Lines
100 %
Functions
#pragma once
#include <cstdint>
#include <memory>
#include <string>
#include <vector>
#include "envoy/config/core/v3/base.pb.h"
#include "envoy/config/route/v3/route_components.pb.h"
#include "envoy/ratelimit/ratelimit.h"
#include "envoy/router/router.h"
#include "envoy/router/router_ratelimit.h"
#include "source/common/config/metadata.h"
#include "source/common/formatter/substitution_formatter.h"
#include "source/common/http/header_utility.h"
#include "source/common/http/matching/data_impl.h"
#include "source/common/matcher/matcher.h"
#include "source/common/network/cidr_range.h"
#include "source/common/protobuf/utility.h"
#include "source/common/router/config_utility.h"
#include "absl/types/optional.h"
namespace Envoy {
namespace Router {
/**
* Populate rate limit override from dynamic metadata.
*/
class DynamicMetadataRateLimitOverride : public RateLimitOverrideAction {
public:
DynamicMetadataRateLimitOverride(
const envoy::config::route::v3::RateLimit::Override::DynamicMetadata& config)
: metadata_key_(config.metadata_key()) {}
// Router::RateLimitOverrideAction
bool populateOverride(RateLimit::Descriptor& descriptor,
const envoy::config::core::v3::Metadata* metadata) const override;
private:
const Envoy::Config::MetadataKey metadata_key_;
};
* Action for source cluster rate limiting.
class SourceClusterAction : public RateLimit::DescriptorProducer {
// Ratelimit::DescriptorProducer
bool populateDescriptor(RateLimit::DescriptorEntry& descriptor_entry,
const std::string& local_service_cluster,
const Http::RequestHeaderMap& headers,
const StreamInfo::StreamInfo& info) const override;
* Action for destination cluster rate limiting.
class DestinationClusterAction : public RateLimit::DescriptorProducer {
* Action for request headers rate limiting.
class RequestHeadersAction : public RateLimit::DescriptorProducer {
RequestHeadersAction(const envoy::config::route::v3::RateLimit::Action::RequestHeaders& action)
: header_name_(action.header_name()), descriptor_key_(action.descriptor_key()),
skip_if_absent_(action.skip_if_absent()) {}
const Http::LowerCaseString header_name_;
const std::string descriptor_key_;
const bool skip_if_absent_;
* Action for remote address rate limiting.
class RemoteAddressAction : public RateLimit::DescriptorProducer {
* Action for masked remote address rate limiting.
class MaskedRemoteAddressAction : public RateLimit::DescriptorProducer {
MaskedRemoteAddressAction(
const envoy::config::route::v3::RateLimit::Action::MaskedRemoteAddress& action)
: v4_prefix_mask_len_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(action, v4_prefix_mask_len, 32)),
v6_prefix_mask_len_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(action, v6_prefix_mask_len, 128)) {}
const uint32_t v4_prefix_mask_len_;
const uint32_t v6_prefix_mask_len_;
* Action for generic key rate limiting.
class GenericKeyAction : public RateLimit::DescriptorProducer {
GenericKeyAction(const envoy::config::route::v3::RateLimit::Action::GenericKey& action,
std::unique_ptr<Formatter::FormatterImpl> formatter = nullptr);
const std::string descriptor_value_;
const std::string default_value_;
const std::unique_ptr<Formatter::FormatterImpl> descriptor_formatter_;
* Action for metadata rate limiting.
class MetaDataAction : public RateLimit::DescriptorProducer {
MetaDataAction(const envoy::config::route::v3::RateLimit::Action::MetaData& action);
// for maintaining backward compatibility with the deprecated DynamicMetaData action
MetaDataAction(const envoy::config::route::v3::RateLimit::Action::DynamicMetaData& action);
const envoy::config::route::v3::RateLimit::Action::MetaData::Source source_;
* Action for query parameters rate limiting.
class QueryParametersAction : public RateLimit::DescriptorProducer {
QueryParametersAction(const envoy::config::route::v3::RateLimit::Action::QueryParameters& action);
const std::string query_param_name_;
* Action for header value match rate limiting.
class HeaderValueMatchAction : public RateLimit::DescriptorProducer {
HeaderValueMatchAction(
const envoy::config::route::v3::RateLimit::Action::HeaderValueMatch& action,
Server::Configuration::CommonFactoryContext& context,
const bool expect_match_;
const std::vector<Http::HeaderUtility::HeaderDataPtr> action_headers_;
* Action for query parameter value match rate limiting.
class QueryParameterValueMatchAction : public RateLimit::DescriptorProducer {
QueryParameterValueMatchAction(
const envoy::config::route::v3::RateLimit::Action::QueryParameterValueMatch& action,
std::vector<ConfigUtility::QueryParameterMatcherPtr> buildQueryParameterMatcherVector(
const Protobuf::RepeatedPtrField<envoy::config::route::v3::QueryParameterMatcher>&
query_parameters,
Server::Configuration::CommonFactoryContext& context);
const std::vector<ConfigUtility::QueryParameterMatcherPtr> action_query_parameters_;
* Action for remote address match rate limiting.
class RemoteAddressMatchAction : public RateLimit::DescriptorProducer {
RemoteAddressMatchAction(
const envoy::config::route::v3::RateLimit::Action::RemoteAddressMatch& action,
const std::unique_ptr<Network::Address::IpList> ip_list_;
const bool invert_match_;
class RateLimitDescriptorValidationVisitor
: public Matcher::MatchTreeValidationVisitor<Http::HttpMatchingData> {
absl::Status performDataInputValidation(const Matcher::DataInputFactory<Http::HttpMatchingData>&,
absl::string_view) override {
return absl::OkStatus();
}
class MatchInputRateLimitDescriptor : public RateLimit::DescriptorProducer {
MatchInputRateLimitDescriptor(const std::string& descriptor_key,
Matcher::DataInputPtr<Http::HttpMatchingData>&& data_input)
: descriptor_key_(descriptor_key), data_input_(std::move(data_input)) {}
bool populateDescriptor(RateLimit::DescriptorEntry& descriptor_entry, const std::string&,
Matcher::DataInputPtr<Http::HttpMatchingData> data_input_;
/*
* Implementation of RateLimitPolicyEntry that holds the action for the configuration.
class RateLimitPolicyEntryImpl : public RateLimitPolicyEntry {
RateLimitPolicyEntryImpl(const envoy::config::route::v3::RateLimit& config,
absl::Status& creation_status);
// Router::RateLimitPolicyEntry
uint64_t stage() const override { return stage_; }
const std::string& disableKey() const override { return disable_key_; }
void populateDescriptors(std::vector<Envoy::RateLimit::Descriptor>& descriptors,
const std::string& local_service_cluster, const Http::RequestHeaderMap&,
void populateLocalDescriptors(std::vector<Envoy::RateLimit::LocalDescriptor>& descriptors,
const Http::RequestHeaderMap&,
bool applyOnStreamDone() const override { return apply_on_stream_done_; }
const std::string disable_key_;
const uint64_t stage_;
std::vector<RateLimit::DescriptorProducerPtr> actions_;
absl::optional<RateLimitOverrideActionPtr> limit_override_ = absl::nullopt;
const bool apply_on_stream_done_ = false;
const RateLimit::XRateLimitOption x_ratelimit_option_{};
* Implementation of RateLimitPolicy that reads from the JSON route config.
class RateLimitPolicyImpl : public RateLimitPolicy {
RateLimitPolicyImpl(
const Protobuf::RepeatedPtrField<envoy::config::route::v3::RateLimit>& rate_limits,
Server::Configuration::CommonFactoryContext& context, absl::Status& creation_status);
// Router::RateLimitPolicy
const std::vector<std::reference_wrapper<const RateLimitPolicyEntry>>&
getApplicableRateLimit(uint64_t stage = 0) const override;
bool empty() const override { return rate_limit_entries_.empty(); }
const std::vector<RateLimitPolicyEntryImpl> rate_limit_entries_;
const std::vector<std::vector<std::reference_wrapper<const RateLimitPolicyEntry>>>
rate_limit_entries_reference_;
* An implementation of a default rate limit policy that is empty.
class DefaultRateLimitPolicyImpl : public RateLimitPolicy {
getApplicableRateLimit(uint64_t) const override {
return empty_vector_;
bool empty() const override { return true; }
// An empty vector that will be returned for any getApplicableRateLimit() invocation.
const std::vector<std::reference_wrapper<const RateLimitPolicyEntry>> empty_vector_;
using DefaultRateLimitPolicy = ConstSingleton<DefaultRateLimitPolicyImpl>;
} // namespace Router
} // namespace Envoy