* Check rate limiting if not already checked * * Extracts rate limit config from bucket metadata, caches it, and enforces limit. * Calls callback with error if rate limited, null if allowed or no rate limiting. * * @param {object} request - Request object * @param {AuthInfo} authInfo - AuthInf
(request, authInfo, bucketMD, log, callback)
| 260 | * @returns {undefined} |
| 261 | */ |
| 262 | function checkRateLimitIfNeeded(request, authInfo, bucketMD, log, callback) { |
| 263 | // Skip if already checked or not enabled |
| 264 | if (!requestNeedsRateCheck(request)) { |
| 265 | return process.nextTick(callback, null); |
| 266 | } |
| 267 | |
| 268 | // Extract rate limit config from bucket metadata and cache it |
| 269 | const checks = []; |
| 270 | const rateLimitConfig = extractRateLimitConfigFromRequest(request, authInfo, bucketMD, log); |
| 271 | |
| 272 | if (!request.rateLimitBucketAlreadyChecked && rateLimitConfig.bucket !== undefined) { |
| 273 | cache.setCachedConfig( |
| 274 | cache.namespace.bucket, |
| 275 | bucketMD.getName(), |
| 276 | rateLimitConfig.bucket, |
| 277 | config.rateLimiting.bucket.configCacheTTL |
| 278 | ); |
| 279 | cache.setCachedBucketOwner(bucketMD.getName(), bucketMD.getOwner(), config.rateLimiting.bucket.configCacheTTL); |
| 280 | checks.push(...buildRateChecksFromConfig('bucket', bucketMD.getName(), rateLimitConfig.bucket)); |
| 281 | // eslint-disable-next-line no-param-reassign |
| 282 | request.rateLimitBucketAlreadyChecked = true; |
| 283 | } |
| 284 | |
| 285 | if (!request.rateLimitAccountAlreadyChecked && rateLimitConfig.account !== undefined) { |
| 286 | cache.setCachedConfig( |
| 287 | cache.namespace.account, |
| 288 | authInfo.getCanonicalID(), |
| 289 | rateLimitConfig.account, |
| 290 | config.rateLimiting.account.configCacheTTL |
| 291 | ); |
| 292 | checks.push(...buildRateChecksFromConfig('account', authInfo.getCanonicalID(), rateLimitConfig.account)); |
| 293 | // eslint-disable-next-line no-param-reassign |
| 294 | request.rateLimitAccountAlreadyChecked = true; |
| 295 | } |
| 296 | |
| 297 | const { allowed, rateLimitSource } = checkRateLimitsForRequest(checks, log); |
| 298 | if (!allowed) { |
| 299 | log.addDefaultFields({ |
| 300 | rateLimited: true, |
| 301 | rateLimitSource, |
| 302 | }); |
| 303 | |
| 304 | if (request.serverAccessLog) { |
| 305 | /* eslint-disable no-param-reassign */ |
| 306 | request.serverAccessLog.rateLimited = true; |
| 307 | request.serverAccessLog.rateLimitSource = rateLimitSource; |
| 308 | /* eslint-enable no-param-reassign */ |
| 309 | } |
| 310 | |
| 311 | return process.nextTick(callback, config.rateLimiting.error); |
| 312 | } |
| 313 | |
| 314 | return process.nextTick(callback, null); |
| 315 | } |
| 316 | |
| 317 | /** standardMetadataValidateBucketAndObj - retrieve bucket and object md from metadata |
| 318 | * and check if user is authorized to access them. |
no test coverage detected