You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Each policy under RateLimiterOptions:Policies may now set its own
StatusCode and/or StatusMessage; the top-level values become global
defaults that a policy inherits when it omits either field. The
override is resolved at rejection time from the endpoint's policy name
(EnableRateLimitingAttribute), since the framework exposes only a single
global OnRejected/RejectionStatusCode. Fully backward compatible.
Also ships a ready-to-use disabled login_throttle default policy
(10/min per client IP with its own rejection message).
Copy file name to clipboardExpand all lines: NpgsqlRestClient/ConfigSchemaGenerator.cs
+4Lines changed: 4 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -273,9 +273,13 @@ public static partial class ConfigSchemaGenerator
273
273
["ValidationOptions"]="Parameter validation options for validating endpoint parameters before database execution.\nValidation rules can be referenced in comment annotations using \"validate _param using rule_name\" syntax.",
274
274
["ValidationOptions:Rules"]="Named validation rules that can be referenced in comment annotations.\nDefault rules: not_null, not_empty, required, email\n\nEach rule can have:\n- Type: NotNull, NotEmpty, Required, Regex, MinLength, MaxLength\n- Pattern: Regular expression pattern for Regex type\n- MinLength: Minimum length for MinLength type\n- MaxLength: Maximum length for MaxLength type\n- Message: Error message with placeholders {0}=original name, {1}=converted name, {2}=rule name\n- StatusCode: HTTP status code to return (default: 400)",
275
275
["RateLimiterOptions"]="Rate Limiter settings to limit the number of requests from clients.",
276
+
["RateLimiterOptions:StatusCode"]="Global HTTP status code returned for rejected (rate-limited) requests. Default 429. Individual policies may override this via `RateLimiterOptions:Policies:<name>:StatusCode`.",
277
+
["RateLimiterOptions:StatusMessage"]="Global response body text returned for rejected (rate-limited) requests. When empty, the rejection has an empty body. Individual policies may override this via `RateLimiterOptions:Policies:<name>:StatusMessage`.",
276
278
["RateLimiterOptions:Policies"]="Named rate-limiter policies. The object key is the policy name (referenced from endpoints via the `rate_limiter_policy <name>` comment annotation, or used as `DefaultPolicy`). Each entry has a `Type` and type-specific tuning fields. Set `Enabled: true` per policy to register it at startup.",
277
279
["RateLimiterOptions:Policies:Type"]="Rate-limiter algorithm:\n- FixedWindow: see https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit#fixed\n- SlidingWindow: see https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit#sliding-window-limiter\n- TokenBucket: see https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit#token-bucket-limiter\n- Concurrency: see https://learn.microsoft.com/en-us/aspnet/core/performance/rate-limit#concurrency-limiter",
278
280
["RateLimiterOptions:Policies:Enabled"]="Set to true to register this policy at startup. Disabled policies are skipped.",
281
+
["RateLimiterOptions:Policies:StatusCode"]="Optional per-policy override of the rejection HTTP status code. When set, requests rejected by this policy return this code instead of the global `RateLimiterOptions:StatusCode`. Omit to inherit the global value.",
282
+
["RateLimiterOptions:Policies:StatusMessage"]="Optional per-policy override of the rejection response body. When set, requests rejected by this policy return this text instead of the global `RateLimiterOptions:StatusMessage`. Omit to inherit the global value.",
279
283
["RateLimiterOptions:Policies:Partition"]="Optional partitioning. When set, each request resolves a partition key (per-user via claim, per-IP, per-header, or static fallback) and gets its own rate-limit bucket. Without this, all requests under this policy share a single global bucket. Combine `Sources` (ordered list of key sources) with optional `BypassAuthenticated` (true → authenticated users skip rate limiting entirely).",
280
284
["RateLimiterOptions:Policies:Partition:Sources"]="Ordered list of partition-key sources. Walked top-to-bottom at request time; the first source returning a non-empty key wins. If no source matches, the fallback key `unpartitioned` is used. Each source has a `Type` (Claim, IpAddress, Header, Static) and source-dependent `Name` or `Value`.",
281
285
["RateLimiterOptions:Policies:Partition:Sources:Type"]="Source of the partition key:\n- Claim: read `User.FindFirst(Name)?.Value` (Name = claim type)\n- IpAddress: read the client IP via `Request.GetClientIpAddress()` — honors `X-Forwarded-For`, `X-Real-IP`, etc. before falling back to `Connection.RemoteIpAddress`\n- Header: read `Request.Headers[Name]` (Name = header name)\n- Static: always returns `Value` (use as a terminal fallback)",
0 commit comments