L1-node icon indicating copy to clipboard operation
L1-node copied to clipboard
verified publisher icon filecoin-saturn

once auth ships, reject all non-authorized requests

Open gruns opened this issue 2 years ago • 2 comments

add two rate limits when no auth token is provided

  • solid rate limits per IP. eg a max of like 5 reqs/IP/s
  • extreme rate limit per origin/referer. eg a max of 5 reqs/referer/s
  • do not ship this until auth ships 🙂
  • return http 429 appropriately when rate limits hit

requests with an invalid auth token will still be rejected

gruns avatar Oct 12 '23 01:10 gruns

changed to initial implementation being NO unauthorized requests

hannahhoward avatar Oct 17 '23 15:10 hannahhoward

yep! new implementation plan:

stage 1: auth required for every request. all requests without auth are rejected outright by l1s stage 2: all requests without auth are severely rate limited to allow curl, wget, and other 'toy' usage of saturn without auth

for stage 2, the goal of the rate limits is:

  1. to allow for toy usage of saturn, eg with curl from the command line for debugging
  2. to explicitly disallow production usage of saturn without auth. for prod use, a customer must sign up and add auth to their requests

here are some potential rate limiting strategies to consider for implementation:

  • rate limit per IP, e.g. 5 reqs/IP/sec
  • rate limit per origin, e.g. 5 reqs/origin/sec
  • download rate limit per request, e.g. 200kbps maximum download speed per request
  • response size per request, e.g. 10MB maximum response size per request

some combination of all, or some, of the above rate limits will help accomplish both of stage 2's goals above

gruns avatar Oct 20 '23 09:10 gruns