1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-04 14:13:28 +01:00
bitwarden-server/src/Core/Utilities/CustomIpRateLimitMiddleware.cs

71 lines
2.7 KiB
C#
Raw Normal View History

2016-11-13 00:43:32 +01:00
using AspNetCoreRateLimit;
2017-03-09 03:55:08 +01:00
using Bit.Core.Models.Api;
using Bit.Core.Services;
2016-11-13 00:43:32 +01:00
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Caching.Memory;
2016-11-13 00:43:32 +01:00
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Newtonsoft.Json;
using System.Threading.Tasks;
2017-09-28 21:01:43 +02:00
namespace Bit.Core.Utilities
2016-11-13 00:43:32 +01:00
{
public class CustomIpRateLimitMiddleware : IpRateLimitMiddleware
{
private readonly IpRateLimitOptions _options;
private readonly IMemoryCache _memoryCache;
private readonly IBlockIpService _blockIpService;
private readonly ILogger<IpRateLimitMiddleware> _logger;
2016-11-13 00:43:32 +01:00
public CustomIpRateLimitMiddleware(
IMemoryCache memoryCache,
IBlockIpService blockIpService,
2016-11-13 00:43:32 +01:00
RequestDelegate next,
IOptions<IpRateLimitOptions> options,
IRateLimitCounterStore counterStore,
IIpPolicyStore policyStore,
ILogger<IpRateLimitMiddleware> logger,
IIpAddressParser ipParser = null)
: base(next, options, counterStore, policyStore, logger, ipParser)
2016-11-13 00:43:32 +01:00
{
_memoryCache = memoryCache;
_blockIpService = blockIpService;
2016-11-13 00:43:32 +01:00
_options = options.Value;
_logger = logger;
2016-11-13 00:43:32 +01:00
}
public override Task ReturnQuotaExceededResponse(HttpContext httpContext, RateLimitRule rule, string retryAfter)
{
var message = string.IsNullOrWhiteSpace(_options.QuotaExceededMessage) ?
$"Slow down! Too many requests. Try again in {rule.Period}." : _options.QuotaExceededMessage;
httpContext.Response.Headers["Retry-After"] = retryAfter;
httpContext.Response.StatusCode = _options.HttpStatusCode;
httpContext.Response.ContentType = "application/json";
var errorModel = new ErrorResponseModel { Message = message };
return httpContext.Response.WriteAsync(JsonConvert.SerializeObject(errorModel));
}
public override void LogBlockedRequest(HttpContext httpContext, ClientRequestIdentity identity,
RateLimitCounter counter, RateLimitRule rule)
{
base.LogBlockedRequest(httpContext, identity, counter, rule);
var key = $"blockedIp_{identity.ClientIp}";
2017-08-31 17:23:16 +02:00
_memoryCache.TryGetValue(key, out int blockedCount);
blockedCount++;
if(blockedCount > 10)
{
_blockIpService.BlockIpAsync(identity.ClientIp, false);
_logger.LogInformation($"Blocked {identity.ClientIp}");
}
else
{
_memoryCache.Set(key, blockedCount,
new MemoryCacheEntryOptions().SetSlidingExpiration(new System.TimeSpan(0, 5, 0)));
}
}
2016-11-13 00:43:32 +01:00
}
}