Skip to content

Commit

Permalink
fix:add CHANGES.md and optimize some codes
Browse files Browse the repository at this point in the history
  • Loading branch information
youngzil committed Nov 3, 2024
1 parent 8b9d09b commit 1bae71f
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ Apollo 2.4.0
* [Feature: openapi query namespace support not fill item](https://github.com/apolloconfig/apollo/pull/5249)
* [Refactor: align database ClusterName and NamespaceName fields lengths](https://github.com/apolloconfig/apollo/pull/5263)
* [Feature: Added the value length limit function for AppId-level configuration items](https://github.com/apolloconfig/apollo/pull/5264)
* [Feature: Added current limiting function to ConsumerToken](https://github.com/apolloconfig/apollo/pull/5267)

------------------
All issues and pull requests are [here](https://github.com/apolloconfig/apollo/milestone/15?closed=1)
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
import com.google.common.cache.CacheBuilder;
import com.google.common.util.concurrent.RateLimiter;
import java.io.IOException;

import java.util.concurrent.TimeUnit;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
Expand All @@ -49,8 +49,12 @@ public class ConsumerAuthenticationFilter implements Filter {
private final ConsumerAuditUtil consumerAuditUtil;
private final PortalConfig portalConfig;

private static final Cache<String, ImmutablePair<Long, RateLimiter>> LIMITER = CacheBuilder.newBuilder().build();
private static final int WARMUP_MILLIS = 1000; // ms
private static final int RATE_LIMITER_CACHE_MAX_SIZE = 50000;

private static final Cache<String, ImmutablePair<Long, RateLimiter>> LIMITER = CacheBuilder.newBuilder()
.expireAfterWrite(1, TimeUnit.DAYS)
.maximumSize(RATE_LIMITER_CACHE_MAX_SIZE).build();

public ConsumerAuthenticationFilter(ConsumerAuthUtil consumerAuthUtil, ConsumerAuditUtil consumerAuditUtil, PortalConfig portalConfig) {
this.consumerAuthUtil = consumerAuthUtil;
Expand Down Expand Up @@ -78,6 +82,9 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
}

Integer limitCount = consumerToken.getLimitCount();
if (limitCount == null) {
limitCount = 0;
}
if (portalConfig.isOpenApiLimitEnabled() && limitCount > 0) {
try {
ImmutablePair<Long, RateLimiter> rateLimiterPair = getOrCreateRateLimiterPair(token, limitCount);
Expand All @@ -88,6 +95,8 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
}
} catch (Exception e) {
logger.error("ConsumerAuthenticationFilter ratelimit error", e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Rate limiting failed");
return;
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package com.ctrip.framework.apollo;

import com.ctrip.framework.apollo.openapi.auth.ConsumerPermissionValidator;
import com.ctrip.framework.apollo.openapi.entity.ConsumerToken;
import com.ctrip.framework.apollo.openapi.util.ConsumerAuthUtil;
import com.ctrip.framework.apollo.portal.component.PermissionValidator;
import org.springframework.context.annotation.Bean;
Expand Down Expand Up @@ -50,6 +51,11 @@ public ConsumerPermissionValidator consumerPermissionValidator() {
public ConsumerAuthUtil consumerAuthUtil() {
final ConsumerAuthUtil mock = mock(ConsumerAuthUtil.class);
when(mock.getConsumerId(any())).thenReturn(1L);

ConsumerToken someConsumerToken = new ConsumerToken();
someConsumerToken.setConsumerId(1L);
someConsumerToken.setLimitCount(20);
when(mock.getConsumerToken(any())).thenReturn(someConsumerToken);
return mock;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,11 @@ public void testAuthSuccessfully() throws Exception {
String someToken = "someToken";
Long someConsumerId = 1L;

ConsumerToken someConsumerToken = new ConsumerToken();
someConsumerToken.setConsumerId(someConsumerId);

when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn(someToken);
when(consumerAuthUtil.getConsumerId(someToken)).thenReturn(someConsumerId);
when(consumerAuthUtil.getConsumerToken(someToken)).thenReturn(someConsumerToken);

authenticationFilter.doFilter(request, response, filterChain);

Expand All @@ -93,7 +96,7 @@ public void testAuthFailed() throws Exception {
String someInvalidToken = "someInvalidToken";

when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn(someInvalidToken);
when(consumerAuthUtil.getConsumerId(someInvalidToken)).thenReturn(null);
when(consumerAuthUtil.getConsumerToken(someInvalidToken)).thenReturn(null);

authenticationFilter.doFilter(request, response, filterChain);

Expand Down Expand Up @@ -176,7 +179,6 @@ private void setupRateLimitMocks(String someToken, Long someConsumerId, int qps)
someConsumerToken.setLimitCount(qps);

when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn(someToken);
when(consumerAuthUtil.getConsumerId(someToken)).thenReturn(someConsumerId);
when(consumerAuthUtil.getConsumerToken(someToken)).thenReturn(someConsumerToken);
when(portalConfig.isOpenApiLimitEnabled()).thenReturn(true);
}
Expand Down
12 changes: 12 additions & 0 deletions docs/en/deployment/distributed-deployment-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -1455,6 +1455,18 @@ Default is 200, which means that each environment will return up to 200 results

Modifying this parameter may affect the performance of the search function, so before modifying it, you should conduct sufficient testing and adjust the value of `apollo.portal.search.perEnvMaxResults` appropriately according to the actual business requirements and system resources to balance the performance and the number of search results.

### 3.1.15 open.api.limit.count - Default value of ConsumerToken current limit value

> For versions 2.4.0 and above
The default value is 20. When creating a third-party application in the Open Platform Authorization Management, the default current limit value of the created ConsumerToken is this value.

### 3.1.16 open.api.limit.enabled - Whether to enable the ConsumerToken current limiting function

> For versions 2.4.0 and above
The default value is `false`. When set to `true`, it means that each ConsumerToken request to the Apollo OpenAPI interface will be limited to a specific QPS, and the current limit value is the value of the `limitCount` field in the `ConsumerToken` table.

## 3.2 Adjusting ApolloConfigDB configuration

Configuration items are uniformly stored in the ApolloConfigDB.ServerConfig table. It should be noted that each environment's ApolloConfigDB.ServerConfig needs to be configured separately, and the modification takes effect in real time for one minute afterwards.
Expand Down
11 changes: 11 additions & 0 deletions docs/zh/deployment/distributed-deployment-guide.md
Original file line number Diff line number Diff line change
Expand Up @@ -1400,6 +1400,17 @@ portal上“帮助”链接的地址,默认是Apollo github的wiki首页,可

修改该参数可能会影响搜索功能的性能,因此在修改之前应该进行充分的测试,根据实际业务需求和系统资源情况,适当调整`apollo.portal.search.perEnvMaxResults`的值,以平衡性能和搜索结果的数量

### 3.1.15 open.api.limit.count - ConsumerToken 限流值的默认值

> 适用于2.4.0及以上版本
默认为20,当在 `开放平台授权管理-创建第三方应用` 时,创建的 ConsumerToken 默认的限流值即为此值

### 3.1.16 open.api.limit.enabled - 是否开启 ConsumerToken 限流功能

> 适用于2.4.0及以上版本
默认为`false`,当设置为`true`,意味着每个 ConsumerToken 请求Apollo OpenAPI 接口的时候,都会被限制到特定的QPS,限流值为`ConsumerToken`表中的`limitCount`字段的值

## 3.2 调整ApolloConfigDB配置
配置项统一存储在ApolloConfigDB.ServerConfig表中,需要注意每个环境的ApolloConfigDB.ServerConfig都需要单独配置,修改完一分钟实时生效。
Expand Down

0 comments on commit 1bae71f

Please sign in to comment.