How to rate limit based on client id from token? #2008
-
|
New feature Requirement is as follows Rate limit as per client id from auth token. (Bearer token for e.g) I need to use client id from token instead of header. header based implementation not suitable in cases where user can make requests by changing client id . Is there way to do this ClientRateLimitingMiddleware? I can see some code coupled with middleware (whitelist check and header verification) so cannot extend it. Please help. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Solution that seems to work for me is to add a ClientRateLimitMiddleware with modified Setidentity. The middleware is roughly described here: https://github.com/ThreeMammals/Ocelot/tree/develop/src/Ocelot/RateLimit/Middleware public virtual ClientRequestIdentity SetIdentity(HttpContext httpContext, RateLimitOptions option)
{
var clientId = "client";
if (httpContext.Request.Headers.Keys.Contains("Authorization"))
{
clientId = httpContext.User.FindFirst("user_id").Value;
}
return new ClientRequestIdentity(
clientId,
httpContext.Request.Path.ToString().ToLowerInvariant(),
httpContext.Request.Method.ToLowerInvariant()
);
} |
Beta Was this translation helpful? Give feedback.
Solution that seems to work for me is to add a ClientRateLimitMiddleware with modified Setidentity.
The middleware is roughly described here: https://github.com/ThreeMammals/Ocelot/tree/develop/src/Ocelot/RateLimit/Middleware
The user context value will vary depending on your auth provider.