Skip to content

Commit

Permalink
hurricane: add API rate limiter. (#1417)
Browse files Browse the repository at this point in the history
  • Loading branch information
ldez authored May 31, 2021
1 parent e8750f5 commit ed5c0a3
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 7 deletions.
1 change: 1 addition & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ require (
golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
golang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
google.golang.org/api v0.20.0
gopkg.in/ns1/ns1-go.v2 v2.4.4
gopkg.in/square/go-jose.v2 v2.5.1
Expand Down
3 changes: 2 additions & 1 deletion go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -631,8 +631,9 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 h1:Hir2P/De0WpUhtrKGGjvSb2YxUgyZ7EFOSLIcSSpiwE=
golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba h1:O8mE0/t419eoIwhTFpKVkHiTs/Igowgfkj25AcZrtiE=
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
Expand Down
5 changes: 3 additions & 2 deletions providers/dns/hurricane/hurricane.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package hurricane

import (
"context"
"errors"
"fmt"
"net/http"
Expand Down Expand Up @@ -87,7 +88,7 @@ func NewDNSProviderConfig(config *Config) (*DNSProvider, error) {
func (d *DNSProvider) Present(domain, _, keyAuth string) error {
_, txtRecord := dns01.GetRecord(domain, keyAuth)

err := d.client.UpdateTxtRecord(domain, txtRecord)
err := d.client.UpdateTxtRecord(context.Background(), domain, txtRecord)
if err != nil {
return fmt.Errorf("hurricane: %w", err)
}
Expand All @@ -97,7 +98,7 @@ func (d *DNSProvider) Present(domain, _, keyAuth string) error {

// CleanUp updates the TXT record matching the specified parameters.
func (d *DNSProvider) CleanUp(domain, _, _ string) error {
err := d.client.UpdateTxtRecord(domain, ".")
err := d.client.UpdateTxtRecord(context.Background(), domain, ".")
if err != nil {
return fmt.Errorf("hurricane: %w", err)
}
Expand Down
34 changes: 31 additions & 3 deletions providers/dns/hurricane/internal/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package internal

import (
"bytes"
"context"
"fmt"
"io/ioutil"
"log"
Expand All @@ -10,6 +11,8 @@ import (
"strings"
"sync"
"time"

"golang.org/x/time/rate"
)

const defaultBaseURL = "https://dyn.dns.he.net/nic/update"
Expand All @@ -20,14 +23,19 @@ const (
codeAbuse = "abuse"
codeBadAgent = "badagent"
codeBadAuth = "badauth"
codeInterval = "interval"
codeNoHost = "nohost"
codeNotFqdn = "notfqdn"
)

const defaultBurst = 5

// Client the Hurricane Electric client.
type Client struct {
HTTPClient *http.Client
baseURL string
HTTPClient *http.Client
rateLimiters sync.Map

baseURL string

credentials map[string]string
credMu sync.Mutex
Expand All @@ -43,7 +51,7 @@ func NewClient(credentials map[string]string) *Client {
}

// UpdateTxtRecord updates a TXT record.
func (c *Client) UpdateTxtRecord(domain string, txt string) error {
func (c *Client) UpdateTxtRecord(ctx context.Context, domain string, txt string) error {
hostname := fmt.Sprintf("_acme-challenge.%s", domain)

c.credMu.Lock()
Expand All @@ -59,6 +67,13 @@ func (c *Client) UpdateTxtRecord(domain string, txt string) error {
data.Set("hostname", hostname)
data.Set("txt", txt)

rl, _ := c.rateLimiters.LoadOrStore(hostname, rate.NewLimiter(limit(defaultBurst), defaultBurst))

err := rl.(*rate.Limiter).Wait(ctx)
if err != nil {
return err
}

resp, err := c.HTTPClient.PostForm(c.baseURL, data)
if err != nil {
return err
Expand Down Expand Up @@ -95,6 +110,8 @@ func evaluateBody(body string, hostname string) error {
return fmt.Errorf("%s: user agent not sent or HTTP method not recognized; open an issue on go-acme/lego on Github", body)
case codeBadAuth:
return fmt.Errorf("%s: wrong authentication token provided for TXT record %s", body, hostname)
case codeInterval:
return fmt.Errorf("%s: TXT records update exceeded API rate limit", body)
case codeNoHost:
return fmt.Errorf("%s: the record provided does not exist in this account: %s", body, hostname)
case codeNotFqdn:
Expand All @@ -104,3 +121,14 @@ func evaluateBody(body string, hostname string) error {
return fmt.Errorf("attempt to change TXT record %s returned %s", hostname, body)
}
}

// limit computes the rate based on burst.
// The API rate limit per-record is 10 reqs / 2 minutes.
//
// 10 reqs / 2 minutes = freq 1/12 (burst = 1)
// 6 reqs / 2 minutes = freq 1/20 (burst = 5)
//
// https://github.com/go-acme/lego/issues/1415
func limit(burst int) rate.Limit {
return 1 / rate.Limit(120/(10-burst+1))
}
3 changes: 2 additions & 1 deletion providers/dns/hurricane/internal/client_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package internal

import (
"context"
"fmt"
"net/http"
"net/http/httptest"
Expand Down Expand Up @@ -74,7 +75,7 @@ func TestClient_UpdateTxtRecord(t *testing.T) {
client := NewClient(map[string]string{"example.com": "secret"})
client.baseURL = server.URL

err := client.UpdateTxtRecord("example.com", "foo")
err := client.UpdateTxtRecord(context.Background(), "example.com", "foo")
test.expected(t, err)
})
}
Expand Down

0 comments on commit ed5c0a3

Please sign in to comment.