Skip to content

Commit 26d8fcb

Browse files
spencergibbspencergibb
committed
If the rate limiter key resolver returns an empty key, set response status to Forbidden
1 parent 3d4a17c commit 26d8fcb

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

spring-cloud-gateway-server-mvc/src/main/java/org/springframework/cloud/gateway/server/mvc/filter/Bucket4jFilterFunctions.java

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@
3535
import org.springframework.http.HttpStatus;
3636
import org.springframework.http.HttpStatusCode;
3737
import org.springframework.util.Assert;
38+
import org.springframework.util.StringUtils;
3839
import org.springframework.web.servlet.function.HandlerFilterFunction;
3940
import org.springframework.web.servlet.function.ServerRequest;
4041
import org.springframework.web.servlet.function.ServerResponse;
@@ -47,7 +48,9 @@ public abstract class Bucket4jFilterFunctions {
4748
public static final String DEFAULT_HEADER_NAME = "X-RateLimit-Remaining";
4849

4950
private static final Function<RateLimitConfig, BucketConfiguration> DEFAULT_CONFIGURATION_BUILDER = config -> BucketConfiguration
50-
.builder().addLimit(Bandwidth.simple(config.getCapacity(), config.getPeriod())).build();
51+
.builder().addLimit(Bandwidth.builder().capacity(config.getCapacity())
52+
.refillGreedy(config.getCapacity(), config.getPeriod()).build())
53+
.build();
5154

5255
private Bucket4jFilterFunctions() {
5356
}
@@ -65,8 +68,12 @@ public static HandlerFilterFunction<ServerResponse, ServerResponse> rateLimit(
6568
BucketConfiguration bucketConfiguration = config.getConfigurationBuilder().apply(config);
6669
return (request, next) -> {
6770
AsyncProxyManager proxyManager = MvcUtils.getApplicationContext(request).getBean(AsyncProxyManager.class);
68-
AsyncBucketProxy bucket = proxyManager.builder().build(config.getKeyResolver().apply(request),
69-
bucketConfiguration);
71+
String key = config.getKeyResolver().apply(request);
72+
if (!StringUtils.hasText(key)) {
73+
// TODO: configurable empty key status code
74+
return ServerResponse.status(HttpStatus.FORBIDDEN).build();
75+
}
76+
AsyncBucketProxy bucket = proxyManager.builder().build(key, bucketConfiguration);
7077
CompletableFuture<ConsumptionProbe> bucketFuture = bucket.tryConsumeAndReturnRemaining(config.getTokens());
7178
ConsumptionProbe consumptionProbe;
7279
if (config.getTimeout() != null) {

0 commit comments

Comments
 (0)