-
-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathRateLimitPartitionConfig.cs
More file actions
67 lines (61 loc) · 2.99 KB
/
Copy pathRateLimitPartitionConfig.cs
File metadata and controls
67 lines (61 loc) · 2.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
namespace NpgsqlRestClient;
/// <summary>
/// Per-policy partitioning configuration. When set on a rate-limiter policy, each request resolves a partition
/// key and gets its own rate-limit bucket — typical pattern is "one bucket per user" or "one bucket per IP".
///
/// Without partitioning (the default), all requests hitting a named policy share a single global bucket.
/// </summary>
public class RateLimitPartitionConfig
{
/// <summary>
/// Ordered list of sources. Walked top-to-bottom at request time; the first source returning a non-empty
/// key wins. If no source matches, a fixed fallback key (<c>"unpartitioned"</c>) is used so the policy
/// still rate-limits coherently.
/// </summary>
public RateLimitPartitionSource[] Sources { get; set; } = [];
/// <summary>
/// When true, requests from authenticated users (<c>HttpContext.User.Identity.IsAuthenticated</c>) bypass
/// rate limiting entirely (the policy returns no-limiter for that request). Useful for "anonymous users
/// get throttled, signed-in users don't" patterns. Default false.
///
/// Evaluated BEFORE <see cref="Sources"/> — if this is true and the user is authenticated, sources are
/// not consulted at all.
/// </summary>
public bool BypassAuthenticated { get; set; } = false;
}
/// <summary>
/// One entry in <see cref="RateLimitPartitionConfig.Sources"/>. Each source describes how to derive a
/// partition key string from the current request.
/// </summary>
public class RateLimitPartitionSource
{
/// <summary>What this source reads from the request to produce a key.</summary>
public RateLimitPartitionSourceType Type { get; set; }
/// <summary>
/// For <see cref="RateLimitPartitionSourceType.Claim"/>: the claim type (e.g. <c>"name_identifier"</c>).
/// For <see cref="RateLimitPartitionSourceType.Header"/>: the header name.
/// Ignored for IpAddress and Static.
/// </summary>
public string? Name { get; set; }
/// <summary>
/// For <see cref="RateLimitPartitionSourceType.Static"/>: the literal key value (terminal fallback).
/// Ignored for other source types.
/// </summary>
public string? Value { get; set; }
}
public enum RateLimitPartitionSourceType
{
/// <summary>Resolve from <c>HttpContext.User.FindFirst(Name)?.Value</c>. Returns null if claim missing.</summary>
Claim,
/// <summary>
/// Resolve from the client IP via <c>HttpRequest.GetClientIpAddress()</c>: checks
/// <c>X-Forwarded-For</c> (leftmost address) first, then <c>X-Real-IP</c> /
/// <c>HTTP_X_FORWARDED_FOR</c> / <c>REMOTE_ADDR</c>, finally falling back to
/// <c>Connection.RemoteIpAddress</c>. Returns null if no source yields a value.
/// </summary>
IpAddress,
/// <summary>Resolve from <c>HttpContext.Request.Headers[Name]</c>. Returns null if header missing.</summary>
Header,
/// <summary>Always returns the configured <see cref="RateLimitPartitionSource.Value"/>. Use as a terminal fallback.</summary>
Static,
}