Skip to content

Commit a14c3f2

Browse files
tricky42ory-bot
tricky42
authored and
ory-bot
committed
feat: add ratelimit buckets to swagger definitions
GitOrigin-RevId: 854dea8de34fc0402fbe1641af7f076f977cbcbc
1 parent 828b019 commit a14c3f2

17 files changed

Lines changed: 371 additions & 106 deletions

File tree

courier/handler.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,9 @@ type ListCourierMessagesParameters struct {
110110
// 200: listCourierMessages
111111
// 400: errorGeneric
112112
// default: errorGeneric
113+
//
114+
// Extensions:
115+
// x-ory-ratelimit-bucket: kratos-admin-high
113116
func (h *Handler) listCourierMessages(w http.ResponseWriter, r *http.Request) {
114117
keys := h.r.Config().SecretsPagination(r.Context())
115118
filter, paginator, err := parseMessagesFilter(r, keys)
@@ -190,6 +193,9 @@ type getCourierMessage struct {
190193
// 200: message
191194
// 400: errorGeneric
192195
// default: errorGeneric
196+
//
197+
// Extensions:
198+
// x-ory-ratelimit-bucket: kratos-admin-medium
193199
func (h *Handler) getCourierMessage(w http.ResponseWriter, r *http.Request) {
194200
msgID, err := uuid.FromString(r.PathValue("msgID"))
195201
if err != nil {

identity/handler.go

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,9 @@ func parseListIdentitiesParameters(r *http.Request) (params ListIdentityParamete
260260
// Responses:
261261
// 200: listIdentities
262262
// default: errorGeneric
263+
//
264+
// Extensions:
265+
// x-ory-ratelimit-bucket: kratos-admin-medium
263266
func (h *Handler) list(w http.ResponseWriter, r *http.Request) {
264267
params, err := parseListIdentitiesParameters(r)
265268
if err != nil {
@@ -372,6 +375,9 @@ type getIdentityByExternalID struct {
372375
// 200: identity
373376
// 404: errorGeneric
374377
// default: errorGeneric
378+
//
379+
// Extensions:
380+
// x-ory-ratelimit-bucket: kratos-admin-low
375381
func (h *Handler) get(w http.ResponseWriter, r *http.Request) {
376382
i, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(r.Context(), x.ParseUUID(r.PathValue("id")))
377383
if err != nil {
@@ -421,6 +427,9 @@ func (h *Handler) get(w http.ResponseWriter, r *http.Request) {
421427
// 200: identity
422428
// 404: errorGeneric
423429
// default: errorGeneric
430+
//
431+
// Extensions:
432+
// x-ory-ratelimit-bucket: kratos-admin-medium
424433
func (h *Handler) getByExternalID(w http.ResponseWriter, r *http.Request) {
425434
externalID := r.PathValue("externalID")
426435
if externalID == "" {
@@ -655,6 +664,9 @@ type AdminCreateIdentityImportCredentialsSAMLProvider struct {
655664
// 400: errorGeneric
656665
// 409: errorGeneric
657666
// default: errorGeneric
667+
//
668+
// Extensions:
669+
// x-ory-ratelimit-bucket: kratos-admin-high
658670
func (h *Handler) create(w http.ResponseWriter, r *http.Request) {
659671
var cr CreateIdentityBody
660672
if err := jsonx.NewStrictDecoder(r.Body).Decode(&cr); err != nil {
@@ -767,6 +779,9 @@ func (h *Handler) identityFromCreateIdentityBody(ctx context.Context, cr *Create
767779
// 400: errorGeneric
768780
// 409: errorGeneric
769781
// default: errorGeneric
782+
//
783+
// Extensions:
784+
// x-ory-ratelimit-bucket: kratos-admin-high
770785
func (h *Handler) batchPatchIdentities(w http.ResponseWriter, r *http.Request) {
771786
var (
772787
req BatchPatchIdentitiesBody
@@ -931,6 +946,9 @@ type UpdateIdentityBody struct {
931946
// 404: errorGeneric
932947
// 409: errorGeneric
933948
// default: errorGeneric
949+
//
950+
// Extensions:
951+
// x-ory-ratelimit-bucket: kratos-admin-high
934952
func (h *Handler) update(w http.ResponseWriter, r *http.Request) {
935953
var ur UpdateIdentityBody
936954
if err := decoderx.Decode(r, &ur,
@@ -1020,6 +1038,9 @@ type deleteIdentity struct {
10201038
// 204: emptyResponse
10211039
// 404: errorGeneric
10221040
// default: errorGeneric
1041+
//
1042+
// Extensions:
1043+
// x-ory-ratelimit-bucket: kratos-admin-high
10231044
func (h *Handler) delete(w http.ResponseWriter, r *http.Request) {
10241045
if err := h.r.PrivilegedIdentityPool().DeleteIdentity(r.Context(), x.ParseUUID(r.PathValue("id"))); err != nil {
10251046
h.r.Writer().WriteError(w, r, err)
@@ -1070,6 +1091,9 @@ type patchIdentity struct {
10701091
// 404: errorGeneric
10711092
// 409: errorGeneric
10721093
// default: errorGeneric
1094+
//
1095+
// Extensions:
1096+
// x-ory-ratelimit-bucket: kratos-admin-high
10731097
func (h *Handler) patch(w http.ResponseWriter, r *http.Request) {
10741098
requestBody, err := io.ReadAll(r.Body)
10751099
if err != nil {
@@ -1176,6 +1200,9 @@ type _ struct {
11761200
// 204: emptyResponse
11771201
// 404: errorGeneric
11781202
// default: errorGeneric
1203+
//
1204+
// Extensions:
1205+
// x-ory-ratelimit-bucket: kratos-admin-high
11791206
func (h *Handler) deleteIdentityCredentials(w http.ResponseWriter, r *http.Request) {
11801207
ctx := r.Context()
11811208
identity, err := h.r.PrivilegedIdentityPool().GetIdentityConfidential(ctx, x.ParseUUID(r.PathValue("id")))

schema/handler.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,9 @@ type _ struct {
105105
// 200: identitySchema
106106
// 404: errorGeneric
107107
// default: errorGeneric
108+
//
109+
// Extensions:
110+
// x-ory-ratelimit-bucket: kratos-admin-medium
108111
func (h *Handler) getIdentitySchema(w http.ResponseWriter, r *http.Request) {
109112
ctx, span := h.r.Tracer(r.Context()).Tracer().Start(r.Context(), "schema.Handler.getIdentitySchema")
110113
defer span.End()
@@ -188,6 +191,9 @@ type _ struct {
188191
// Responses:
189192
// 200: identitySchemas
190193
// default: errorGeneric
194+
//
195+
// Extensions:
196+
// x-ory-ratelimit-bucket: kratos-admin-medium
191197
func (h *Handler) getAll(w http.ResponseWriter, r *http.Request) {
192198
ctx, span := h.r.Tracer(r.Context()).Tracer().Start(r.Context(), "schema.Handler.getAll")
193199
defer span.End()

selfservice/errorx/handler.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,9 @@ type getFlowError struct {
8989
// 403: errorGeneric
9090
// 404: errorGeneric
9191
// 500: errorGeneric
92+
//
93+
// Extensions:
94+
// x-ory-ratelimit-bucket: kratos-public-low
9295
func (h *Handler) publicFetchError(w http.ResponseWriter, r *http.Request) {
9396
if err := h.fetchError(w, r); err != nil {
9497
h.r.Writer().WriteError(w, r, err)

selfservice/flow/login/handler.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -423,6 +423,9 @@ type createNativeLoginFlow struct {
423423
// 200: loginFlow
424424
// 400: errorGeneric
425425
// default: errorGeneric
426+
//
427+
// Extensions:
428+
// x-ory-ratelimit-bucket: kratos-public-medium
426429
func (h *Handler) createNativeLoginFlow(w http.ResponseWriter, r *http.Request) {
427430
var err error
428431
ctx, span := h.d.Tracer(r.Context()).Tracer().Start(r.Context(), "selfservice.flow.login.createNativeLoginFlow")
@@ -550,6 +553,9 @@ type createBrowserLoginFlow struct {
550553
// 303: emptyResponse
551554
// 400: errorGeneric
552555
// default: errorGeneric
556+
//
557+
// Extensions:
558+
// x-ory-ratelimit-bucket: kratos-public-medium
553559
func (h *Handler) createBrowserLoginFlow(w http.ResponseWriter, r *http.Request) {
554560
var err error
555561
ctx, span := h.d.Tracer(r.Context()).Tracer().Start(r.Context(), "selfservice.flow.login.createBrowserLoginFlow")
@@ -705,6 +711,9 @@ type getLoginFlow struct {
705711
// 404: errorGeneric
706712
// 410: errorGeneric
707713
// default: errorGeneric
714+
//
715+
// Extensions:
716+
// x-ory-ratelimit-bucket: kratos-public-low
708717
func (h *Handler) getLoginFlow(w http.ResponseWriter, r *http.Request) {
709718
var err error
710719
ctx, span := h.d.Tracer(r.Context()).Tracer().Start(r.Context(), "selfservice.flow.login.getLoginFlow")
@@ -847,6 +856,9 @@ type updateLoginFlowBody struct{}
847856
// 410: errorGeneric
848857
// 422: errorBrowserLocationChangeRequired
849858
// default: errorGeneric
859+
//
860+
// Extensions:
861+
// x-ory-ratelimit-bucket: kratos-public-high
850862
func (h *Handler) updateLoginFlow(w http.ResponseWriter, r *http.Request) {
851863
var err error
852864
ctx, span := h.d.Tracer(r.Context()).Tracer().Start(r.Context(), "selfservice.flow.login.updateLoginFlow")

selfservice/flow/logout/handler.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,9 @@ type createBrowserLogoutFlow struct {
133133
// 400: errorGeneric
134134
// 401: errorGeneric
135135
// 500: errorGeneric
136+
//
137+
// Extensions:
138+
// x-ory-ratelimit-bucket: kratos-public-medium
136139
func (h *Handler) createBrowserLogoutFlow(w http.ResponseWriter, r *http.Request) {
137140
sess, err := h.d.SessionManager().FetchFromRequest(r.Context(), r)
138141
if err != nil {
@@ -224,6 +227,9 @@ type performNativeLogoutBody struct {
224227
// 204: emptyResponse
225228
// 400: errorGeneric
226229
// default: errorGeneric
230+
//
231+
// Extensions:
232+
// x-ory-ratelimit-bucket: kratos-public-medium
227233
func (h *Handler) performNativeLogout(w http.ResponseWriter, r *http.Request) {
228234
var p performNativeLogoutBody
229235
if err := decoderx.Decode(r, &p,
@@ -315,6 +321,9 @@ type updateLogoutFlow struct {
315321
// 303: emptyResponse
316322
// 204: emptyResponse
317323
// default: errorGeneric
324+
//
325+
// Extensions:
326+
// x-ory-ratelimit-bucket: kratos-public-low
318327
func (h *Handler) updateLogoutFlow(w http.ResponseWriter, r *http.Request) {
319328
expected := r.URL.Query().Get("token")
320329
if len(expected) == 0 {

selfservice/flow/recovery/handler.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,9 @@ func (h *Handler) RegisterAdminRoutes(admin *httprouterx.RouterAdmin) {
114114
// 200: recoveryFlow
115115
// 400: errorGeneric
116116
// default: errorGeneric
117+
//
118+
// Extensions:
119+
// x-ory-ratelimit-bucket: kratos-public-medium
117120
func (h *Handler) createNativeRecoveryFlow(w http.ResponseWriter, r *http.Request) {
118121
if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) {
119122
h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled.")))
@@ -179,6 +182,9 @@ type createBrowserRecoveryFlow struct {
179182
// 303: emptyResponse
180183
// 400: errorGeneric
181184
// default: errorGeneric
185+
//
186+
// Extensions:
187+
// x-ory-ratelimit-bucket: kratos-public-medium
182188
func (h *Handler) createBrowserRecoveryFlow(w http.ResponseWriter, r *http.Request) {
183189
if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) {
184190
h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled.")))
@@ -269,6 +275,9 @@ type getRecoveryFlow struct {
269275
// 404: errorGeneric
270276
// 410: errorGeneric
271277
// default: errorGeneric
278+
//
279+
// Extensions:
280+
// x-ory-ratelimit-bucket: kratos-public-low
272281
func (h *Handler) getRecoveryFlow(w http.ResponseWriter, r *http.Request) {
273282
if !h.d.Config().SelfServiceFlowRecoveryEnabled(r.Context()) {
274283
h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Recovery is not allowed because it was disabled.")))
@@ -394,6 +403,9 @@ type updateRecoveryFlowBody struct{}
394403
// 410: errorGeneric
395404
// 422: errorBrowserLocationChangeRequired
396405
// default: errorGeneric
406+
//
407+
// Extensions:
408+
// x-ory-ratelimit-bucket: kratos-public-high
397409
func (h *Handler) updateRecoveryFlow(w http.ResponseWriter, r *http.Request) {
398410
rid, err := flow.GetFlowID(r)
399411
if err != nil {

selfservice/flow/registration/handler.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -224,6 +224,9 @@ func (h *Handler) FromOldFlow(w http.ResponseWriter, r *http.Request, of Flow) (
224224
// 200: registrationFlow
225225
// 400: errorGeneric
226226
// default: errorGeneric
227+
//
228+
// Extensions:
229+
// x-ory-ratelimit-bucket: kratos-public-medium
227230
func (h *Handler) createNativeRegistrationFlow(w http.ResponseWriter, r *http.Request) {
228231
a, err := h.NewRegistrationFlow(w, r, flow.TypeAPI)
229232
if err != nil {
@@ -348,6 +351,9 @@ type createBrowserRegistrationFlow struct {
348351
// 200: registrationFlow
349352
// 303: emptyResponse
350353
// default: errorGeneric
354+
//
355+
// Extensions:
356+
// x-ory-ratelimit-bucket: kratos-public-medium
351357
func (h *Handler) createBrowserRegistrationFlow(w http.ResponseWriter, r *http.Request) {
352358
ctx := r.Context()
353359

@@ -513,6 +519,9 @@ type getRegistrationFlow struct {
513519
// 404: errorGeneric
514520
// 410: errorGeneric
515521
// default: errorGeneric
522+
//
523+
// Extensions:
524+
// x-ory-ratelimit-bucket: kratos-public-low
516525
func (h *Handler) getRegistrationFlow(w http.ResponseWriter, r *http.Request) {
517526
if !h.d.Config().SelfServiceFlowRegistrationEnabled(r.Context()) {
518527
h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(ErrRegistrationDisabled))
@@ -650,6 +659,9 @@ type updateRegistrationFlowBody struct{}
650659
// 410: errorGeneric
651660
// 422: errorBrowserLocationChangeRequired
652661
// default: errorGeneric
662+
//
663+
// Extensions:
664+
// x-ory-ratelimit-bucket: kratos-public-high
653665
func (h *Handler) updateRegistrationFlow(w http.ResponseWriter, r *http.Request) {
654666
ctx := r.Context()
655667
ctx = semconv.ContextWithAttributes(ctx,

selfservice/flow/settings/handler.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -219,6 +219,9 @@ type createNativeSettingsFlow struct {
219219
// 200: settingsFlow
220220
// 400: errorGeneric
221221
// default: errorGeneric
222+
//
223+
// Extensions:
224+
// x-ory-ratelimit-bucket: kratos-public-medium
222225
func (h *Handler) createNativeSettingsFlow(w http.ResponseWriter, r *http.Request) {
223226
ctx := r.Context()
224227
s, err := h.d.SessionManager().FetchFromRequestContext(ctx, r)
@@ -303,6 +306,9 @@ type createBrowserSettingsFlow struct {
303306
// 401: errorGeneric
304307
// 403: errorGeneric
305308
// default: errorGeneric
309+
//
310+
// Extensions:
311+
// x-ory-ratelimit-bucket: kratos-public-medium
306312
func (h *Handler) createBrowserSettingsFlow(w http.ResponseWriter, r *http.Request) {
307313
ctx := r.Context()
308314
s, err := h.d.SessionManager().FetchFromRequestContext(ctx, r)
@@ -402,6 +408,9 @@ type getSettingsFlow struct {
402408
// 404: errorGeneric
403409
// 410: errorGeneric
404410
// default: errorGeneric
411+
//
412+
// Extensions:
413+
// x-ory-ratelimit-bucket: kratos-public-low
405414
func (h *Handler) getSettingsFlow(w http.ResponseWriter, r *http.Request) {
406415
ctx := r.Context()
407416
rid := x.ParseUUID(r.URL.Query().Get("id"))
@@ -564,6 +573,9 @@ type updateSettingsFlowBody struct{}
564573
// 410: errorGeneric
565574
// 422: errorBrowserLocationChangeRequired
566575
// default: errorGeneric
576+
//
577+
// Extensions:
578+
// x-ory-ratelimit-bucket: kratos-public-high
567579
func (h *Handler) updateSettingsFlow(w http.ResponseWriter, r *http.Request) {
568580
var (
569581
err error

selfservice/flow/verification/handler.go

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,9 @@ type createNativeVerificationFlow struct {
157157
// 200: verificationFlow
158158
// 400: errorGeneric
159159
// default: errorGeneric
160+
//
161+
// Extensions:
162+
// x-ory-ratelimit-bucket: kratos-public-medium
160163
func (h *Handler) createNativeVerificationFlow(w http.ResponseWriter, r *http.Request) {
161164
if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) {
162165
h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled.")))
@@ -204,6 +207,9 @@ type createBrowserVerificationFlow struct {
204207
// 200: verificationFlow
205208
// 303: emptyResponse
206209
// default: errorGeneric
210+
//
211+
// Extensions:
212+
// x-ory-ratelimit-bucket: kratos-public-medium
207213
func (h *Handler) createBrowserVerificationFlow(w http.ResponseWriter, r *http.Request) {
208214
if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) {
209215
h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled.")))
@@ -279,6 +285,9 @@ type getVerificationFlow struct {
279285
// 403: errorGeneric
280286
// 404: errorGeneric
281287
// default: errorGeneric
288+
//
289+
// Extensions:
290+
// x-ory-ratelimit-bucket: kratos-public-low
282291
func (h *Handler) getVerificationFlow(w http.ResponseWriter, r *http.Request) {
283292
if !h.d.Config().SelfServiceFlowVerificationEnabled(r.Context()) {
284293
h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, errors.WithStack(herodot.ErrBadRequest.WithReasonf("Verification is not allowed because it was disabled.")))
@@ -403,6 +412,9 @@ type updateVerificationFlowBody struct{}
403412
// 400: verificationFlow
404413
// 410: errorGeneric
405414
// default: errorGeneric
415+
//
416+
// Extensions:
417+
// x-ory-ratelimit-bucket: kratos-public-high
406418
func (h *Handler) updateVerificationFlow(w http.ResponseWriter, r *http.Request) {
407419
rid, err := flow.GetFlowID(r)
408420
if err != nil {

0 commit comments

Comments
 (0)