tenseleyflow/shithub / 9191613

+

+# ----- rate limits (S50 §0) -----

+# Per-hour budgets for /api/v1/* requests. Authed keyed by token id;

+# anon keyed by remote IP. Zero falls back to the default.

+SHITHUB_RATELIMIT__API__AUTHED_PER_HOUR=5000

+SHITHUB_RATELIMIT__API__ANON_PER_HOUR=60

+	RateLimit      RateLimitConfig      `toml:"ratelimit"`

+}

+

+// RateLimitConfig configures runtime rate-limit budgets for surfaces that

+// don't carry a domain-specific limiter. The /api/v1/ JSON surface uses

+// the API.* sub-block; future surfaces (search, git transports) get their

+// own sub-blocks here as they're factored out of their handlers.

+type RateLimitConfig struct {

+	API APIRateLimitConfig `toml:"api"`

+}

+

+// APIRateLimitConfig sets the per-hour budgets for /api/v1/* requests.

+// AuthedPerHour applies when the caller presents a valid PAT (keyed by

+// token id). AnonPerHour applies to unauthenticated callers (keyed by

+// remote IP). Defaults are GitHub-aligned: 5000/h authed, 60/h anon —

+// operators tune via SHITHUB_RATELIMIT__API__AUTHED_PER_HOUR /

+// SHITHUB_RATELIMIT__API__ANON_PER_HOUR.

+type APIRateLimitConfig struct {

+	AuthedPerHour int `toml:"authed_per_hour"`

+	AnonPerHour   int `toml:"anon_per_hour"`

+		RateLimit: RateLimitConfig{

+			API: APIRateLimitConfig{

+				AuthedPerHour: 5000,

+				AnonPerHour:   60,

+			},

+		},

+	if c.RateLimit.API.AuthedPerHour < 0 {

+		return fmt.Errorf("config: ratelimit.api.authed_per_hour: must be >= 0, got %d", c.RateLimit.API.AuthedPerHour)

+	}

+	if c.RateLimit.API.AnonPerHour < 0 {

+		return fmt.Errorf("config: ratelimit.api.anon_per_hour: must be >= 0, got %d", c.RateLimit.API.AnonPerHour)

+	}

+	if c.RateLimit.API.AuthedPerHour == 0 {

+		c.RateLimit.API.AuthedPerHour = 5000

+	}

+	if c.RateLimit.API.AnonPerHour == 0 {

+		c.RateLimit.API.AnonPerHour = 60

+	}

+

+func TestDefaults_RateLimitAPI(t *testing.T) {

+	t.Parallel()

+	cfg := Defaults()

+	if cfg.RateLimit.API.AuthedPerHour != 5000 {

+		t.Errorf("RateLimit.API.AuthedPerHour: got %d, want 5000", cfg.RateLimit.API.AuthedPerHour)

+	}

+	if cfg.RateLimit.API.AnonPerHour != 60 {

+		t.Errorf("RateLimit.API.AnonPerHour: got %d, want 60", cfg.RateLimit.API.AnonPerHour)

+	}

+}

+

+func TestValidate_RejectsNegativeRateLimit(t *testing.T) {

+	t.Parallel()

+	cfg := Defaults()

+	cfg.RateLimit.API.AuthedPerHour = -1

+	if err := Validate(&cfg); err == nil {

+		t.Errorf("expected validation error for ratelimit.api.authed_per_hour=-1")

+	}

+	cfg = Defaults()

+	cfg.RateLimit.API.AnonPerHour = -5

+	if err := Validate(&cfg); err == nil {

+		t.Errorf("expected validation error for ratelimit.api.anon_per_hour=-5")

+	}

+}

+

+func TestValidate_RateLimitZeroFillsDefault(t *testing.T) {

+	t.Parallel()

+	cfg := Defaults()

+	cfg.RateLimit.API.AuthedPerHour = 0

+	cfg.RateLimit.API.AnonPerHour = 0

+	if err := Validate(&cfg); err != nil {

+		t.Fatalf("Validate: %v", err)

+	}

+	if cfg.RateLimit.API.AuthedPerHour != 5000 {

+		t.Errorf("zero-fill authed: got %d, want 5000", cfg.RateLimit.API.AuthedPerHour)

+	}

+	if cfg.RateLimit.API.AnonPerHour != 60 {

+		t.Errorf("zero-fill anon: got %d, want 60", cfg.RateLimit.API.AnonPerHour)

+	}

+}

+

+func TestMergeEnv_RateLimitAPI(t *testing.T) {

+	t.Parallel()

+	cfg := Defaults()

+	env := []string{

+		"SHITHUB_RATELIMIT__API__AUTHED_PER_HOUR=10000",

+		"SHITHUB_RATELIMIT__API__ANON_PER_HOUR=120",

+	}

+	if err := mergeEnv(&cfg, env); err != nil {

+		t.Fatalf("mergeEnv: %v", err)

+	}

+	if cfg.RateLimit.API.AuthedPerHour != 10000 {

+		t.Errorf("AuthedPerHour: got %d, want 10000", cfg.RateLimit.API.AuthedPerHour)

+	}

+	if cfg.RateLimit.API.AnonPerHour != 120 {

+		t.Errorf("AnonPerHour: got %d, want 120", cfg.RateLimit.API.AnonPerHour)

+	}

+}