Giter Club home page Giter Club logo

Comments (5)

sief avatar sief commented on July 24, 2024

Can you post the signature of the action where you want to limit the http error rate?

from play-guard.

vuongbason994 avatar vuongbason994 commented on July 24, 2024

Hi Simon, this is the original action where I implemented the rate limiter:

private val httpErrorRateLimited = HttpErrorRateLimitAction(new RateLimiter(3, 1f / 30, "test failure rate limit")) { _ => BadRequest(Json.obj("status" -> Messages("rate.limited.30"))) }

    /**
     * The login function uses silhouette's unsecured action which checks if there is a non-authenticated user. 
     * If user is authenticated, it should return the CustomUnsecuredErrorHandler functions.
     *
     * @return The result to display.
     */
    def adminLogin = (httpErrorRateLimited andThen silhouette.UnsecuredAction).async(parse.json) { implicit request =>

        request.body.validate[UserLogin] match { // validate the user login object declared in user model       
          case s: JsSuccess[UserLogin] => // validation checks passed
            val userName = (request.body \ "userName").as[String]
            val password = (request.body \ "password").as[String]
            val rememberMe = (request.body \ "rememberMe").as[Boolean]

            val credentials = Credentials(userName.toLowerCase(), password)
            credentialsProvider.authenticate(credentials).flatMap { loginInfo =>
              userService.retrieve(loginInfo).flatMap { // check if username exists by querying login info
...

Thanks so much for your help!

from play-guard.

sief avatar sief commented on July 24, 2024

ok, the problem is, that the Action's BodyParser comes first, and if parsing fails, the limiter is not even reached. If you really want to limit the parsing error rate, too, you could do the parsing in your Action's code. E.g.:

  def test = httpErrorRateLimited(parse.raw) { request =>
    val jsO = request.body.asBytes().flatMap(b => Try(Json.parse(b.iterator.asInputStream)).toOption)
    jsO.fold(BadRequest("invalid json")) { js =>
      // ....
      Ok("test")
    }
  }

Just an example, but the the parsing errors get caught by the limiter.

from play-guard.

vuongbason994 avatar vuongbason994 commented on July 24, 2024

Thanks Simon! May I know if there is a way to implement the limiter globally such that all requests and errors can be "caught" prior to code execution? (e.g. in the error handler)

I am building a rest api and although the application is yet to be in production, I am seeing many strange requests and attempts (probably by bots) randomly hitting un-named routes.

from play-guard.

sief avatar sief commented on July 24, 2024

these limit actions like HttpErrorRateLimitAction are actually meant to be used for application specific errors. If you want to do global rate limiting, take a look at https://github.com/sief/play-guard#1-guardfilter.
This global filter currently doesn't limit error rates, but take a look at the source code, it shouldn't be too difficult to implement this. I'll add this feature to my backlog ;)

from play-guard.

Related Issues (9)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.