Skip to content

Commit 974bf7f

Browse files
committed
Fix rate limiting: exempt health/metrics, increase upload limits
- Health, metrics, UI, and API docs are now exempt from rate limiting - Increased upload rate limits to 200 req/s with burst of 500 for Docker compatibility
1 parent 1309529 commit 974bf7f

File tree

2 files changed

+18
-10
lines changed

2 files changed

+18
-10
lines changed

nora-registry/src/main.rs

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -219,14 +219,22 @@ async fn run_server(config: Config, storage: Storage) {
219219
.merge(registry::pypi_routes())
220220
.layer(rate_limit::upload_rate_limiter());
221221

222-
let app = Router::new()
222+
// Routes WITHOUT rate limiting (health, metrics, UI)
223+
let public_routes = Router::new()
223224
.merge(health::routes())
224225
.merge(metrics::routes())
225226
.merge(ui::routes())
226-
.merge(openapi::routes())
227+
.merge(openapi::routes());
228+
229+
// Routes WITH rate limiting
230+
let rate_limited_routes = Router::new()
227231
.merge(auth_routes)
228232
.merge(registry_routes)
229-
.layer(rate_limit::general_rate_limiter()) // General rate limit for all routes
233+
.layer(rate_limit::general_rate_limiter());
234+
235+
let app = Router::new()
236+
.merge(public_routes)
237+
.merge(rate_limited_routes)
230238
.layer(DefaultBodyLimit::max(100 * 1024 * 1024)) // 100MB default body limit
231239
.layer(middleware::from_fn(request_id::request_id_middleware))
232240
.layer(middleware::from_fn(metrics::metrics_middleware))

nora-registry/src/rate_limit.rs

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@ impl Default for RateLimitConfig {
3030
Self {
3131
auth_rps: 1, // 1 req/sec for auth (strict)
3232
auth_burst: 5, // Allow burst of 5
33-
upload_rps: 50, // 50 req/sec for uploads (Docker needs parallel)
34-
upload_burst: 100, // Allow burst of 100
33+
upload_rps: 200, // 200 req/sec for uploads (Docker needs high parallelism)
34+
upload_burst: 500, // Allow burst of 500
3535
general_rps: 100, // 100 req/sec general
3636
general_burst: 200, // Allow burst of 200
3737
}
@@ -58,16 +58,16 @@ pub fn auth_rate_limiter() -> tower_governor::GovernorLayer<
5858

5959
/// Create rate limiter layer for upload endpoints
6060
///
61-
/// Default: 50 requests per second, burst of 100
62-
/// Higher limits to accommodate Docker client's parallel layer uploads
61+
/// Default: 200 requests per second, burst of 500
62+
/// High limits to accommodate Docker client's aggressive parallel layer uploads
6363
pub fn upload_rate_limiter() -> tower_governor::GovernorLayer<
6464
tower_governor::key_extractor::PeerIpKeyExtractor,
6565
governor::middleware::StateInformationMiddleware,
6666
axum::body::Body,
6767
> {
6868
let config = GovernorConfigBuilder::default()
69-
.per_second(50)
70-
.burst_size(100)
69+
.per_second(200)
70+
.burst_size(500)
7171
.use_headers()
7272
.finish()
7373
.unwrap();
@@ -102,7 +102,7 @@ mod tests {
102102
let config = RateLimitConfig::default();
103103
assert_eq!(config.auth_rps, 1);
104104
assert_eq!(config.auth_burst, 5);
105-
assert_eq!(config.upload_rps, 50);
105+
assert_eq!(config.upload_rps, 200);
106106
assert_eq!(config.general_rps, 100);
107107
}
108108

0 commit comments

Comments
 (0)