Commit d9667028 authored by ale's avatar ale

Instrument blacklists

parent 50b069a1
Pipeline #5558 passed with stages
in 1 minute and 17 seconds
......@@ -202,7 +202,7 @@ func createRatelimiters(config *Config) (map[string]*authRatelimiter, map[string
blacklists := make(map[string]*authBlacklist)
for name, params := range config.RateLimiters {
if params.BlacklistTime > 0 {
bl, err := newAuthBlacklist(params)
bl, err := newAuthBlacklist(name, params)
if err != nil {
return nil, nil, err
}
......
......@@ -9,6 +9,7 @@ import (
"git.autistici.org/id/auth"
"git.autistici.org/id/auth/backend"
"github.com/prometheus/client_golang/prometheus"
)
// Try to use as little memory as possible for each entry: use a UNIX
......@@ -98,12 +99,13 @@ func (r *Ratelimiter) expungeThread() {
// Blacklist can blacklist keys whose request rate is above a
// specified threshold.
type Blacklist struct {
name string
r *Ratelimiter
bl map[string]int64
blTime int64
}
func newBlacklist(limit, period, blacklistTime int) *Blacklist {
func newBlacklist(name string, limit, period, blacklistTime int) *Blacklist {
return &Blacklist{
r: newRatelimiter(limit, period),
bl: make(map[string]int64),
......@@ -146,6 +148,7 @@ func (b *Blacklist) Incr(key string) {
b.r.set(key, d)
} else if d.counter == limitp1 {
log.Printf("blacklisted %s", key)
blacklistCounter.WithLabelValues(b.name).Inc()
b.bl[key] = time.Now().Unix() + b.blTime
}
b.r.mx.Unlock()
......@@ -302,14 +305,14 @@ type authBlacklist struct {
onFailure bool
}
func newAuthBlacklist(config *authRatelimiterConfig) (*authBlacklist, error) {
func newAuthBlacklist(name string, config *authRatelimiterConfig) (*authBlacklist, error) {
r, err := newAuthRatelimiterBase(config)
if err != nil {
return nil, err
}
return &authBlacklist{
authRatelimiterBase: r,
bl: newBlacklist(config.Limit, config.Period, config.BlacklistTime),
bl: newBlacklist(name, config.Limit, config.Period, config.BlacklistTime),
onFailure: config.OnFailure,
}, nil
}
......@@ -331,3 +334,12 @@ func (b *authBlacklist) Incr(user *backend.User, req *auth.Request, resp *auth.R
}
b.bl.Incr(b.key(user, req))
}
var blacklistCounter = prometheus.NewCounterVec(prometheus.CounterOpts{
Name: "auth_blacklisted_total",
Help: "Counter of blacklisted entries.",
}, []string{"bl"})
func init() {
prometheus.MustRegister(blacklistCounter)
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment