Handle rateLimitMutex

deflect-ca · Sep 25, 2024 · 1b8d937 · 1b8d937
1 parent 4e920c1
commit 1b8d937
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 15 deletions.
diff --git a/banjax.go b/banjax.go
@@ -171,7 +171,7 @@ func init_ipset(config *internal.Config) ipset.IPSet {
 func main() {
 	// XXX protects ipToRegexStates and failedChallengeStates
 	// (why both? because there are too many parameters already?)
-	var rateLimitMutex sync.Mutex
+	var rateLimitMutex sync.RWMutex
 	ipToRegexStates := internal.IpToRegexStates{}
 	failedChallengeStates := internal.FailedChallengeStates{}
 

diff --git a/internal/config.go b/internal/config.go
@@ -552,7 +552,7 @@ func WriteMetricsToEncoder(
 	metricsLogEncoder *json.Encoder,
 	decisionListsMutex *sync.RWMutex,
 	decisionLists *DecisionLists,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	ipToRegexStates *IpToRegexStates,
 	failedChallengeStates *FailedChallengeStates,
 ) {

diff --git a/internal/http_server.go b/internal/http_server.go
@@ -31,7 +31,7 @@ func RunHttpServer(
 	decisionListsMutex *sync.RWMutex,
 	decisionLists *DecisionLists,
 	passwordProtectedPaths *PasswordProtectedPaths,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	ipToRegexStates *IpToRegexStates,
 	failedChallengeStates *FailedChallengeStates,
 	banner BannerInterface,
@@ -189,14 +189,14 @@ func RunHttpServer(
 	})
 
 	r.GET("/rate_limit_states", func(c *gin.Context) {
-		rateLimitMutex.Lock()
+		rateLimitMutex.RLock()
 		c.String(200,
 			fmt.Sprintf("regexes:\n%v\nfailed challenges:\n%v",
 				ipToRegexStates.String(),
 				failedChallengeStates.String(),
 			),
 		)
-		rateLimitMutex.Unlock()
+		rateLimitMutex.RUnlock()
 	})
 
 	// API to check if given IP was banned by iptables
@@ -484,7 +484,7 @@ func tooManyFailedChallenges(
 	path string,
 	banner BannerInterface,
 	challengeType string,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	failedChallengeStates *FailedChallengeStates,
 	method string,
 	decisionListsMutex *sync.RWMutex,
@@ -588,7 +588,7 @@ func sendOrValidateShaChallenge(
 	config *Config,
 	c *gin.Context,
 	banner BannerInterface,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	failedChallengeStates *FailedChallengeStates,
 	failAction FailAction,
 	decisionListsMutex *sync.RWMutex,
@@ -691,7 +691,7 @@ func sendOrValidatePassword(
 	passwordProtectedPaths *PasswordProtectedPaths,
 	c *gin.Context,
 	banner BannerInterface,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	failedChallengeStates *FailedChallengeStates,
 	decisionListsMutex *sync.RWMutex,
 	decisionLists *DecisionLists,
@@ -836,7 +836,7 @@ func decisionForNginx(
 	decisionListsMutex *sync.RWMutex,
 	decisionLists *DecisionLists,
 	passwordProtectedPaths *PasswordProtectedPaths,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	failedChallengeStates *FailedChallengeStates,
 	banner BannerInterface,
 ) gin.HandlerFunc {
@@ -910,7 +910,7 @@ func decisionForNginx2(
 	decisionListsMutex *sync.RWMutex,
 	decisionLists *DecisionLists,
 	passwordProtectedPaths *PasswordProtectedPaths,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	failedChallengeStates *FailedChallengeStates,
 	banner BannerInterface,
 ) (decisionForNginxResult DecisionForNginxResult) {

diff --git a/internal/regex_rate_limiter.go b/internal/regex_rate_limiter.go
@@ -22,7 +22,7 @@ import (
 func RunLogTailer(
 	config *Config,
 	banner BannerInterface,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	ipToRegexStates *IpToRegexStates,
 	decisionListsMutex *sync.RWMutex,
 	decisionLists *DecisionLists,
@@ -177,7 +177,7 @@ func checkIpInPerSiteDecisionList(
 // parsing these unescaped space-separated strings is gross. maybe pass json instead.
 func consumeLine(
 	line *tail.Line,
-	rateLimitMutex *sync.Mutex,
+	rateLimitMutex *sync.RWMutex,
 	ipToRegexStates *IpToRegexStates,
 	banner BannerInterface,
 	config *Config,

diff --git a/internal/regex_rate_limiter_test.go b/internal/regex_rate_limiter_test.go
@@ -89,7 +89,7 @@ func configToStructs(
 }
 
 func TestConsumeLine(t *testing.T) {
-	var rateLimitMutex sync.Mutex
+	var rateLimitMutex sync.RWMutex
 	configString := `
 regexes_with_rates:
   - rule: 'rule1'
@@ -293,7 +293,7 @@ per_site_regexes_with_rates:
 }
 
 func TestConsumeLineHostsToSkip(t *testing.T) {
-	var rateLimitMutex sync.Mutex
+	var rateLimitMutex sync.RWMutex
 	configString := `
 regexes_with_rates:
   - rule: 'rule1'
@@ -340,7 +340,7 @@ regexes_with_rates:
 }
 
 func TestPerSiteRegexStress(t *testing.T) {
-	var rateLimitMutex sync.Mutex
+	var rateLimitMutex sync.RWMutex
 	var domains []string
 	var paths []string
 	testCount := 10000