I just want to check how rate limiting works and got this strange behaviour. I’m using the CE edition
Case 1. API level Global Rate limit - It is working as expected
Case 2. Per Key Per API Rate Limiting - In this case Rate limiting does not even work
Here is how my config looks like
I have a goplugin serving from file system which does Authentication and it sets SessionState to context after validation of key
Here is how my go plugin looks like
func getSession(key string) *user.SessionState {
now := time.Now()
extractorDeadline := time.Now().Add(time.Second * 5).Unix()
return &user.SessionState{
OrgID: "default",
DateCreated: now,
LastUpdated: now.String(),
IdExtractorDeadline: extractorDeadline,
ApplyPolicyID: "test-policy",
ApplyPolicies: []string{"test-policy"},
MetaData: map[string]interface{}{
"token": key,
},
}
}
func HttpCustomAuth(w http.ResponseWriter, r *http.Request) {
key := r.Header.Get(authorizationHeader)
// some validation
ctx.SetSession(r, getSession(key), key, true)
}
Here is my test policy json file
{
"test-policy": {
"access_rights": {
"gop-1": {
"allowed_urls": [],
"api_id": "gop-1",
"api_name": "Tyk Test API (Plain) 2",
"versions": [
"Default",
""
]
},
"pln-1": {
"allowed_urls": null,
"api_id": "pln-1",
"versions": [
"Default"
],
"limit": {
"rate": 3,
"per": 60
}
}
},
"active": true,
"name": "test policy",
"rate": 5,
"per": 60,
"quota_max": -1,
"quota_renewal_rate": 3600,
"state": "active",
"org_id": "default",
"tags": []
}
}
Here is my api definition
{
"name": "Tyk Test API (Go plugin)",
"api_id": "gop-1",
"org_id": "default",
"allowed_ips": [],
"enable_ip_whitelisting": false,
"definition": {
"location": "header",
"key": "x-api-version"
},
"auth": {
"auth_header_name": "Authorization"
},
"use_keyless": false,
"use_go_plugin_auth": true,
"disable_quota": true,
"version_data": {
"not_versioned": true,
"versions": {
"Default": {
"name": "Default",
"expires": "",
"use_extended_paths": true,
"extended_paths": {
"ignored": [],
"white_list": [],
"black_list": [],
"circuit_breakers": [
{
"path": "/*",
"method": "GET",
"threshold_percent": 0.1,
"samples": 5,
"return_to_service_after": 60,
"disable_half_open_state": false
}
]
}
}
}
},
"proxy": {
"preserve_host_header": false,
"listen_path": "/goplugin-tyk-api-test",
"target_url": "http://httpstat.us",
"strip_listen_path": true
},
"global_rate_limit": {
"rate": 0,
"per": 0
},
"custom_middleware": {
"auth_check": {
"name": "HttpCustomAuth",
"path": "./middleware/go/httpCustomAuth.so",
"require_session": false
},
"response": [],
"driver": "goplugin",
"id_extractor": {
"extract_from": "header",
"extract_with": "value",
"extractor_config": {
"header_name": "Authorization"
}
}
},
"enable_batch_request_support": false
}
After the below call
curl -i http://localhost:8080/goplugin-tyk-api-test/200 -H 'accept: application/json' -H'Authorization: test-13'
full key definition look like below
curl -i http://localhost:8080/tyk/keys/test-13 -H 'X-Tyk-Authorization: 352d20ee67be67f6340b4c0605b044b7'
{
"last_check": 0,
"allowance": 0,
"rate": 5,
"per": 60,
"throttle_interval": 0,
"throttle_retry_limit": 0,
"max_query_depth": 0,
"date_created": "2021-10-21T21:26:08.490534+05:30",
"expires": 0,
"quota_max": -1,
"quota_renews": 0,
"quota_remaining": 0,
"quota_renewal_rate": 3600,
"access_rights": {
"gop-1": {
"api_name": "Tyk Test API (Plain) 2",
"api_id": "gop-1",
"versions": [
"Default",
""
],
"allowed_urls": [],
"restricted_types": null,
"limit": {
"rate": 5,
"per": 60,
"throttle_interval": 0,
"throttle_retry_limit": 0,
"max_query_depth": 0,
"quota_max": -1,
"quota_renews": 0,
"quota_remaining": 0,
"quota_renewal_rate": 3600
},
"field_access_rights": null,
"allowance_scope": ""
},
"pln-1": {
"api_name": "",
"api_id": "pln-1",
"versions": [
"Default"
],
"allowed_urls": null,
"restricted_types": null,
"limit": {
"rate": 5,
"per": 60,
"throttle_interval": 0,
"throttle_retry_limit": 0,
"max_query_depth": 0,
"quota_max": -1,
"quota_renews": 0,
"quota_remaining": 0,
"quota_renewal_rate": 3600
},
"field_access_rights": null,
"allowance_scope": ""
}
},
"org_id": "default",
"oauth_client_id": "",
"oauth_keys": null,
"certificate": "",
"basic_auth_data": {
"password": "",
"hash_type": ""
},
"jwt_data": {
"secret": ""
},
"hmac_enabled": false,
"enable_http_signature_validation": false,
"hmac_string": "",
"rsa_certificate_id": "",
"is_inactive": false,
"apply_policy_id": "test-policy",
"apply_policies": [
"test-policy"
],
"data_expires": 0,
"monitor": {
"trigger_limits": null
},
"enable_detail_recording": false,
"enable_detailed_recording": false,
"meta_data": {
"token": "test-13"
},
"tags": [],
"alias": "",
"last_updated": "2021-10-21 21:26:08.490534 +0530 IST m=+876.514373917",
"id_extractor_deadline": 1634831773,
"session_lifetime": 0
}
The above configuration does not throw 429 at all. (ideally gateway should return )
I have spent quite a lot of time figuring out what is going wrong but wasn’t able to figure out.
I’m not sure if i’m setting sessiondata to ctx all the time after validation in middleware is causing the issue
Can someone please point me what is wrong here.