Harden limiter lifecycle and key formatting

Author: KSemenenko

ManagedCode.Orleans.RateLimiting.Client/Extensions/HttpRequestExtensions.cs

@@ -7,11 +7,16 @@ namespace ManagedCode.Orleans.RateLimiting.Client.Extensions;
 
 public static class HttpRequestExtensions
 {
+    private const char CsvSeparator = ',';
+    private const string RealIpHeaderName = "X-Real-IP";
+    private const string ForwardedForHeaderName = "X-Forwarded-For";
+    private const string RemoteAddressHeaderName = "REMOTE_ADDR";
+
     private static readonly string[] DefaultIpHeaders =
     [
-        "X-Real-IP",
-        "X-Forwarded-For",
-        "REMOTE_ADDR"
+        RealIpHeaderName,
+        ForwardedForHeaderName,
+        RemoteAddressHeaderName
     ];
 
     public static string GetClientIpAddress(this HttpRequest request)
@@ -59,6 +64,6 @@ private static IEnumerable<string> SplitCsv(string? csvList)
         if (string.IsNullOrWhiteSpace(csvList))
             return Enumerable.Empty<string>();
 
-        return csvList.TrimEnd(',').Split(',').Select(s => s.Trim());
+        return csvList.TrimEnd(CsvSeparator).Split(CsvSeparator).Select(s => s.Trim());
     }
 }

ManagedCode.Orleans.RateLimiting.Client/Middlewares/OrleansBaseRateLimitingMiddleware.cs

@@ -6,6 +6,7 @@
 using ManagedCode.Orleans.RateLimiting.Core.Extensions;
 using ManagedCode.Orleans.RateLimiting.Core.Models;
 using ManagedCode.Orleans.RateLimiting.Core.Models.Holders;
+using ManagedCode.Orleans.RateLimiting.Core.Models.Orchestration;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc.Controllers;
 using Microsoft.Extensions.DependencyInjection;
@@ -89,6 +90,6 @@ protected static (T attribute, string? postfix)? TryGetAttribute<T>(HttpContext
 
     protected static string CreateKey(params string[] parts)
     {
-        return string.Join(RateLimitMiddlewareConstants.KeySeparator, parts);
+        return RateLimitPartitionKeyFormatter.Join(parts);
     }
 }

ManagedCode.Orleans.RateLimiting.Client/Middlewares/OrleansUserRateLimitingMiddleware.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Security.Claims;
 using ManagedCode.Orleans.RateLimiting.Client.Attributes;
 using ManagedCode.Orleans.RateLimiting.Client.Extensions;
 using ManagedCode.Orleans.RateLimiting.Core.Models.Holders;
@@ -45,7 +46,7 @@ private bool AddAuthorizedRateLimiter(HttpContext httpContext, GroupLimiterHolde
         {
             var attribute = TryGetAttribute<AuthorizedIpRateLimiterAttribute>(httpContext);
             if (attribute.HasValue)
-                return holder.AddLimiter(TryGetLimiterHolder(CreateKey(httpContext.Request.GetClientIpAddress(), httpContext.User.Identity.Name ?? "rate-user-name", attribute.Value.postfix!), attribute.Value.attribute.ConfigurationName));
+                return holder.AddLimiter(TryGetLimiterHolder(CreateKey(httpContext.Request.GetClientIpAddress(), GetAuthenticatedUserKey(httpContext), attribute.Value.postfix!), attribute.Value.attribute.ConfigurationName));
         }
 
         return false;
@@ -56,9 +57,16 @@ private bool AddInRoleRateLimiter(HttpContext httpContext, GroupLimiterHolder ho
         var attribute = TryGetAttribute<InRoleIpRateLimiterAttribute>(httpContext);
         if (attribute.HasValue)
             if (httpContext.User?.Identity?.IsAuthenticated is true && httpContext.User.IsInRole(attribute.Value.attribute.Role))
-                return holder.AddLimiter(TryGetLimiterHolder(CreateKey(httpContext.Request.GetClientIpAddress(), httpContext.User.Identity.Name!, attribute.Value.attribute.Role, attribute.Value.postfix!),
+                return holder.AddLimiter(TryGetLimiterHolder(CreateKey(httpContext.Request.GetClientIpAddress(), GetAuthenticatedUserKey(httpContext), attribute.Value.attribute.Role, attribute.Value.postfix!),
                     attribute.Value.attribute.ConfigurationName));
 
         return false;
     }
-}
+
+    private static string GetAuthenticatedUserKey(HttpContext httpContext)
+    {
+        return httpContext.User.Identity?.Name
+               ?? httpContext.User.FindFirstValue(ClaimTypes.NameIdentifier)
+               ?? RateLimitMiddlewareConstants.UnknownAuthenticatedUserKey;
+    }
+}

ManagedCode.Orleans.RateLimiting.Client/Middlewares/RateLimitMiddlewareConstants.cs

@@ -3,7 +3,7 @@ namespace ManagedCode.Orleans.RateLimiting.Client.Middlewares;
 internal static class RateLimitMiddlewareConstants
 {
     public const string DefaultPath = "/";
-    public const string KeySeparator = ":";
+    public const string UnknownAuthenticatedUserKey = "rate-user-name";
     public const string OperationNameSeparator = " ";
     public const string ResourceSeparator = ".";
     public const string TooManyRequestsError = "Too many requests";
@@ -17,4 +17,5 @@ internal static class RateLimitMiddlewareConstants
     public const string ConfigurationMetadataKey = "configuration";
     public const string PartitionMetadataKey = "partition";
     public const string PathMetadataKey = "path";
+    public const string SignalRRateLimitedLogMessage = "SignalR invocation {HubMethodName} was rate limited: {Reason}";
 }

ManagedCode.Orleans.RateLimiting.Client/Middlewares/RateLimitResponseWriter.cs

@@ -1,4 +1,5 @@
 using System.Threading.Tasks;
+using System.Globalization;
 using ManagedCode.Orleans.RateLimiting.Core.Models;
 using Microsoft.AspNetCore.Http;
 
@@ -17,7 +18,7 @@ await httpContext.Response.WriteAsJsonAsync(new RateLimitRejectedResponse(
             StatusCodes.Status429TooManyRequests,
             RateLimitMiddlewareConstants.TooManyRequestsError,
             lease.Reason,
-            lease.RetryAfter.ToString()));
+            lease.RetryAfter.ToString(null, CultureInfo.InvariantCulture)));
     }
 
     private sealed record RateLimitRejectedResponse(int StatusCode, string Error, string Reason, string RetryAfter);

ManagedCode.Orleans.RateLimiting.Client/Middlewares/RateLimitingHubFilter.cs

@@ -34,7 +34,7 @@ public RateLimitingHubFilter(
         var lease = await holder.AcquireAsync();
         if (lease is not null)
         {
-            _logger.LogInformation("SignalR invocation {HubMethodName} was rate limited: {Reason}", invocationContext.HubMethodName, lease.Reason);
+            _logger.LogInformation(RateLimitMiddlewareConstants.SignalRRateLimitedLogMessage, invocationContext.HubMethodName, lease.Reason);
             throw new RateLimitExceededException(lease.Reason, lease.RetryAfter);
         }
 

ManagedCode.Orleans.RateLimiting.Core/Exceptions/RateLimitConfigurationNotFoundException.cs

@@ -9,7 +9,7 @@ public RateLimitConfigurationNotFoundException()
     }
 
     public RateLimitConfigurationNotFoundException(string configurationName)
-        : base($"Rate limiter configuration '{configurationName}' was not found.")
+        : base(RateLimiterExceptionMessages.ConfigurationNotFound(configurationName))
     {
         ConfigurationName = configurationName;
     }

ManagedCode.Orleans.RateLimiting.Core/Exceptions/RateLimitPartitionKeyNotFoundException.cs

@@ -10,7 +10,7 @@ public RateLimitPartitionKeyNotFoundException()
     }
 
     public RateLimitPartitionKeyNotFoundException(RateLimitPartitionKind kind)
-        : base($"Rate limit partition key for '{kind}' was not found.")
+        : base(RateLimiterExceptionMessages.PartitionKeyNotFound(kind))
     {
         Kind = kind;
     }

ManagedCode.Orleans.RateLimiting.Core/Exceptions/RateLimiterExceptionMessages.cs

@@ -0,0 +1,18 @@
+namespace ManagedCode.Orleans.RateLimiting.Core.Exceptions;
+
+public static class RateLimiterExceptionMessages
+{
+    private const string ConfigurationNotFoundPrefix = "Rate limiter configuration '";
+    private const string PartitionKeyNotFoundPrefix = "Rate limit partition key for '";
+    private const string NotFoundSuffix = "' was not found.";
+
+    public static string ConfigurationNotFound(string configurationName)
+    {
+        return string.Concat(ConfigurationNotFoundPrefix, configurationName, NotFoundSuffix);
+    }
+
+    public static string PartitionKeyNotFound(object kind)
+    {
+        return string.Concat(PartitionKeyNotFoundPrefix, kind, NotFoundSuffix);
+    }
+}

ManagedCode.Orleans.RateLimiting.Core/Extensions/GrainFactoryExtensions.cs

@@ -19,7 +19,7 @@ public static ILimiterHolder GetRateLimiter<T>(this IGrainFactory factory, strin
             var type when type == typeof(ISlidingWindowRateLimiterGrain) => factory.GetSlidingWindowRateLimiter(key),
             var type when type == typeof(ITokenBucketRateLimiterGrain) => factory.GetTokenBucketRateLimiter(key),
 
-            _ => throw new System.NotSupportedException($"Rate limiter grain type '{typeof(T).FullName}' is not supported.")
+            _ => throw new System.NotSupportedException(RateLimiterLogMessages.UnsupportedGrainType(typeof(T).FullName))
         };
     }