storj

JakeHillion/storj

Fork 0

Commit Graph

Author	SHA1	Message	Date
Artur M. Wolff	7f595445ac	satellite/metainfo: make subsequent auth validations not perform rate-limiting Currently, requests that were successfully passed through the metainfo endpoints rate-limiter might still fail in the middle of the corresponding response. The problem is that we perform rate-limiting a second time, which means other requests would influence whether the current (already rate-checked) request will fail. This also has other unintended effects, like responding with rpcstatus.PermissionDenied for requests that were successfully rate-checked and did not lack permissions but were rate-checked again in the middle of (*Endpoint).BeginObject. This situation has been happening on the gateway side and might affect other uplink clients. This change, where appropriate, swaps subsequent validateAuth with validateAuthN that performs rate-limiting once. Change-Id: I6fc26dedb8c442dd20acaab5942f751279020b08	2021-09-10 12:07:06 +00:00

Author

SHA1

Message

Date

Artur M. Wolff

7f595445ac

satellite/metainfo: make subsequent auth validations not perform rate-limiting

Currently, requests that were successfully passed through the metainfo
endpoints rate-limiter might still fail in the middle of the
corresponding response. The problem is that we perform rate-limiting a
second time, which means other requests would influence whether the
current (already rate-checked) request will fail. This also has other
unintended effects, like responding with rpcstatus.PermissionDenied for
requests that were successfully rate-checked and did not lack
permissions but were rate-checked again in the middle of
(*Endpoint).BeginObject. This situation has been happening on the
gateway side and might affect other uplink clients. This change, where
appropriate, swaps subsequent validateAuth with validateAuthN that
performs rate-limiting once.

Change-Id: I6fc26dedb8c442dd20acaab5942f751279020b08

2021-09-10 12:07:06 +00:00

1 Commits