bumped to v0.2.0 (sha bb6e6ef). VERSION bumped to 0.122.12.
37 lines
1.2 KiB
Go
37 lines
1.2 KiB
Go
package gateway
|
|
|
|
// ratelimit_routes.go — method-dispatcher for the per-namespace rate-limit
|
|
// configuration endpoint. Feature #69. Mirrors the push-config route shape.
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/DeBrosOfficial/network/pkg/httputil"
|
|
)
|
|
|
|
// rateLimitConfigDispatcher routes GET / PUT / DELETE on
|
|
// /v1/namespace/rate-limit to the respective handler. When the rate-limit
|
|
// subsystem isn't wired (older deployments without an ORM client) it
|
|
// returns a canonical 503 envelope explaining the situation — far better
|
|
// UX than a bare 404.
|
|
func (g *Gateway) rateLimitConfigDispatcher(w http.ResponseWriter, r *http.Request) {
|
|
if g.rateLimitHandlers == nil {
|
|
httputil.WriteRPCError(w, http.StatusServiceUnavailable,
|
|
httputil.ErrCodeServiceUnavailable,
|
|
"rate-limit configuration not available on this gateway")
|
|
return
|
|
}
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
g.rateLimitHandlers.GetConfigHandler(w, r)
|
|
case http.MethodPut, http.MethodPost:
|
|
g.rateLimitHandlers.PutConfigHandler(w, r)
|
|
case http.MethodDelete:
|
|
g.rateLimitHandlers.DeleteConfigHandler(w, r)
|
|
default:
|
|
httputil.WriteRPCError(w, http.StatusMethodNotAllowed,
|
|
httputil.ErrCodeValidationFailed,
|
|
"method not allowed: use GET to read, PUT to update, or DELETE to clear")
|
|
}
|
|
}
|