github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-02 08:33:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
c0611a06e5
discourse/lib/middleware/request_tracker.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

556 lines
17 KiB
Ruby
Raw Normal View History

FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
# frozen_string_literal: true
DEV: avoid require_dependency for some libs This avoids require dependency on method_profiler and anon cache. It means that if there is any change to these files the reloader will not pick it up. Previously the reloader was picking up the anon cache twice causing it to double load on boot. This caused warnings. Long term my plan is to give up on require dependency and instead use: https://github.com/Shopify/autoload_reloader
2018-12-31 07:53:30 +08:00
require "method_profiler"
require "middleware/anonymous_cache"
FIX: crawler requests exceptions for non UTF-8 user agents with invalid bytes
2024-05-24 09:49:17 +08:00
require "http_user_agent_encoder"
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front
2015-02-05 13:08:52 +08:00
class Middleware::RequestTracker
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
@@detailed_request_loggers = nil
Add extensibility point to `request_tracker` to skip IP addresses This is useful if you want to run a per IP rate limiter but want to be able to skip some IPs with custom logic.
2018-02-06 06:45:25 +08:00
@@ip_skipper = nil
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
FEATURE: Rate limit exceptions via ENV (#14033) Allow admins to configure exceptions to our Rails rate limiter. Configuration happens in the environment variables, and work with both IPs and CIDR blocks. Example: ``` env: DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS: >- 14.15.16.32/27 216.148.1.2 ```
2021-08-13 23:00:23 +08:00
# You can add exceptions to our app rate limiter in the app.yml ENV section.
# example:
#
# env:
# DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS: >-
# 14.15.16.32/27
# 216.148.1.2
#
STATIC_IP_SKIPPER =
ENV["DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS"]&.split&.map { |ip| IPAddr.new(ip) }
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
# register callbacks for detailed request loggers called on every request
# example:
#
# Middleware::RequestTracker.detailed_request_logger(->|env, data| do
# # do stuff with env and data
# end
def self.register_detailed_request_logger(callback)
FEATURE: Optional detailed performance logging for Sidekiq jobs (#7091) By default, this does nothing. Two environment variables are available: - `DISCOURSE_LOG_SIDEKIQ` Set to `"1"` to enable logging. This will log all completed jobs to `log/rails/sidekiq.log`, along with various db/redis/network statistics. This is useful to track down poorly performing jobs. - `DISCOURSE_LOG_SIDEKIQ_INTERVAL` (seconds) Check running jobs periodically, and log their current duration. They will appear in the logs with `status:pending`. This is useful to track down jobs which take a long time, then crash sidekiq before completing.
2019-03-05 19:19:11 +08:00
MethodProfiler.ensure_discourse_instrumentation!
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
(@@detailed_request_loggers ||= []) << callback
end
def self.unregister_detailed_request_logger(callback)
FIX: Add Retry-Header to rate limited responses (#11736) It returned a 429 error code with a 'Retry-After' header if a RateLimiter::LimitExceeded was raised and unhandled, but the header was missing if the request was limited in the 'RequestTracker' middleware.
2021-01-19 17:35:46 +08:00
@@detailed_request_loggers.delete(callback)
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
@detailed_request_loggers = nil if @@detailed_request_loggers.length == 0
Add extensibility point to `request_tracker` to skip IP addresses This is useful if you want to run a per IP rate limiter but want to be able to skip some IPs with custom logic.
2018-02-06 06:45:25 +08:00
end
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
use lazy & instead of try unregister ip skipper in test raise if called when a skipper is in play
2018-02-06 07:38:15 +08:00
# used for testing
def self.unregister_ip_skipper
@@ip_skipper = nil
end
Add extensibility point to `request_tracker` to skip IP addresses This is useful if you want to run a per IP rate limiter but want to be able to skip some IPs with custom logic.
2018-02-06 06:45:25 +08:00
# Register a custom `ip_skipper`, a function that will skip rate limiting
# for any IP that returns true.
#
# For example, if you never wanted to rate limit 1.2.3.4
#
# ```
# Middleware::RequestTracker.register_ip_skipper do |ip|
# ip == "1.2.3.4"
# end
# ```
def self.register_ip_skipper(&blk)
use lazy & instead of try unregister ip skipper in test raise if called when a skipper is in play
2018-02-06 07:38:15 +08:00
raise "IP skipper is already registered!" if @@ip_skipper
Add extensibility point to `request_tracker` to skip IP addresses This is useful if you want to run a per IP rate limiter but want to be able to skip some IPs with custom logic.
2018-02-06 06:45:25 +08:00
@@ip_skipper = blk
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
end
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
def self.ip_skipper
@@ip_skipper
end
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front
2015-02-05 13:08:52 +08:00
def initialize(app, settings = {})
@app = app
end
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
def self.log_request(data)
FEATURE: Track API and user API requests (#19186) Adds stats for API and user API requests similar to regular page views. This comes with a new report to visualize API requests per day like the consolidated page views one.
2022-11-29 19:07:42 +08:00
if data[:is_api]
ApplicationRequest.increment!(:api)
elsif data[:is_user_api]
ApplicationRequest.increment!(:user_api)
elsif data[:track_view]
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
if data[:is_crawler]
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs
2015-02-06 11:39:04 +08:00
ApplicationRequest.increment!(:page_view_crawler)
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-16 05:10:45 +08:00
WebCrawlerRequest.increment!(data[:user_agent])
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
elsif data[:has_auth_cookie]
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs
2015-02-06 11:39:04 +08:00
ApplicationRequest.increment!(:page_view_logged_in)
FEATURE: page view stats for mobile view
2015-07-04 05:02:57 +08:00
ApplicationRequest.increment!(:page_view_logged_in_mobile) if data[:is_mobile]
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
if data[:explicit_track_view]
# Must be a browser if it had this header from our ajax implementation
ApplicationRequest.increment!(:page_view_logged_in_browser)
ApplicationRequest.increment!(:page_view_logged_in_browser_mobile) if data[:is_mobile]
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
if data[:topic_id].present? && data[:current_user_id].present?
TopicsController.defer_topic_view(
data[:topic_id],
data[:request_remote_ip],
data[:current_user_id],
)
end
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
end
FEATURE: Ignore anonymous page views on private sites (#12800) For sites with login_required set to true, counting anonymous pageviews is confusing. Requests to /login and other pages would make it look like anonymous users have access to site's content.
2021-04-26 19:19:47 +08:00
elsif !SiteSetting.login_required
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs
2015-02-06 11:39:04 +08:00
ApplicationRequest.increment!(:page_view_anon)
FEATURE: page view stats for mobile view
2015-07-04 05:02:57 +08:00
ApplicationRequest.increment!(:page_view_anon_mobile) if data[:is_mobile]
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
if data[:explicit_track_view]
# Must be a browser if it had this header from our ajax implementation
ApplicationRequest.increment!(:page_view_anon_browser)
ApplicationRequest.increment!(:page_view_anon_browser_mobile) if data[:is_mobile]
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
if data[:topic_id].present?
TopicsController.defer_topic_view(data[:topic_id], data[:request_remote_ip])
end
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
end
end
end
# Message-bus requests may include this 'deferred track' header which we use to detect
# 'real browser' views.
if data[:deferred_track] && !data[:is_crawler]
if data[:has_auth_cookie]
ApplicationRequest.increment!(:page_view_logged_in_browser)
ApplicationRequest.increment!(:page_view_logged_in_browser_mobile) if data[:is_mobile]
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
if data[:topic_id].present? && data[:current_user_id].present?
TopicsController.defer_topic_view(
data[:topic_id],
data[:request_remote_ip],
data[:current_user_id],
)
end
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
elsif !SiteSetting.login_required
ApplicationRequest.increment!(:page_view_anon_browser)
ApplicationRequest.increment!(:page_view_anon_browser_mobile) if data[:is_mobile]
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
if data[:topic_id].present?
TopicsController.defer_topic_view(data[:topic_id], data[:request_remote_ip])
end
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs
2015-02-06 11:39:04 +08:00
end
end
ApplicationRequest.increment!(:http_total)
FEATURE: Track API and user API requests (#19186) Adds stats for API and user API requests similar to regular page views. This comes with a new report to visualize API requests per day like the consolidated page views one.
2022-11-29 19:07:42 +08:00
status = data[:status]
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs
2015-02-06 11:39:04 +08:00
if status >= 500
ApplicationRequest.increment!(:http_5xx)
background reqs failed or not are always counted seperately
2015-02-12 06:47:32 +08:00
elsif data[:is_background]
ApplicationRequest.increment!(:http_background)
refactor traffic report split traffic report in 2, page view vs raw traffic hide raw traffic report by default improve flushing logic for application reqs
2015-02-06 11:39:04 +08:00
elsif status >= 400
ApplicationRequest.increment!(:http_4xx)
elsif status >= 300
ApplicationRequest.increment!(:http_3xx)
FIX: Add Retry-Header to rate limited responses (#11736) It returned a 429 error code with a 'Retry-After' header if a RateLimiter::LimitExceeded was raised and unhandled, but the header was missing if the request was limited in the 'RequestTracker' middleware.
2021-01-19 17:35:46 +08:00
elsif status >= 200
background reqs failed or not are always counted seperately
2015-02-12 06:47:32 +08:00
ApplicationRequest.increment!(:http_2xx)
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front
2015-02-05 13:08:52 +08:00
end
end
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
def self.get_data(env, result, timing, request = nil)
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
status, headers = result
FIX: Ensure RequestTracker handles bubbled exceptions correctly (#26940) This can happen for various reasons including rate limiting and middleware bugs. This should resolve the warning we're seeing in the logs ``` RequestTracker.get_data failed : NoMethodError : undefined method `[]' for nil:NilClass ```
2024-05-08 23:08:39 +08:00
# result may be nil if the downstream app raised an exception
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
status = status.to_i
FIX: Ensure RequestTracker handles bubbled exceptions correctly (#26940) This can happen for various reasons including rate limiting and middleware bugs. This should resolve the warning we're seeing in the logs ``` RequestTracker.get_data failed : NoMethodError : undefined method `[]' for nil:NilClass ```
2024-05-08 23:08:39 +08:00
headers ||= {}
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
request ||= Rack::Request.new(env)
helper = Middleware::AnonymousCache::Helper.new(env, request)
FEATURE: allow view exclusion using custom header Set Discourse-Track-View to either "0" or "false" to exclude request
2015-02-26 08:40:57 +08:00
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
# Since ActionDispatch::RemoteIp middleware is run before this middleware,
# we have access to the normalised remote IP based on ActionDispatch::RemoteIp::GetIp
#
# NOTE: Locally with MessageBus requests, the remote IP ends up as ::1 because
# of the X-Forwarded-For header set...somewhere, whereas all other requests
# end up as 127.0.0.1.
request_remote_ip = env["action_dispatch.remote_ip"].to_s
# Value of the discourse-track-view request header, set in `lib/ajax.js`
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
env_track_view = env["HTTP_DISCOURSE_TRACK_VIEW"]
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
# Was the discourse-track-view request header set to true? Likely
# set by our ajax library to indicate a page view.
explicit_track_view = status == 200 && %w[1 true].include?(env_track_view)
# An HTML response to a GET request is tracked implicitly
implicit_track_view =
status == 200 && !%w[0 false].include?(env_track_view) && request.get? && !request.xhr? &&
headers["Content-Type"] =~ %r{text/html}
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
# This header is sent on a follow-up request after a real browser loads up a page
# see `scripts/pageview.js` and `instance-initializers/page-tracking.js`
deferred_track_view = %w[1 true].include?(env["HTTP_DISCOURSE_DEFERRED_TRACK_VIEW"])
# This is treated separately from deferred tracking in #log_request, this is
# why deferred_track_view is not counted here.
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
track_view = !!(explicit_track_view || implicit_track_view)
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
# These are set in the same place as the respective track view headers in the client.
topic_id =
if deferred_track_view
env["HTTP_DISCOURSE_DEFERRED_TRACK_VIEW_TOPIC_ID"]
elsif explicit_track_view || implicit_track_view
env["HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID"]
end
auth_cookie = Auth::DefaultCurrentUserProvider.find_v0_auth_cookie(request)
auth_cookie ||= Auth::DefaultCurrentUserProvider.find_v1_auth_cookie(env)
has_auth_cookie = auth_cookie.present?
FEATURE: allow view exclusion using custom header Set Discourse-Track-View to either "0" or "false" to exclude request
2015-02-26 08:40:57 +08:00
FEATURE: Track API and user API requests (#19186) Adds stats for API and user API requests similar to regular page views. This comes with a new report to visualize API requests per day like the consolidated page views one.
2022-11-29 19:07:42 +08:00
is_api ||= !!env[Auth::DefaultCurrentUserProvider::API_KEY_ENV]
is_user_api ||= !!env[Auth::DefaultCurrentUserProvider::USER_API_KEY_ENV]
DEV: Improve background-request information in request_tracker (#16037) This will allow consumers (e.g. the discourse-prometheus plugin) to separate topic-timings and message-bus requests. It also fixes the is_background boolean for subfolder sites.
2022-02-23 20:45:42 +08:00
is_message_bus = request.path.start_with?("#{Discourse.base_path}/message-bus/")
is_topic_timings = request.path.start_with?("#{Discourse.base_path}/topics/timings")
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
# Auth cookie can be used to find the ID for logged in users, but API calls must look up the
# current user based on env variables.
#
# We only care about this for topic views, other pageviews it's enough to know if the user is
# logged in or not, and we have separate pageview tracking for API views.
current_user_id =
if topic_id.present?
begin
(auth_cookie&.[](:user_id) || CurrentUser.lookup_from_env(env)&.id)
rescue Discourse::InvalidAccess => err
# This error is raised when the API key is invalid, no need to stop the show.
Discourse.warn_exception(
err,
message: "RequestTracker.get_data failed with an invalid API key error",
)
nil
end
end
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
FEATURE: anon cache reports data to loggers This allows custom plugins such as prometheus exporter to log how many requests are stored in the anon cache vs used by the anon cache. This metric allows us to fine tune cache behaviors
2019-09-02 16:45:35 +08:00
h = {
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
status: status,
is_crawler: helper.is_crawler?,
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
has_auth_cookie: has_auth_cookie,
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
current_user_id: current_user_id,
topic_id: topic_id,
FEATURE: Track API and user API requests (#19186) Adds stats for API and user API requests similar to regular page views. This comes with a new report to visualize API requests per day like the consolidated page views one.
2022-11-29 19:07:42 +08:00
is_api: is_api,
is_user_api: is_user_api,
DEV: Improve background-request information in request_tracker (#16037) This will allow consumers (e.g. the discourse-prometheus plugin) to separate topic-timings and message-bus requests. It also fixes the is_background boolean for subfolder sites.
2022-02-23 20:45:42 +08:00
is_background: is_message_bus || is_topic_timings,
FEATURE: page view stats for mobile view
2015-07-04 05:02:57 +08:00
is_mobile: helper.is_mobile?,
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
track_view: track_view,
FEATURE: track request queueing as early as possible
2018-04-17 16:05:51 +08:00
timing: timing,
queue_seconds: env["REQUEST_QUEUE_SECONDS"],
FEATURE: Add experimental tracking of 'real browser' pageviews (#26647) Our 'page_view_crawler' / 'page_view_anon' metrics are based purely on the User Agent sent by clients. This means that 'badly behaved' bots which are imitating real user agents are counted towards 'anon' page views. This commit introduces a new method of tracking visitors. When an initial HTML request is made, we assume it is a 'non-browser' request (i.e. a bot). Then, once the JS application has booted, we notify the server to count it as a 'browser' request. This reliance on a JavaScript-capable browser matches up more closely to dedicated analytics systems like Google Analytics. Existing data collection and graphs are unchanged. Data collected via the new technique is available in a new 'experimental' report.
2024-04-25 18:00:01 +08:00
explicit_track_view: explicit_track_view,
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
deferred_track: deferred_track_view,
request_remote_ip: request_remote_ip,
FEATURE: anon cache reports data to loggers This allows custom plugins such as prometheus exporter to log how many requests are stored in the anon cache vs used by the anon cache. This metric allows us to fine tune cache behaviors
2019-09-02 16:45:35 +08:00
}
DEV: Include message-bus request type in HTTP request data (#19762)
2023-01-06 19:26:18 +08:00
if h[:is_background]
h[:background_type] = if is_message_bus
if request.query_string.include?("dlp=t")
"message-bus-dlp"
elsif env["HTTP_DONT_CHUNK"]
"message-bus-dontchunk"
else
"message-bus"
end
else
"topic-timings"
end
end
FEATURE: anon cache reports data to loggers This allows custom plugins such as prometheus exporter to log how many requests are stored in the anon cache vs used by the anon cache. This metric allows us to fine tune cache behaviors
2019-09-02 16:45:35 +08:00
if h[:is_crawler]
FIX: crawler requests not tracked for non UTF-8 user agents Non UTF-8 user_agent requests were bypassing logging due to PG always wanting UTF-8 strings. This adds some conversion to ensure we are always dealing with UTF-8
2019-12-09 14:43:51 +08:00
user_agent = env["HTTP_USER_AGENT"]
FIX: crawler requests exceptions for non UTF-8 user agents with invalid bytes
2024-05-24 09:49:17 +08:00
user_agent = HttpUserAgentEncoder.ensure_utf8(user_agent) if user_agent
FIX: crawler requests not tracked for non UTF-8 user agents Non UTF-8 user_agent requests were bypassing logging due to PG always wanting UTF-8 strings. This adds some conversion to ensure we are always dealing with UTF-8
2019-12-09 14:43:51 +08:00
h[:user_agent] = user_agent
FEATURE: anon cache reports data to loggers This allows custom plugins such as prometheus exporter to log how many requests are stored in the anon cache vs used by the anon cache. This metric allows us to fine tune cache behaviors
2019-09-02 16:45:35 +08:00
end
if cache = headers["X-Discourse-Cached"]
h[:cache] = cache
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-16 05:10:45 +08:00
end
FIX: Add Retry-Header to rate limited responses (#11736) It returned a 429 error code with a 'Retry-After' header if a RateLimiter::LimitExceeded was raised and unhandled, but the header was missing if the request was limited in the 'RequestTracker' middleware.
2021-01-19 17:35:46 +08:00
FEATURE: anon cache reports data to loggers This allows custom plugins such as prometheus exporter to log how many requests are stored in the anon cache vs used by the anon cache. This metric allows us to fine tune cache behaviors
2019-09-02 16:45:35 +08:00
h
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
end
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front
2015-02-05 13:08:52 +08:00
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
def log_request_info(env, result, info, request = nil)
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
# We've got to skip this on error ... its just logging
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
data =
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
begin
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
self.class.get_data(env, result, info, request)
FEATURE: Only count topic views for explicit/deferred tracked views (#27533) Followup 2f2da7274732cba30d03b6c5c3a4194652cb6783 This commit moves topic view tracking from happening every time a Topic is requested, which is susceptible to inflating numbers of views from web crawlers, to our request tracker middleware. In this new location, topic views are only tracked when the following headers are sent: * HTTP_DISCOURSE_TRACK_VIEW - This is sent on every page navigation when clicking around the ember app. We count these as browser page views because we know it comes from the AJAX call in our app. The topic ID is extracted from HTTP_DISCOURSE_TRACK_VIEW_TOPIC_ID * HTTP_DISCOURSE_DEFERRED_TRACK_VIEW - Sent when MessageBus initializes after first loading the page to count the initial page load view. The topic ID is extracted from HTTP_DISCOURSE_DEFERRED_TRACK_VIEW. This will bring topic views more in line with the change we made to page views in the referenced commit and result in more realistic topic view counts.
2024-07-03 08:38:49 +08:00
rescue StandardError => err
Discourse.warn_exception(err, message: "RequestTracker.get_data failed")
# This is super hard to find if in testing, we should still raise in this case.
raise err if Rails.env.test?
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
nil
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
FIX: view tracking needs to release data earlier retaining data during queuing was causing huge memory spikes
2015-02-10 14:03:33 +08:00
if data
make code a bit safer
2016-10-27 13:50:56 +08:00
if result && (headers = result[1])
make sure 1 is a string
2016-10-27 15:08:01 +08:00
headers["X-Discourse-TrackView"] = "1" if data[:track_view]
make code a bit safer
2016-10-27 13:50:56 +08:00
end
FEATURE: Allow registration of detailed request logger Detailed request loggers can be used to gather rich timing info from all requests (which in turn can be forwarded to monitoring solution) Middleware::RequestTracker.detailed_request_logger(->|env, data| do # do stuff with env and data end
2017-10-18 09:10:12 +08:00
if @@detailed_request_loggers
@@detailed_request_loggers.each { |logger| logger.call(env, data) }
end
REFACTOR: Move the multisite middleware to the front Both request tracking and message bus rely on multisite before the middleware has run which is not ideal. Follow-up-to: ca1208a63669d4d4ad7452367008d40fa090f645
2020-03-30 19:01:06 +08:00
log_later(data)
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front
2015-02-05 13:08:52 +08:00
end
end
PERF: message_bus will be deferred by server when flooded The message_bus performs a fair amount of work prior to hijacking requests this change ensures that if there is a situation where the server is flooded message_bus will inform client to back off for 30 seconds + random(120 secs) This back-off is ultra cheap and happens very early in the middleware. It corrects a situation where a flood to message bus could cause the app to become unresponsive MessageBus update is here to ensure message_bus gem properly respects Retry-After header and status 429. Under normal state this code should never trigger, to disable raise the value of DISCOURSE_REJECT_MESSAGE_BUS_QUEUE_SECONDS, default is to tell message bus to go away if we are queueing for 100ms or longer
2019-08-09 15:47:44 +08:00
def self.populate_request_queue_seconds!(env)
if !env["REQUEST_QUEUE_SECONDS"]
if queue_start = env["HTTP_X_REQUEST_START"]
FIX: handle heroku style HTTP_X_REQUEST_START (#10087)
2020-06-19 22:17:24 +08:00
queue_start =
if queue_start.start_with?("t=")
queue_start.split("t=")[1].to_f
else
queue_start.to_f / 1000.0
end
PERF: message_bus will be deferred by server when flooded The message_bus performs a fair amount of work prior to hijacking requests this change ensures that if there is a situation where the server is flooded message_bus will inform client to back off for 30 seconds + random(120 secs) This back-off is ultra cheap and happens very early in the middleware. It corrects a situation where a flood to message bus could cause the app to become unresponsive MessageBus update is here to ensure message_bus gem properly respects Retry-After header and status 429. Under normal state this code should never trigger, to disable raise the value of DISCOURSE_REJECT_MESSAGE_BUS_QUEUE_SECONDS, default is to tell message bus to go away if we are queueing for 100ms or longer
2019-08-09 15:47:44 +08:00
queue_time = (Time.now.to_f - queue_start)
env["REQUEST_QUEUE_SECONDS"] = queue_time
end
end
end
Correctly track hijacked requests
2017-11-28 13:47:20 +08:00
def call(env)
FEATURE: optional default off global per ip rate limiter
2017-12-11 14:21:00 +08:00
result = nil
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
info = nil
DEV: Seperate concerns of tracking GC stat from `MethodProfiler` (#22921) Why this change? This is a follow up to e8f7b62752a65e33aa1cee748fc966c4ad14b1ee. Tracking of GC stats didn't really belong in the `MethodProfiler` class so we want to extract that concern into its own class. As part of this PR, the `track_gc_stat_per_request` site setting has also been renamed to `instrument_gc_stat_per_request`.
2023-08-02 10:46:37 +08:00
gc_stat_timing = nil
FEATURE: track request queueing as early as possible
2018-04-17 16:05:51 +08:00
# doing this as early as possible so we have an
# accurate counter
PERF: message_bus will be deferred by server when flooded The message_bus performs a fair amount of work prior to hijacking requests this change ensures that if there is a situation where the server is flooded message_bus will inform client to back off for 30 seconds + random(120 secs) This back-off is ultra cheap and happens very early in the middleware. It corrects a situation where a flood to message bus could cause the app to become unresponsive MessageBus update is here to ensure message_bus gem properly respects Retry-After header and status 429. Under normal state this code should never trigger, to disable raise the value of DISCOURSE_REJECT_MESSAGE_BUS_QUEUE_SECONDS, default is to tell message bus to go away if we are queueing for 100ms or longer
2019-08-09 15:47:44 +08:00
::Middleware::RequestTracker.populate_request_queue_seconds!(env)
FEATURE: track request queueing as early as possible
2018-04-17 16:05:51 +08:00
FEATURE: control which web crawlers can access using a whitelist or blacklist
2018-03-16 05:10:45 +08:00
request = Rack::Request.new(env)
FEATURE: optional default off global per ip rate limiter
2017-12-11 14:21:00 +08:00
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
cookie = find_auth_cookie(env)
if error_details = rate_limit(request, cookie)
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
available_in, error_code, limit_on_id = error_details
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
message = <<~TEXT
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
Slow down, too many requests from this #{limit_on_id ? "user" : "IP address"}.
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
Please retry again in #{available_in} seconds.
Error code: #{error_code}.
TEXT
headers = {
FIX: Add content-type header to rate limiter error It's best to always set a content-type header and one was missing here.
2024-03-26 23:37:20 +08:00
"Content-Type" => "text/plain",
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
"Retry-After" => available_in.to_s,
"Discourse-Rate-Limit-Error-Code" => error_code,
}
FEATURE: add username header to global-rate-limited responses (#25265) This will make it easier to analyze rate limiting in reverse-proxy logs. To make this possible without a database lookup, we add the username to the encrypted `_t` cookie data.
2024-01-16 03:50:37 +08:00
if username = cookie&.[](:username)
headers["X-Discourse-Username"] = username
end
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
return 429, headers, [message]
FEATURE: optional default off global per ip rate limiter
2017-12-11 14:21:00 +08:00
end
FIX: Apply crawler rate limits to cached requests (#27174) This commit moves the logic for crawler rate limits out of the application controller and into the request tracker middleware. The reason for this move is to apply rate limits to all crawler requests instead of just the requests that make it to the application controller. Some requests are served early from the middleware stack without reaching the Rails app for performance reasons (e.g. `AnonymousCache`) which results in crawlers getting 200 responses even though they've reached their limits and should be getting 429 responses. Internal topic: t/128810.
2024-05-27 21:26:35 +08:00
if !cookie
if error_details = check_crawler_limits(env)
available_in, error_code = error_details
message = "Too many crawling requests. Error code: #{error_code}."
headers = {
"Content-Type" => "text/plain",
"Retry-After" => available_in.to_s,
"Discourse-Rate-Limit-Error-Code" => error_code,
}
return 429, headers, [message]
end
end
Correctly track hijacked requests
2017-11-28 13:47:20 +08:00
env["discourse.request_tracker"] = self
FIX: Add Retry-Header to rate limited responses (#11736) It returned a 429 error code with a 'Retry-After' header if a RateLimiter::LimitExceeded was raised and unhandled, but the header was missing if the request was limited in the 'RequestTracker' middleware.
2021-01-19 17:35:46 +08:00
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 05:26:18 +08:00
MethodProfiler.start
DEV: Seperate concerns of tracking GC stat from `MethodProfiler` (#22921) Why this change? This is a follow up to e8f7b62752a65e33aa1cee748fc966c4ad14b1ee. Tracking of GC stats didn't really belong in the `MethodProfiler` class so we want to extract that concern into its own class. As part of this PR, the `track_gc_stat_per_request` site setting has also been renamed to `instrument_gc_stat_per_request`.
2023-08-02 10:46:37 +08:00
if SiteSetting.instrument_gc_stat_per_request
gc_stat_timing = GCStatInstrumenter.instrument { result = @app.call(env) }
else
result = @app.call(env)
end
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 05:26:18 +08:00
info = MethodProfiler.stop
FIX: Add Retry-Header to rate limited responses (#11736) It returned a 429 error code with a 'Retry-After' header if a RateLimiter::LimitExceeded was raised and unhandled, but the header was missing if the request was limited in the 'RequestTracker' middleware.
2021-01-19 17:35:46 +08:00
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 05:26:18 +08:00
# possibly transferred?
correct tracking of x runtime
2018-01-19 14:51:04 +08:00
if info && (headers = result[1])
headers["X-Runtime"] = "%0.6f" % info[:total_duration]
FEATURE: enable_performance_http_headers for performance diagnostics This adds support for DISCOURSE_ENABLE_PERFORMANCE_HTTP_HEADERS when set to `true` this will turn on performance related headers ```text X-Redis-Calls: 10 # number of redis calls X-Redis-Time: 1.02 # redis time in seconds X-Sql-Commands: 102 # number of SQL commands X-Sql-Time: 1.02 # duration in SQL in seconds X-Queue-Time: 1.01 # time the request sat in queue (depends on NGINX) ``` To get queue time NGINX must provide: HTTP_X_REQUEST_START We do not recommend you enable this without thinking, it exposes information about what your page is doing, usually you would only enable this if you intend to strip off the headers further down the stream in a proxy
2019-06-05 14:08:11 +08:00
if GlobalSetting.enable_performance_http_headers
if redis = info[:redis]
headers["X-Redis-Calls"] = redis[:calls].to_s
headers["X-Redis-Time"] = "%0.6f" % redis[:duration]
end
if sql = info[:sql]
headers["X-Sql-Calls"] = sql[:calls].to_s
headers["X-Sql-Time"] = "%0.6f" % sql[:duration]
end
if queue = env["REQUEST_QUEUE_SECONDS"]
headers["X-Queue-Time"] = "%0.6f" % queue
end
end
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 05:26:18 +08:00
end
FEATURE: detect when client thinks user is logged on but is not This cleans up an error condition where UI thinks a user is logged on but the user is not. If this happens user will be prompted to refresh.
2018-03-06 13:49:31 +08:00
if env[Auth::DefaultCurrentUserProvider::BAD_TOKEN] && (headers = result[1])
headers["Discourse-Logged-Out"] = "1"
end
Correctly track hijacked requests
2017-11-28 13:47:20 +08:00
result
ensure
FEATURE: limit assets less that non asset paths By default assets can be requested up to 200 times per 10 seconds from the app, this includes CSS and avatars
2018-03-06 12:20:39 +08:00
if (limiters = env["DISCOURSE_RATE_LIMITERS"]) && env["DISCOURSE_IS_ASSET_PATH"]
limiters.each(&:rollback!)
env["DISCOURSE_ASSET_RATE_LIMITERS"].each do |limiter|
begin
limiter.performed!
rescue RateLimiter::LimitExceeded
# skip
end
end
end
DEV: Seperate concerns of tracking GC stat from `MethodProfiler` (#22921) Why this change? This is a follow up to e8f7b62752a65e33aa1cee748fc966c4ad14b1ee. Tracking of GC stats didn't really belong in the `MethodProfiler` class so we want to extract that concern into its own class. As part of this PR, the `track_gc_stat_per_request` site setting has also been renamed to `instrument_gc_stat_per_request`.
2023-08-02 10:46:37 +08:00
if !env["discourse.request_tracker.skip"]
info.merge!(gc_stat_timing) if gc_stat_timing
log_request_info(env, result, info, request)
end
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
end
def log_later(data)
Scheduler::Defer.later("Track view") do
self.class.log_request(data) unless Discourse.pg_readonly_mode?
end
end
def find_auth_cookie(env)
min_allowed_timestamp = Time.now.to_i - (UserAuthToken::ROTATE_TIME_MINS + 1) * 60
cookie = Auth::DefaultCurrentUserProvider.find_v1_auth_cookie(env)
cookie if cookie && cookie[:issued_at] >= min_allowed_timestamp
Correctly track hijacked requests
2017-11-28 13:47:20 +08:00
end
FEATURE: global rate limiter can bypass local IPs
2018-01-08 05:39:17 +08:00
def is_private_ip?(ip)
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
ip = IPAddr.new(ip)
SECURITY: Fix is_private_ip for RateLimiter to cover all cases (#12464) The regular expression to detect private IP addresses did not always detect them successfully. Changed to use ruby's in-built IPAddr.new(ip_address).private? method instead which does the same thing but covers all cases.
2021-03-22 11:56:32 +08:00
!!(ip && (ip.private? || ip.loopback?))
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
rescue IPAddr::AddressFamilyError, IPAddr::InvalidAddressError
false
FEATURE: global rate limiter can bypass local IPs
2018-01-08 05:39:17 +08:00
end
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
def rate_limit(request, cookie)
warn =
GlobalSetting.max_reqs_per_ip_mode == "warn" ||
GlobalSetting.max_reqs_per_ip_mode == "warn+block"
block =
GlobalSetting.max_reqs_per_ip_mode == "block" ||
FEATURE: Shorten setting name to max_reqs So it is consistent with other settings
2018-01-22 10:18:30 +08:00
GlobalSetting.max_reqs_per_ip_mode == "warn+block"
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
return if !block && !warn
ip = request.ip
if !GlobalSetting.max_reqs_rate_limit_on_private
return if is_private_ip?(ip)
end
return if @@ip_skipper&.call(ip)
return if STATIC_IP_SKIPPER&.any? { |entry| entry.include?(ip) }
ip_or_id = ip
limit_on_id = false
if cookie && cookie[:user_id] && cookie[:trust_level] &&
cookie[:trust_level] >= GlobalSetting.skip_per_ip_rate_limit_trust_level
ip_or_id = cookie[:user_id]
limit_on_id = true
end
limiter10 =
RateLimiter.new(
nil,
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
"global_limit_10_#{ip_or_id}",
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
GlobalSetting.max_reqs_per_ip_per_10_seconds,
10,
global: !limit_on_id,
aggressive: true,
error_code: limit_on_id ? "id_10_secs_limit" : "ip_10_secs_limit",
FEATURE: optional default off global per ip rate limiter
2017-12-11 14:21:00 +08:00
)
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
limiter60 =
RateLimiter.new(
nil,
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
"global_limit_60_#{ip_or_id}",
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
GlobalSetting.max_reqs_per_ip_per_minute,
60,
global: !limit_on_id,
error_code: limit_on_id ? "id_60_secs_limit" : "ip_60_secs_limit",
aggressive: true,
)
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
limiter_assets10 =
RateLimiter.new(
nil,
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
"global_limit_10_assets_#{ip_or_id}",
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
GlobalSetting.max_asset_reqs_per_ip_per_10_seconds,
10,
error_code: limit_on_id ? "id_assets_10_secs_limit" : "ip_assets_10_secs_limit",
global: !limit_on_id,
)
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
request.env["DISCOURSE_RATE_LIMITERS"] = [limiter10, limiter60]
request.env["DISCOURSE_ASSET_RATE_LIMITERS"] = [limiter_assets10]
FEATURE: limit assets less that non asset paths By default assets can be requested up to 200 times per 10 seconds from the app, this includes CSS and avatars
2018-03-06 12:20:39 +08:00
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
if !limiter_assets10.can_perform?
if warn
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
limited_on = limit_on_id ? "user_id" : "ip"
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
Discourse.warn(
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
"Global asset rate limit exceeded for #{limited_on}: #{ip}: 10 second rate limit",
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
uri: request.env["REQUEST_URI"],
)
FEATURE: limit assets less that non asset paths By default assets can be requested up to 200 times per 10 seconds from the app, this includes CSS and avatars
2018-03-06 12:20:39 +08:00
end
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
if block
return [
limiter_assets10.seconds_to_wait(Time.now.to_i),
limiter_assets10.error_code,
limit_on_id
]
end
FEATURE: optional default off global per ip rate limiter
2017-12-11 14:21:00 +08:00
end
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
begin
type = 10
limiter10.performed!
type = 60
limiter60.performed!
nil
rescue RateLimiter::LimitExceeded => e
if warn
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
limited_on = limit_on_id ? "user_id" : "ip"
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
Discourse.warn(
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
"Global rate limit exceeded for #{limited_on}: #{ip}: #{type} second rate limit",
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
uri: request.env["REQUEST_URI"],
)
end
if block
FIX: Update global rate limiter keys/messages to clarify user vs ip (#25264)
2024-01-16 03:54:50 +08:00
[e.available_in, e.error_code, limit_on_id]
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) Currently, Discourse rate limits all incoming requests by the IP address they originate from regardless of the user making the request. This can be frustrating if there are multiple users using Discourse simultaneously while sharing the same IP address (e.g. employees in an office). This commit implements a new feature to make Discourse apply rate limits by user id rather than IP address for users at or higher than the configured trust level (1 is the default). For example, let's say a Discourse instance is configured to allow 200 requests per minute per IP address, and we have 10 users at trust level 4 using Discourse simultaneously from the same IP address. Before this feature, the 10 users could only make a total of 200 requests per minute before they got rate limited. But with the new feature, each user is allowed to make 200 requests per minute because the rate limits are applied on user id rather than the IP address. The minimum trust level for applying user-id-based rate limits can be configured by the `skip_per_ip_rate_limit_trust_level` global setting. The default is 1, but it can be changed by either adding the `DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the desired value to your `app.yml`, or changing the setting's value in the `discourse.conf` file. Requests made with API keys are still rate limited by IP address and the relevant global settings that control API keys rate limits. Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters string that Discourse used to lookup the current user from the database and the cookie contained no additional information about the user. However, we had to change the cookie content in this commit so we could identify the user from the cookie without making a database query before the rate limits logic and avoid introducing a bottleneck on busy sites. Besides the 32 characters auth token, the cookie now includes the user id, trust level and the cookie's generation date, and we encrypt/sign the cookie to prevent tampering. Internal ticket number: t54739.
2021-11-18 04:27:30 +08:00
else
nil
REFACTOR: Move the multisite middleware to the front Both request tracking and message bus rely on multisite before the middleware has run which is not ideal. Follow-up-to: ca1208a63669d4d4ad7452367008d40fa090f645
2020-03-30 19:01:06 +08:00
end
FIX: page tracking was not properly tracking transitions PERF: move closure to self contained method so env is released earlier.
2015-09-17 09:06:21 +08:00
end
end
FIX: Apply crawler rate limits to cached requests (#27174) This commit moves the logic for crawler rate limits out of the application controller and into the request tracker middleware. The reason for this move is to apply rate limits to all crawler requests instead of just the requests that make it to the application controller. Some requests are served early from the middleware stack without reaching the Rails app for performance reasons (e.g. `AnonymousCache`) which results in crawlers getting 200 responses even though they've reached their limits and should be getting 429 responses. Internal topic: t/128810.
2024-05-27 21:26:35 +08:00
def check_crawler_limits(env)
slow_down_agents = SiteSetting.slow_down_crawler_user_agents
return if slow_down_agents.blank?
DEV: Provide a safe agent in check_crawler_limits()
2024-06-11 18:51:20 +08:00
user_agent = HttpUserAgentEncoder.ensure_utf8(env["HTTP_USER_AGENT"])&.downcase
FIX: Apply crawler rate limits to cached requests (#27174) This commit moves the logic for crawler rate limits out of the application controller and into the request tracker middleware. The reason for this move is to apply rate limits to all crawler requests instead of just the requests that make it to the application controller. Some requests are served early from the middleware stack without reaching the Rails app for performance reasons (e.g. `AnonymousCache`) which results in crawlers getting 200 responses even though they've reached their limits and should be getting 429 responses. Internal topic: t/128810.
2024-05-27 21:26:35 +08:00
return if user_agent.blank?
return if !CrawlerDetection.crawler?(user_agent)
slow_down_agents
.downcase
.split("|")
.each do |crawler|
if user_agent.include?(crawler)
key = "#{crawler}_crawler_rate_limit"
limiter =
RateLimiter.new(nil, key, 1, SiteSetting.slow_down_crawler_rate, error_code: key)
limiter.performed!
break
end
end
nil
rescue RateLimiter::LimitExceeded => e
[e.available_in, e.error_code]
end
improve metrics gathered using in our traffic section this also pulls out the middleware into its own home and inserts in front
2015-02-05 13:08:52 +08:00
end
Reference in New Issue Copy Permalink