plugins/api/rate-limit/src/main/java/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java - cloudstack - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.
 package org.apache.cloudstack.ratelimit;

 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;

 import javax.inject.Inject;
 import javax.naming.ConfigurationException;

 import net.sf.ehcache.Cache;
 import net.sf.ehcache.CacheManager;

 import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;

 import org.apache.cloudstack.acl.APIChecker;
 import org.apache.cloudstack.api.command.admin.ratelimit.ResetApiLimitCmd;
 import org.apache.cloudstack.api.command.user.ratelimit.GetApiLimitCmd;
 import org.apache.cloudstack.api.response.ApiLimitResponse;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;

 import com.cloud.configuration.Config;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.exception.RequestLimitException;
 import com.cloud.user.Account;
 import com.cloud.user.AccountService;
 import com.cloud.user.User;
 import com.cloud.utils.component.AdapterBase;

 @Component
 public class ApiRateLimitServiceImpl extends AdapterBase implements APIChecker, ApiRateLimitService {
     private static final Logger s_logger = Logger.getLogger(ApiRateLimitServiceImpl.class);

     /**
      * True if api rate limiting is enabled
      */
     private boolean enabled = false;

     /**
      * Fixed time duration where api rate limit is set, in seconds
      */
     private int timeToLive = 1;

     /**
      * Max number of api requests during timeToLive duration.
      */
     private int maxAllowed = 30;

     private LimitStore _store = null;

     @Inject
     AccountService _accountService;

     @Inject
     ConfigurationDao _configDao;

     @Override
     public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
         super.configure(name, params);

         if (_store == null) {
             // get global configured duration and max values
             String isEnabled = _configDao.getValue(Config.ApiLimitEnabled.key());
             if (isEnabled != null) {
                 enabled = Boolean.parseBoolean(isEnabled);
             }
             String duration = _configDao.getValue(Config.ApiLimitInterval.key());
             if (duration != null) {
                 timeToLive = Integer.parseInt(duration);
             }
             String maxReqs = _configDao.getValue(Config.ApiLimitMax.key());
             if (maxReqs != null) {
                 maxAllowed = Integer.parseInt(maxReqs);
             }
             // create limit store
             EhcacheLimitStore cacheStore = new EhcacheLimitStore();
             int maxElements = 10000;
             String cachesize = _configDao.getValue(Config.ApiLimitCacheSize.key());
             if (cachesize != null) {
                 maxElements = Integer.parseInt(cachesize);
             }
             CacheManager cm = CacheManager.create();
             Cache cache = new Cache("api-limit-cache", maxElements, false, false, timeToLive, timeToLive);
             cm.addCache(cache);
             s_logger.info("Limit Cache created with timeToLive=" + timeToLive + ", maxAllowed=" + maxAllowed + ", maxElements=" + maxElements);
             cacheStore.setCache(cache);
             _store = cacheStore;

         }

         return true;
     }

     @Override
     public ApiLimitResponse searchApiLimit(Account caller) {
         ApiLimitResponse response = new ApiLimitResponse();
         response.setAccountId(caller.getUuid());
         response.setAccountName(caller.getAccountName());
         StoreEntry entry = _store.get(caller.getId());
         if (entry == null) {

             /* Populate the entry, thus unlocking any underlying mutex */
             entry = _store.create(caller.getId(), timeToLive);
             response.setApiIssued(0);
             response.setApiAllowed(maxAllowed);
             response.setExpireAfter(timeToLive);
         } else {
             response.setApiIssued(entry.getCounter());
             response.setApiAllowed(maxAllowed - entry.getCounter());
             response.setExpireAfter(entry.getExpireDuration());
         }

         return response;
     }

     @Override
     public boolean resetApiLimit(Long accountId) {
         if (accountId != null) {
             _store.create(accountId, timeToLive);
         } else {
             _store.resetCounters();
         }
         return true;
     }

     @Override
     public boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException {
         // check if api rate limiting is enabled or not
         if (!enabled) {
             return true;
         }
         Long accountId = user.getAccountId();
         Account account = _accountService.getAccount(accountId);
         if (_accountService.isRootAdmin(account.getId())) {
             // no API throttling on root admin
             return true;
         }
         StoreEntry entry = _store.get(accountId);

         if (entry == null) {

             /* Populate the entry, thus unlocking any underlying mutex */
             entry = _store.create(accountId, timeToLive);
         }

         /* Increment the client count and see whether we have hit the maximum allowed clients yet. */
         int current = entry.incrementAndGet();

         if (current <= maxAllowed) {
             s_logger.trace("account (" + account.getAccountId() + "," + account.getAccountName() + ") has current count = " + current);
             return true;
         } else {
             long expireAfter = entry.getExpireDuration();
             // for this exception, we can just show the same message to user and admin users.
             String msg = "The given user has reached his/her account api limit, please retry after " + expireAfter + " ms.";
             s_logger.warn(msg);
             throw new RequestLimitException(msg);
         }
     }

     @Override
     public List<Class<?>> getCommands() {
         List<Class<?>> cmdList = new ArrayList<Class<?>>();
         cmdList.add(ResetApiLimitCmd.class);
         cmdList.add(GetApiLimitCmd.class);
         return cmdList;
     }

     @Override
     public void setTimeToLive(int timeToLive) {
         this.timeToLive = timeToLive;
     }

     @Override
     public void setMaxAllowed(int max) {
         maxAllowed = max;

     }

     @Override
     public void setEnabled(boolean enabled) {
         this.enabled = enabled;

     }

 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.
	package org.apache.cloudstack.ratelimit;

	import java.util.ArrayList;
	import java.util.List;
	import java.util.Map;

	import javax.inject.Inject;
	import javax.naming.ConfigurationException;

	import net.sf.ehcache.Cache;
	import net.sf.ehcache.CacheManager;

	import org.apache.log4j.Logger;
	import org.springframework.stereotype.Component;

	import org.apache.cloudstack.acl.APIChecker;
	import org.apache.cloudstack.api.command.admin.ratelimit.ResetApiLimitCmd;
	import org.apache.cloudstack.api.command.user.ratelimit.GetApiLimitCmd;
	import org.apache.cloudstack.api.response.ApiLimitResponse;
	import org.apache.cloudstack.framework.config.dao.ConfigurationDao;

	import com.cloud.configuration.Config;
	import com.cloud.exception.PermissionDeniedException;
	import com.cloud.exception.RequestLimitException;
	import com.cloud.user.Account;
	import com.cloud.user.AccountService;
	import com.cloud.user.User;
	import com.cloud.utils.component.AdapterBase;

	@Component
	public class ApiRateLimitServiceImpl extends AdapterBase implements APIChecker, ApiRateLimitService {
	private static final Logger s_logger = Logger.getLogger(ApiRateLimitServiceImpl.class);

	/**
	* True if api rate limiting is enabled
	*/
	private boolean enabled = false;

	/**
	* Fixed time duration where api rate limit is set, in seconds
	*/
	private int timeToLive = 1;

	/**
	* Max number of api requests during timeToLive duration.
	*/
	private int maxAllowed = 30;

	private LimitStore _store = null;

	@Inject
	AccountService _accountService;

	@Inject
	ConfigurationDao _configDao;

	@Override
	public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
	super.configure(name, params);

	if (_store == null) {
	// get global configured duration and max values
	String isEnabled = _configDao.getValue(Config.ApiLimitEnabled.key());
	if (isEnabled != null) {
	enabled = Boolean.parseBoolean(isEnabled);
	}
	String duration = _configDao.getValue(Config.ApiLimitInterval.key());
	if (duration != null) {
	timeToLive = Integer.parseInt(duration);
	}
	String maxReqs = _configDao.getValue(Config.ApiLimitMax.key());
	if (maxReqs != null) {
	maxAllowed = Integer.parseInt(maxReqs);
	}
	// create limit store
	EhcacheLimitStore cacheStore = new EhcacheLimitStore();
	int maxElements = 10000;
	String cachesize = _configDao.getValue(Config.ApiLimitCacheSize.key());
	if (cachesize != null) {
	maxElements = Integer.parseInt(cachesize);
	}
	CacheManager cm = CacheManager.create();
	Cache cache = new Cache("api-limit-cache", maxElements, false, false, timeToLive, timeToLive);
	cm.addCache(cache);
	s_logger.info("Limit Cache created with timeToLive=" + timeToLive + ", maxAllowed=" + maxAllowed + ", maxElements=" + maxElements);
	cacheStore.setCache(cache);
	_store = cacheStore;

	}

	return true;
	}

	@Override
	public ApiLimitResponse searchApiLimit(Account caller) {
	ApiLimitResponse response = new ApiLimitResponse();
	response.setAccountId(caller.getUuid());
	response.setAccountName(caller.getAccountName());
	StoreEntry entry = _store.get(caller.getId());
	if (entry == null) {

	/* Populate the entry, thus unlocking any underlying mutex */
	entry = _store.create(caller.getId(), timeToLive);
	response.setApiIssued(0);
	response.setApiAllowed(maxAllowed);
	response.setExpireAfter(timeToLive);
	} else {
	response.setApiIssued(entry.getCounter());
	response.setApiAllowed(maxAllowed - entry.getCounter());
	response.setExpireAfter(entry.getExpireDuration());
	}

	return response;
	}

	@Override
	public boolean resetApiLimit(Long accountId) {
	if (accountId != null) {
	_store.create(accountId, timeToLive);
	} else {
	_store.resetCounters();
	}
	return true;
	}

	@Override
	public boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException {
	// check if api rate limiting is enabled or not
	if (!enabled) {
	return true;
	}
	Long accountId = user.getAccountId();
	Account account = _accountService.getAccount(accountId);
	if (_accountService.isRootAdmin(account.getId())) {
	// no API throttling on root admin
	return true;
	}
	StoreEntry entry = _store.get(accountId);

	if (entry == null) {

	/* Populate the entry, thus unlocking any underlying mutex */
	entry = _store.create(accountId, timeToLive);
	}

	/* Increment the client count and see whether we have hit the maximum allowed clients yet. */
	int current = entry.incrementAndGet();

	if (current <= maxAllowed) {
	s_logger.trace("account (" + account.getAccountId() + "," + account.getAccountName() + ") has current count = " + current);
	return true;
	} else {
	long expireAfter = entry.getExpireDuration();
	// for this exception, we can just show the same message to user and admin users.
	String msg = "The given user has reached his/her account api limit, please retry after " + expireAfter + " ms.";
	s_logger.warn(msg);
	throw new RequestLimitException(msg);
	}
	}

	@Override
	public List<Class<?>> getCommands() {
	List<Class<?>> cmdList = new ArrayList<Class<?>>();
	cmdList.add(ResetApiLimitCmd.class);
	cmdList.add(GetApiLimitCmd.class);
	return cmdList;
	}

	@Override
	public void setTimeToLive(int timeToLive) {
	this.timeToLive = timeToLive;
	}

	@Override
	public void setMaxAllowed(int max) {
	maxAllowed = max;

	}

	@Override
	public void setEnabled(boolean enabled) {
	this.enabled = enabled;

	}

	}