英文:
How do you rate limit a Golang server hosted on Cloud Run?
问题
由于Cloud Run是“无状态”的,我假设状态在请求之间不会持续存在,所以创建一个IP地址映射表是行不通的。或者类似于limiter这样的工具可以起作用吗?
英文:
Since Cloud run is "stateless", I'm assuming state doesn't persist between requests, so creating a map of ip addresses would not work. Or would something like limiter work?
答案1
得分: 1
一个请求由一个请求处理程序处理,该处理程序具有请求范围,而您的限制器具有全局范围。
让我用一些代码来说明。我们有请求范围的变量i和全局范围的变量j。此外,我们还有一个全局限制器。
因此,限制器和j只有一个实例,但对于每个请求,都会创建一个名为i的变量,并且该变量对于该请求是唯一的。
package main
import (
"flag"
"fmt"
"log"
"net/http"
"sync/atomic"
"time"
"github.com/ulule/limiter/v3"
"github.com/ulule/limiter/v3/drivers/middleware/stdlib"
"github.com/ulule/limiter/v3/drivers/store/memory"
)
var bind string
func init() {
// 将绑定地址设置为可配置
flag.StringVar(&bind, "bind", ":9090", "address to bind to")
}
func main() {
flag.Parse()
// 您想要使用的速率
// 我们在这里使用不寻常的值进行测试
rate := limiter.Rate{
Period: 5 * time.Second,
Limit: 1,
}
// 我们使用内存存储器是为了简单起见。
// 此外,作为一种安全措施,持久性可能会引入
// 不必要的复杂性以及攻击点本身
// 通过过载持久性机制。
l := limiter.New(memory.NewStore(), rate)
middleware := stdlib.NewMiddleware(l)
// 为了进一步澄清,我们添加了一个全局范围的计数器
var j uint64
// 我们告诉http服务器接收/hello的请求...
http.Handle("/hello",
// 将它们通过全局范围的中间件
// 它将强制执行速率限制并...
middleware.Handler(
// 如果未达到限制,则执行实际的http.Handler。
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// 请求范围...
var i int
// 所以在递增后,i将始终为1
i++
// 但我们也递增了全局范围的j。
// 由于多个goroutine可能同时访问j,我们需要
// 采取原子操作的预防措施。
atomic.AddUint64(&j, 1)
w.Write([]byte(
fmt.Sprintf("Hello, world!\nrequest scoped i: %d, global scoped j:%d\n", i, atomic.LoadUint64(&j)))))
)))
// 最后但并非最不重要的是,我们启动服务器
log.Printf("Starting server bound to '%s'", bind)
log.Fatal(http.ListenAndServe(bind, nil))
}
现在,当我们运行此代码并使用curl调用URL时,我们会得到一个响应(限制没有生效),并且i和j都具有值1。
$ curl -iv --no-keepalive http://localhost:9090/hello
* Trying ::1:9090...
* Connected to localhost (::1) port 9090 (#0)
> GET /hello HTTP/1.1
> Host: localhost:9090
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< X-Ratelimit-Limit: 1
X-Ratelimit-Limit: 1
< X-Ratelimit-Remaining: 0
X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 1588596822
X-Ratelimit-Reset: 1588596822
< Date: Mon, 04 May 2020 12:53:37 GMT
Date: Mon, 04 May 2020 12:53:37 GMT
< Content-Length: 53
Content-Length: 53
< Content-Type: text/plain; charset=utf-8
Content-Type: text/plain; charset=utf-8
<
Hello, world!
request scoped i: 1, global scoped j:1
* Connection #0 to host localhost left intact
如果我们在5秒内再次调用URL,速率限制器将生效,并拒绝我们的访问:
$ curl -iv --no-keepalive http://localhost:9090/hello
* Trying ::1:9090...
* Connected to localhost (::1) port 9090 (#0)
> GET /hello HTTP/1.1
> Host: localhost:9090
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 429 Too Many Requests
HTTP/1.1 429 Too Many Requests
< Content-Type: text/plain; charset=utf-8
Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Ratelimit-Limit: 1
X-Ratelimit-Limit: 1
< X-Ratelimit-Remaining: 0
X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 1588596822
X-Ratelimit-Reset: 1588596822
< Date: Mon, 04 May 2020 12:53:38 GMT
Date: Mon, 04 May 2020 12:53:38 GMT
< Content-Length: 15
Content-Length: 15
<
Limit exceeded
* Connection #0 to host localhost left intact
并且,在等待几秒钟后,我们再次调用URL,全局范围的变量递增,而请求范围的变量再次为1:
$ curl -iv --no-keepalive http://localhost:9090/hello
* Trying ::1:9090...
* Connected to localhost (::1) port 9090 (#0)
> GET /hello HTTP/1.1
> Host: localhost:9090
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< X-Ratelimit-Limit: 1
X-Ratelimit-Limit: 1
< X-Ratelimit-Remaining: 0
X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 1588596884
X-Ratelimit-Reset: 1588596884
< Date: Mon, 04 May 2020 12:54:39 GMT
Date: Mon, 04 May 2020 12:54:39 GMT
< Content-Length: 53
Content-Length: 53
< Content-Type: text/plain; charset=utf-8
Content-Type: text/plain; charset=utf-8
<
Hello, world!
request scoped i: 1, global scoped j:2
* Connection #0 to host localhost left intact
英文:
A request is handled by a request handler which is request scoped, whereas your limiter has a global scope.
Let me illustrate that with some code. We have the request scoped variable i and
the globally scoped variable j. Furthermore, we have a global limiter.
So there is exactly one instance of the limiter and j, but for reach request a variable named i is created and distinct for that request.
package main
import (
"flag"
"fmt"
"log"
"net/http"
"sync/atomic"
"time"
"github.com/ulule/limiter/v3"
"github.com/ulule/limiter/v3/drivers/middleware/stdlib"
"github.com/ulule/limiter/v3/drivers/store/memory"
)
var bind string
func init() {
// Make the bind address configurable
flag.StringVar(&bind, "bind", ":9090", "address to bind to")
}
func main() {
flag.Parse()
// The rate you want to employ
// We use unusual values here for testing purposes
rate := limiter.Rate{
Period: 5 * time.Second,
Limit: 1,
}
// We use an in-memory store for the sake of simplicity.
// Furthermore, as a security measure, persistence might introduce
// an unneccessary complexity as well as a point of attack itself
// by overloading the persistence mechanism.
l := limiter.New(memory.NewStore(), rate)
middleware := stdlib.NewMiddleware(l)
// for further clarification, we add a globally scoped counter
var j uint64
// We tell the http server to take requests to /hello...
http.Handle("/hello",
// put them through or globally scoped middleware
// which will enfore the rate limit and...
middleware.Handler(
// executes the actual http.Handler if the limit is not reached.
http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// request scoped...
var i int
// so i will always be 1 after increment
i++
// But we also increment our globally scoped j.
// Since multiple goroutines might access j simultaneously, we need
// to take the precaution of an atomic operation.
atomic.AddUint64(&j, 1)
w.Write([]byte(
fmt.Sprintf("Hello, world!\nrequest scoped i: %d, global scoped j:%d\n", i, atomic.LoadUint64(&j))))
})))
// Last but not least we start the server
log.Printf("Starting server bound to '%s'", bind)
log.Fatal(http.ListenAndServe(bind, nil))
}
Now, when we run this code and call the URL with curl, we get a response (limit did not kick in) and both i and j have a value of 1.
$ curl -iv --no-keepalive http://localhost:9090/hello
* Trying ::1:9090...
* Connected to localhost (::1) port 9090 (#0)
> GET /hello HTTP/1.1
> Host: localhost:9090
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< X-Ratelimit-Limit: 1
X-Ratelimit-Limit: 1
< X-Ratelimit-Remaining: 0
X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 1588596822
X-Ratelimit-Reset: 1588596822
< Date: Mon, 04 May 2020 12:53:37 GMT
Date: Mon, 04 May 2020 12:53:37 GMT
< Content-Length: 53
Content-Length: 53
< Content-Type: text/plain; charset=utf-8
Content-Type: text/plain; charset=utf-8
<
Hello, world!
request scoped i: 1, global scoped j:1
* Connection #0 to host localhost left intact
If we call the URL again within 5 seconds, the rate limiter kicks in, and denies us access:
$ curl -iv --no-keepalive http://localhost:9090/hello
* Trying ::1:9090...
* Connected to localhost (::1) port 9090 (#0)
> GET /hello HTTP/1.1
> Host: localhost:9090
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 429 Too Many Requests
HTTP/1.1 429 Too Many Requests
< Content-Type: text/plain; charset=utf-8
Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Ratelimit-Limit: 1
X-Ratelimit-Limit: 1
< X-Ratelimit-Remaining: 0
X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 1588596822
X-Ratelimit-Reset: 1588596822
< Date: Mon, 04 May 2020 12:53:38 GMT
Date: Mon, 04 May 2020 12:53:38 GMT
< Content-Length: 15
Content-Length: 15
<
Limit exceeded
* Connection #0 to host localhost left intact
And, after several seconds of waiting, we call the URL again, the globally scoped variable increments, whereas the request scoped variable again is 1:
$ curl -iv --no-keepalive http://localhost:9090/hello
* Trying ::1:9090...
* Connected to localhost (::1) port 9090 (#0)
> GET /hello HTTP/1.1
> Host: localhost:9090
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< X-Ratelimit-Limit: 1
X-Ratelimit-Limit: 1
< X-Ratelimit-Remaining: 0
X-Ratelimit-Remaining: 0
< X-Ratelimit-Reset: 1588596884
X-Ratelimit-Reset: 1588596884
< Date: Mon, 04 May 2020 12:54:39 GMT
Date: Mon, 04 May 2020 12:54:39 GMT
< Content-Length: 53
Content-Length: 53
< Content-Type: text/plain; charset=utf-8
Content-Type: text/plain; charset=utf-8
<
Hello, world!
request scoped i: 1, global scoped j:2
* Connection #0 to host localhost left intac
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论