34 lines
950 B
Go
34 lines
950 B
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/go-chi/httprate"
|
|
)
|
|
|
|
// RateLimit returns a middleware that limits requests per minute by IP.
|
|
// Admin routes are skipped.
|
|
// GET /v1/invoices/{hash} is skipped: the SPA polls invoice status ~30/min while
|
|
// the default global limit is 30/min, which starves pricing and user lookups on the same IP.
|
|
func RateLimit(perMin int) func(http.Handler) http.Handler {
|
|
if perMin <= 0 {
|
|
return func(next http.Handler) http.Handler { return next }
|
|
}
|
|
limiter := httprate.LimitByIP(perMin, time.Minute)
|
|
return func(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if strings.HasPrefix(r.URL.Path, "/v1/admin/") {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
if r.Method == http.MethodGet && strings.HasPrefix(r.URL.Path, "/v1/invoices/") {
|
|
next.ServeHTTP(w, r)
|
|
return
|
|
}
|
|
limiter(next).ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|