Add basic IP-based rate-limit support, closes #59

Author: yamalight

README.md

@@ -17,6 +17,7 @@ Exoframe is a self-hosted tool that allows simple one-command deployments using
 - Deploy tokens (e.g. to deploy from CI)
 - Automated HTTPS setup via letsencrypt \*
 - Automated gzip compression \*
+- Rate-limit support \*
 - Simple access to the logs of deployments
 - Docker-compose support
 - Multiple deployment endpoints and multi-user support

docs/Advanced.md

@@ -22,3 +22,30 @@ Here's a few examples of basic use cases:
 | `domain.com;PathStrip:/products/` | `service/`          | Match exact path and strip off the path prior to forwarding the request |
 
 For more info and options see the aforementioned [Traefik frontend matchers](https://docs.traefik.io/basics/#matchers) docs.
+
+## Rate limiting
+
+Exoframe allows you to enable basic IP-based rate-limiting integrated into Traefik.  
+To do that, simply specify the following fields in the project config file:
+
+```json
+{
+  // adding this object will enable IP-based rate-limiting
+  "rate-limit": {
+    // time period to be considered for request limits
+    // defaults to "1s" if not specified
+    "period": "3s",
+    // average request rate over given time period
+    // defaults to 1 if not specified
+    "average": 5,
+    // maximal burst request rate over given time period
+    // defaults to 5 if not specified
+    "burst": 10
+  }
+}
+```
+
+This will define how many requests (`average`) over given time (`period`) can be performed from one IP address.
+For the example above - an average of 5 requests every 3 seconds is allowed with busts of up to 10 requests.
+
+For more information, see [Traefik rate-limiting docs](https://docs.traefik.io/configuration/commons/#rate-limiting).

docs/Basics.md

@@ -98,6 +98,16 @@ Config file has the following structure:
   "labels": {
     "my.custom.label": "value"
   },
+  // rate-limit config
+  // see "advanced topics" for more info
+  "rate-limit": {
+    // rate-limit time period
+    "period": "1s",
+    // request rate over given time period
+    "average": 1,
+    // max burst request rate over given time period
+    "burst": 5,
+  },
   // template to be used for project deployment
   // undefined by default, detected by server based on file structure
   "template": "my-template"

src/commands/config.js

@@ -23,6 +23,11 @@ exports.handler = async () => {
     labels: undefined,
     hostname: '',
     template: '',
+    rateLimit: {
+      period: '1s',
+      average: 1,
+      burst: 5,
+    },
   };
   try {
     fs.statSync(configPath);
@@ -86,6 +91,36 @@ exports.handler = async () => {
       : '',
     filter,
   });
+  prompts.push({
+    type: 'confirm',
+    name: 'enableRatelimit',
+    message: 'Enable rate-limit? [optional]',
+    default: !!defaultConfig.rateLimit,
+  });
+  prompts.push({
+    type: 'input',
+    name: 'ratelimitPeriod',
+    message: 'Rate-limit period (in seconds)',
+    default: defaultConfig.rateLimit ? defaultConfig.rateLimit.period.replace('s', '') : '1',
+    filter: val => `${val.trim()}s`,
+    when: ({enableRatelimit}) => enableRatelimit,
+  });
+  prompts.push({
+    type: 'input',
+    name: 'ratelimitAverage',
+    message: 'Rate-limit average request rate',
+    default: defaultConfig.rateLimit ? defaultConfig.rateLimit.average : '1',
+    filter: val => Number(val.trim()),
+    when: ({enableRatelimit}) => enableRatelimit,
+  });
+  prompts.push({
+    type: 'input',
+    name: 'ratelimitBurst',
+    message: 'Rate-limit burst request rate',
+    default: defaultConfig.rateLimit ? defaultConfig.rateLimit.burst : '5',
+    filter: val => Number(val.trim()),
+    when: ({enableRatelimit}) => enableRatelimit,
+  });
   prompts.push({
     type: 'input',
     name: 'hostname',
@@ -108,7 +143,20 @@ exports.handler = async () => {
     filter,
   });
   // get values from user
-  const {name, domain, project, env, labels, hostname, restart, template} = await inquirer.prompt(prompts);
+  const {
+    name,
+    domain,
+    project,
+    env,
+    labels,
+    enableRatelimit,
+    ratelimitPeriod,
+    ratelimitAverage,
+    ratelimitBurst,
+    hostname,
+    restart,
+    template,
+  } = await inquirer.prompt(prompts);
   // init config object
   const config = {name, restart};
   if (domain && domain.length) {
@@ -131,6 +179,13 @@ exports.handler = async () => {
       .map(pair => ({key: pair[0].trim(), value: pair[1].trim()}))
       .reduce((prev, obj) => Object.assign(prev, {[obj.key]: obj.value}), {});
   }
+  if (enableRatelimit) {
+    config.rateLimit = {
+      period: ratelimitPeriod,
+      average: ratelimitAverage,
+      burst: ratelimitBurst,
+    };
+  }
   if (hostname && hostname.length) {
     config.hostname = hostname;
   }

test/config.test.js

@@ -21,6 +21,10 @@ const configData = {
   hostname: 'host',
   restart: 'no',
   template: 'static',
+  enableRatelimit: true,
+  ratelimitPeriod: 10,
+  ratelimitAverage: 20,
+  ratelimitBurst: 30,
 };
 const configPath = path.join(process.cwd(), 'exoframe.json');
 
@@ -55,6 +59,11 @@ test('Should generate config file', done => {
     expect(cfg.labels.label).toEqual('1');
     expect(cfg.labels.other).toEqual('2');
     expect(cfg.template).toEqual(configData.template);
+    expect(cfg.rateLimit).toEqual({
+      period: configData.ratelimitPeriod,
+      average: configData.ratelimitAverage,
+      burst: configData.ratelimitBurst,
+    });
     // restore inquirer
     inquirer.prompt.restore();
     // restore console