Python Plugin for IP Rate Limiting

Arturo_Serrano · April 3, 2017, 8:34pm

Hello,

We’re working to integrate tyk to our company, and want to leverage the powerful python plugins.
We have managed to get the JavaScript middle wear for Ip Rate limiting working, but we want to write the same functionality in python to be able to pair with other plugins easier.

So far, we’ve been unable to get tyk to recognize the key or session data. We are receiving the following errors in the log:

[Apr 3 20:09:57] DEBUG Querying local cache [Apr 3 20:09:57] DEBUG Querying keystore [Apr 3 20:09:57] DEBUG STORE: Getting WAS: 10.55.12.107 [Apr 3 20:09:57] DEBUG Input key was: apikey-e0a1c264 [Apr 3 20:09:57] DEBUG STORE: Getting: apikey-e0a1c264 [Apr 3 20:09:57] DEBUG Input key was: apikey-e0a1c264 [Apr 3 20:09:57] DEBUG Error trying to get value:redigo: nil returned [Apr 3 20:09:57] DEBUG auth-mgr: Could not get session detail, key not found err=Key not found inbound-key=****.107 [Apr 3 20:09:57] DEBUG Querying authstore [Apr 3 20:09:57] DEBUG STORE: Getting WAS: 10.55.12.107 [Apr 3 20:09:57] DEBUG Input key was: apikey-e0a1c264 [Apr 3 20:09:57] DEBUG STORE: Getting: apikey-e0a1c264 [Apr 3 20:09:57] DEBUG Input key was: apikey-e0a1c264 [Apr 3 20:09:57] DEBUG Error trying to get value:redigo: nil returned [Apr 3 20:09:57] WARN auth-mgr: Key not found in storage engine err=Key not found inbound-key=****.107 [Apr 3 20:09:57] INFO Attempted access with non-existent key. key=10.55.12.107 origin=127.0.0.1 path=/policy/ [Apr 3 20:09:57] ERROR gateway: request error: Key not authorised api_id=cd6235cbdb404a4646f947ac20837e16 org_id=58cad6dfd81dd609b3d249cc path=/ server_name=https://www.amazon.com user_id= user_ip=127.0.0.1

We have been extending the python initial plugin example, and are currently at the following state:

from tyk.decorators import *
from gateway import TykGateway as tyk

from tyk.session import AccessSpec, AccessDefinition, BasicAuthData, JWTData, Monitor, TykSession

@Hook
def MyPreMiddleware(request, session, spec):
print(request)

print("Session --->")
session.apply_policy_id = "58cae541d81dd609b3d249d5"
session.org_id = "58cad6dfd81dd609b3d249cc"

print("Spec ------->")
print(spec)

#print(TykSession)

request.add_header('myheader', 'myvalue')
ip = request.get_header('X-Real-Ip')
print(ip)
print("Hello")
request.add_header('x-limit-authorization', ip)
session.metadata = ip
print(session)
print(tyk)
#tyk.store_data(ip,"hello",10000)
#tyk.store_data(ip,keyDetails,10090)
#metadata[ip] = keyDetails
#print(metadata)

return request, session`

We’ve tried to edit the session object within the Pre Hook, as well as saving with the store-data function.

It would be greatly appreciated if we could get some help, or some more advanced examples of python plugins to read through.

Thanks,

-Arturo

Martin · April 3, 2017, 10:35pm

I’d suggest that instead of using the pre middleware, you write an auth plugin instead (see the authentication section in this doc):

github.com

TykTechnologies/tyk/blob/master/coprocess/python/README.md

# Coprocess (Python)

This feature makes it possible to write Tyk middleware using [Python](https://www.python.org/), the current binding supports Python 3.x.
The purpose of this README is to provide an overview of the architecture and a few implementation notes.

## Usage

You'll need to build Tyk with specific build tags, see build notes below.

Basically `go build -tags 'coprocess python'`.

### Setting up custom Python middleware

The custom middleware should be specified in your API definition file, under `custom_middleware` (see [coprocess_app_sample.json](../../apps/coprocess_app_sample.json)):

```json
"custom_middleware": {
  "pre": [
      {
        "name": "MyPreMiddleware",

This file has been truncated. show original

Arturo_Serrano · April 12, 2017, 2:54pm

Thanks for the help. We moved on to using the Auth Middlewear for the python rate limiter. We currently have this snippet:
session.rate = 10.0 session.per = 5.0 session.apply_policy_id = "58ed16c2d81dd63719640c19" metadata['token'] = request.get_header('X-Real-Ip')

Our problem is that the apply_policy_id section doesn’t load in the policy that we want. Otherwise, the rate and per do rate limit correctly based on the metadata['token']

Are we missing anything in terms of applying policies through the session object?

Martin · April 18, 2017, 4:24am

Can you confirm what the value in your tyk.conf is for disable_cached_session_state? The in-memory cache, if enabled, might stop the policy.

If it’s disabled (set to true), then there may be a bug we need to look at (cc @matiasb)

matiasb · April 18, 2017, 3:07pm

Right, it might be useful to see your tyk.conf settings.

Arturo_Serrano · April 21, 2017, 5:25pm

Hey, sorry for the late response. Here’s our tyk.conf settings:

{
“listen_port”: 8080,
“node_secret”: “352d20ee67be67f6340b4c0605b044b7”,
“secret”: “352d20ee67be67f6340b4c0605b044b7”,
“template_path”: “/opt/tyk-gateway/templates”,
“tyk_js_path”: “/opt/tyk-gateway/js/tyk.js”,
“use_db_app_configs”: true,
“db_app_conf_options”: {
“connection_string”: “”,
“node_is_segmented”: false,
“tags”: []
},
“disable_dashboard_zeroconf”: false,
“app_path”: “/opt/tyk-gateway/apps”,
“middleware_path”: “/opt/tyk-gateway/middleware”,
“storage”: {
“type”: “redis”,
“host”: “localhost”,
“port”: 6379,
“username”: “”,
“password”: “”,
“database”: 0,
“optimisation_max_idle”: 2000,
“optimisation_max_active”: 4000
},
“enable_analytics”: true,
“analytics_config”: {
“type”: “mongo”,
“pool_size”: 100,
“csv_dir”: “/tmp”,
“mongo_url”: “”,
“mongo_db_name”: “”,
“mongo_collection”: “”,
“purge_delay”: 100,
“ignored_ips”: [],
“enable_detailed_recording”: false,
“enable_geo_ip”: false,
“geo_ip_db_path”: “”,
“normalise_urls”: {
“enabled”: true,
“normalise_uuids”: true,
“normalise_numbers”: true,
“custom_patterns”: []
}
},
“health_check”: {
“enable_health_checks”: false,
“health_check_value_timeouts”: 60
},
“optimisations_use_async_session_write”: true,
“allow_master_keys”: true,
“policies”: {
“policy_source”: “service”,
“policy_connection_string”: “”,
“policy_record_name”: “tyk_policies”,
“allow_explicit_policy_id”: true
},
“hash_keys”: true,
“suppress_redis_signal_reload”: false,
“use_redis_log”: true,
“close_connections”: true,
“enable_non_transactional_rate_limiter”: true,
“enable_sentinel_rate_limiter”: false,
“experimental_process_org_off_thread”: true,
“local_session_cache”: {
“disable_cached_session_state”: true
},
“http_server_options”: {
“enable_websockets”: true
},
“uptime_tests”: {
“disable”: false,
“config”: {
“enable_uptime_analytics”: false,
“failure_trigger_sample_size”: 3,
“time_wait”: 1,
“checker_pool_size”: 50
}
},
“hostname”: “”,
“enable_custom_domains”: true,
“enable_jsvm”: true,
“oauth_redirect_uri_separator”: “;”,

“coprocess_options”: {
“enable_coprocess”: true
},
“enable_bundle_downloader”: false,
“bundle_base_url”: “”,
“pid_file_location”: “./tyk-gateway.pid”,

“allow_insecure_configs”: true,
“public_key_path”: “”,
“close_idle_connections”: false,
“allow_remote_config”: false,

“global_session_lifetime”: 100,
“force_global_session_lifetime”: false,
“max_idle_connections_per_host”: 100
}