Implemented ui part for rate limit

2025-06-01 21:27:20 +02:00 · 2024-06-11 22:36:03 +02:00 · 2024-06-11 22:36:03 +02:00 · fa11422748
commit fa11422748
parent bb1b161ae2
4 changed files with 58 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -34,3 +34,9 @@ docker/ImagePublisher.sh
 src/mod/acme/test/stackoverflow.pem
 /tools/dns_challenge_update/code-gen/acmedns
 /tools/dns_challenge_update/code-gen/lego
+src/tmp/localhost.key
+src/tmp/localhost.pem
+src/www/html/index.html
+src/sys.uuid
+src/zoraxy
+src/log/zr_2024-6.log
--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@ -233,6 +233,26 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {

 	requireBasicAuth := (rba == "true")

+	// Require Rate Limiting?
+	rl, _ := utils.PostPara(r, "rate")
+	if rl == "" {
+		rl = "false"
+	}
+	requireRateLimit := (rl == "true")
+	rlnum, _ := utils.PostPara(r, "ratenum")
+	if rlnum == "" {
+		rlnum = "0"
+	}
+	proxyRateLimit, err := strconv.ParseInt(rlnum, 10, 64)
+	if err != nil {
+		utils.SendErrorResponse(w, "invalid rate limit number")
+		return
+	}
+	if proxyRateLimit <= 0 {
+		utils.SendErrorResponse(w, "rate limit number must be greater than 0")
+		return
+	}
+
 	// Bypass WebSocket Origin Check
 	strbpwsorg, _ := utils.PostPara(r, "bpwsorg")
 	if strbpwsorg == "" {
@ -313,6 +333,9 @@ func ReverseProxyHandleAddEndpoint(w http.ResponseWriter, r *http.Request) {
 			BasicAuthExceptionRules: []*dynamicproxy.BasicAuthExceptionRule{},
 			DefaultSiteOption:       0,
 			DefaultSiteValue:        "",
+			// Rate Limit
+			RequireRateLimit: requireRateLimit,
+			RateLimit:        proxyRateLimit,
 		}

 		preparedEndpoint, err := dynamicProxyRouter.PrepareProxyRoute(&thisProxyEndpoint)
--- a/src/web/components/httprp.html
+++ b/src/web/components/httprp.html
@ -20,6 +20,7 @@
                    <th>Destination</th>
                    <th>Virtual Directory</th>
                    <th>Basic Auth</th>
+                    <th>Rate Limit</th>
                    <th class="no-sort" style="min-width:150px;">Actions</th>
                </tr>
            </thead>
@ -107,6 +108,9 @@
                        <td data-label="" editable="true" datatype="basicauth">
                            ${subd.RequireBasicAuth?`<i class="ui green check icon"></i>`:`<i class="ui grey remove icon"></i>`}
                        </td>
+                        <td data-label="" editable="true" datatype="ratelimit">
+                            ${subd.RequireRateLimit?`<i class="ui green check icon"></i> ${subd.RateLimit}req/s`:`<i class="ui grey remove icon"></i>`}
+                        </td>
                        <td class="center aligned ignoremw" editable="true" datatype="action" data-label="">
                            <div class="ui toggle tiny fitted checkbox" style="margin-bottom: -0.5em; margin-right: 0.4em;" title="Enable / Disable Rule">
                                <input type="checkbox" class="enableToggle" name="active" ${enableChecked} eptuuid="${subd.RootOrMatchingDomain}" onchange="handleProxyRuleToggle(this);">
--- a/src/web/components/rules.html
+++ b/src/web/components/rules.html
@ -73,6 +73,17 @@
                                        <label>Allow plain HTTP access<br><small>Allow this subdomain to be connected without TLS (Require HTTP server enabled on port 80)</small></label>
                                    </div>
                                </div>
+                                <div class="field">
+                                    <div class="ui checkbox">
+                                        <input type="checkbox" id="requireRateLimit">
+                                        <label>Require Rate Limit<br><small>This proxy endpoint will be rate limited.</small></label>
+                                    </div>
+                                </div>
+                                <div class="field">
+                                    <label>Rate Limit</label>
+                                    <input type="number" id="proxyRateLimit" placeholder="100" min="1" max="1000" value="100">
+                                    <small>The Rate Limit is applied to the whole proxy endpoint. If the number of requests exceeds the limit, the proxy will return a 429 error code.</small>
+                                </div>
                                <div class="field">
                                    <div class="ui checkbox">
                                        <input type="checkbox" id="requireBasicAuth">
@ -147,6 +158,8 @@
        var skipTLSValidation = $("#skipTLSValidation")[0].checked;
        var bypassGlobalTLS = $("#bypassGlobalTLS")[0].checked;
        var requireBasicAuth = $("#requireBasicAuth")[0].checked;
+        var proxyRateLimit = $("#proxyRateLimit").val();
+        var requireRateLimit = $("#requireRateLimit")[0].checked;
        var skipWebSocketOriginCheck = $("#skipWebsocketOriginCheck")[0].checked;
        var accessRuleToUse = $("#newProxyRuleAccessFilter").val();
        
@ -176,6 +189,8 @@
                bpwsorg: skipWebSocketOriginCheck,
                bypassGlobalTLS: bypassGlobalTLS,
                bauth: requireBasicAuth,
+                rate: requireRateLimit,
+                ratenum: proxyRateLimit,
                cred: JSON.stringify(credentials),
                access: accessRuleToUse,
            },
@ -264,6 +279,16 @@
    }
    $("#requireBasicAuth").on('change', toggleBasicAuth);
    toggleBasicAuth();
+    
+    function toggleRateLimit() {
+        if ($("#requireRateLimit").parent().checkbox("is checked")) {
+            $("#proxyRateLimit").parent().removeClass("disabled");
+        } else {
+            $("#proxyRateLimit").parent().addClass("disabled");
+        }
+    }
+    $("#requireRateLimit").on('change', toggleRateLimit);
+    toggleRateLimit();


    /*