[bisq-network/bisq] [WIP] Prevent excessive api calls (#4966)
Stan
notifications at github.com
Thu Dec 17 18:34:16 CET 2020
This change provides a gRPC `CallRateMeteringInterceptor` to help protect the server and network against being overloaded by CLI scripting mistakes.
An interceptor instance can be configured on a gRPC service to set per method call rate limits on one or more of the the service's methods. For example, the `GrpcOffersService` could be configured with this interceptor to set the `createoffer` rate limit to 5/hour, and the `takeoffer` call rate limit could be set to 20/day. Whenever a call rate limit is exceeded, the gRPC call is aborted and the client receives a "rate limit exceeded" error.
Below is a simple example showing how to set rate limits for only the `getVersion` method in `GrpcVersionService`.
final ServerInterceptor[] interceptors() {
return new ServerInterceptor[]{
new CallRateMeteringInterceptor(new HashMap<>() {{
put("getVersion", new GrpcCallRateMeter(2, SECONDS));
}})
};
}
It specifies a CLI can execute `getversion` 2 times / second.
This is not a throttling mechanism, there is no blocking nor locking to slow call rates. When call rates are exceeded, calls are simply aborted.
This is the 10th in a chain of PRs beginning with https://github.com/bisq-network/bisq/pull/4884.
PR https://github.com/bisq-network/bisq/pull/4960 should be reviewed before this one.
You can view, comment on, or merge this pull request online at:
https://github.com/bisq-network/bisq/pull/4966
-- Commit Summary --
* Refactor BtcWalletService to let api override fee rates
* Merge branch 'master' into 02-refactor-completePreparedSendBsqTx
* Add optional txFeeRate parameter to api sendbsq
* Merge branch 'master' into 03-add-txFeeRate-param
* Add new api method 'sendbtc' and test
* Merge branch 'master' into 04-add-sendbtc-impl
* Support tx memo field for btc withdrawals from api
* Remove unused imports
* Merge branch 'master' into 05-use-memo-tx-field
* Use Bisq's UserThread.executor in gRPC server
* Append nullable withdrawalTxId field to Trade proto message
* Add new api method gettransaction
* Merge branch 'master' into 08-scratch
* Adjust create TransferwiseAccount test
* Disable method test to avoid repetition
* Merge branch 'master' into 09-scratch
* Add new CoreApiExceptionHandler to gRPC services
* Merge branch 'master' into 09-refactor-grpc-error-handling
* Fix class level comment
* Rename gRPC exception handler class
* Create grpc interceptor pkg, move auth interceptor into it
* Put arguments on separate lines
* Prevent excessive api calls
* Change long to int, tidy up error msg
-- File Changes --
M apitest/src/test/java/bisq/apitest/method/MethodTest.java (73)
M apitest/src/test/java/bisq/apitest/method/payment/CreatePaymentAccountTest.java (6)
M apitest/src/test/java/bisq/apitest/method/trade/AbstractTradeTest.java (10)
M apitest/src/test/java/bisq/apitest/method/trade/TakeSellBTCOfferTest.java (22)
M apitest/src/test/java/bisq/apitest/method/wallet/BsqWalletTest.java (2)
M apitest/src/test/java/bisq/apitest/method/wallet/BtcWalletTest.java (49)
M apitest/src/test/java/bisq/apitest/scenario/TradeTest.java (1)
M apitest/src/test/java/bisq/apitest/scenario/WalletTest.java (1)
M cli/src/main/java/bisq/cli/CliMain.java (125)
M cli/src/main/java/bisq/cli/ColumnHeaderConstants.java (10)
M cli/src/main/java/bisq/cli/TradeFormat.java (33)
A cli/src/main/java/bisq/cli/TransactionFormat.java (59)
M core/src/main/java/bisq/core/api/CoreApi.java (26)
M core/src/main/java/bisq/core/api/CoreTradesService.java (25)
M core/src/main/java/bisq/core/api/CoreWalletsService.java (126)
M core/src/main/java/bisq/core/api/model/TradeInfo.java (11)
A core/src/main/java/bisq/core/api/model/TxInfo.java (160)
M core/src/main/java/bisq/core/btc/wallet/BsqTransferService.java (5)
M core/src/main/java/bisq/core/btc/wallet/BtcWalletService.java (47)
M core/src/main/java/bisq/core/dao/governance/bond/lockup/LockupTxService.java (2)
M core/src/main/java/bisq/core/dao/governance/bond/unlock/UnlockTxService.java (2)
M core/src/main/java/bisq/core/trade/Trade.java (7)
M core/src/main/java/bisq/core/trade/TradeManager.java (1)
M daemon/src/main/java/bisq/daemon/grpc/GrpcDisputeAgentsService.java (16)
A daemon/src/main/java/bisq/daemon/grpc/GrpcExceptionHandler.java (93)
M daemon/src/main/java/bisq/daemon/grpc/GrpcGetTradeStatisticsService.java (23)
M daemon/src/main/java/bisq/daemon/grpc/GrpcOffersService.java (48)
M daemon/src/main/java/bisq/daemon/grpc/GrpcPaymentAccountsService.java (46)
M daemon/src/main/java/bisq/daemon/grpc/GrpcPriceService.java (12)
M daemon/src/main/java/bisq/daemon/grpc/GrpcServer.java (6)
M daemon/src/main/java/bisq/daemon/grpc/GrpcTradesService.java (45)
M daemon/src/main/java/bisq/daemon/grpc/GrpcVersionService.java (14)
M daemon/src/main/java/bisq/daemon/grpc/GrpcWalletsService.java (180)
A daemon/src/main/java/bisq/daemon/grpc/interceptor/CallRateMeteringInterceptor.java (109)
A daemon/src/main/java/bisq/daemon/grpc/interceptor/GrpcCallRateMeter.java (65)
R daemon/src/main/java/bisq/daemon/grpc/interceptor/PasswordAuthInterceptor.java (7)
M desktop/src/main/java/bisq/desktop/main/dao/wallet/send/BsqSendView.java (4)
M proto/src/main/proto/grpc.proto (83)
M proto/src/main/proto/pb.proto (1)
-- Patch Links --
https://github.com/bisq-network/bisq/pull/4966.patch
https://github.com/bisq-network/bisq/pull/4966.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/4966
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20201217/2417d23a/attachment.htm>
More information about the bisq-github
mailing list