Resource access limit handler
The Access Handler is a web service that stores the Rules user creates. The Rules contains:
- pattern: It can be either an exact explicit url or a regex
- limit: Shows how many times an specific IP can request for an url matched the pattern
Sample rule be like:
{
"limit":"100/sec",
"isExactUrl":false,
"pattern":"/foo/.*",
"id":1
}
Also this web service recieves logs by the format of:
{
"url": "example.com/foo",
"IP": "1.1.1.1"
}
showing the which IP
requested for url
.
The goal is to check if an specific IP
requested more than limit time interval
for specific url
matched the patterns and inform by 429 Too Many Requests
HTTP status.
Let's test how it works step by step:
NOTE: the $URL
is url of web service.
- Create a rule by CREATE rule API and set the
limit to a value like
2/min
, like:
curl -X CREATE -H "Content-Type: application/json" --data '{"pattern": "example.com/foo/.*", "limit": "2/min"}' -i -- "$URL/apiv1/rules"
- Try to post log by POST log API
for more than
2
times in less1
minute. The web service must respond you with200 OK
status for2
first times, and429 Too Many Requests
for more than2
times of request. Your request should be like below:
curl -X POST -H "Content-Type: application/json" --data '{"url": "example.com/foo/bar", "IP": "1.1.1.1"}' -i -- "$URL/apiv1/logs?"
What we did was creating a rule that shows an specific IP: 1.1.1.1
can view the
url: example.com/foo/bar
at most for 2
times per minute because this url
matched with created rule pattern: /foo/.*
.
sudo apt-get install libass-dev libpq-dev postgresql \
build-essential redis-server redis-tools
NOTE: Highly recommended to use virtual environment
. There are some pip
packages for this purpose. But I offer you using virtualenvwrapper
package.
You can install by 'pip install' and use https by the following way:
pip install git+https://github.com/shayan-7/accesshandler.git
Or you can use SSH:
pip install [email protected]:shayan-7/accesshandler.git
So, your changes will affect instantly on the installed version
cd /path/to/workspace
git clone [email protected]:shayan-7/accesshandler.git
cd accesshandler
pip install -e .
Accesshandler is zero configuration application and there is no extra
configuration file needed, but if you want to have your own
configuration file, you can make a accesshandler.yml
in the following
path: ~/.config/accesshandler.yml
such as following format:
db:
url: postgresql://postgres:postgres@localhost/accesshandler_dev
test_url: postgresql://postgres:postgres@localhost/accesshandler_test
administrative_url: postgresql://postgres:postgres@localhost/postgres
accesshandler db create --drop --mockup
accesshandler [-c path/to/config.yml] db drop
accesshandler [-c path/to/config.yml] db create
Or, you can add --drop
to drop the previously created database: TAKE CARE ABOUT USING THAT
accesshandler [-c path/to/config.yml] db create --drop
accesshandler [-c path/to/config.yml] db schema
To check all tests passing and 100% coverage run the following command:
pip install -r requirements-ci.txt
pytest --cov=accesshandler
Then all the tested APIs generated in <path/to/accesshandler>/data/markdown
by Markdown format.
- Gunicorn
$ ./gunicorn
Check out API.md for list of APIs and sample responses.