Skip to content

Commit

Permalink
Switch Readme recommendation to use HTTPMiddleware (#114)
Browse files Browse the repository at this point in the history
  • Loading branch information
@paskal
paskal authored Jan 12, 2025
1 parent 3e7ad90 commit 458a309
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 18 deletions.
38 changes: 21 additions & 17 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,47 +25,51 @@ This is a generic middleware to rate-limit HTTP requests.

**v7.x.x:** Replaced `time/rate` with `embedded time/rate` so that we can support more rate limit headers.

**v8.x.x:** Address `RemoteIP` vulnerability concern by replacing `SetIPLookups` with `SetIPLookup`, an explicit way to pick the IP address.

**v8.x.x:** Address `RemoteIP` vulnerability concern by replacing `SetIPLookups` with `SetIPLookup`, an explicit way to pick the IP address. New `HTTPMiddleware` function which is compatible with standard routers.

## Five Minute Tutorial

```go
package main

import (
"net/http"
"net/http"

"github.com/didip/tollbooth/v8"
"github.com/didip/tollbooth/v8/limiter"
"github.com/didip/tollbooth/v8/limiter"
)

func HelloHandler(w http.ResponseWriter, req *http.Request) {
w.Write([]byte("Hello, World!"))
w.Write([]byte("Hello, World!"))
}

func main() {
// Create a request limiter per handler.
lmt := tollbooth.NewLimiter(1, nil)
// Create a request limiter per handler.
lmt := tollbooth.NewLimiter(1, nil)

// New in version >= 8, you must explicitly define how to pick the IP address.
lmt.SetIPLookup(limiter.IPLookup{
Name: "X-Real-IP",
IndexFromRight: 0,
})
// New in version >= 8, you must explicitly define how to pick the IP address.
lmt.SetIPLookup(limiter.IPLookup{
Name: "X-Real-IP",
IndexFromRight: 0,
})

// New in version >= 8, HTTPMiddleware is a standard router compatible alternative to the previously used LimitFuncHandler.
http.Handle("/", tollbooth.HTTPMiddleware(lmt)(http.HandlerFunc(HelloHandler)))
// Old syntax:
// http.Handle("/", tollbooth.LimitFuncHandler(lmt, HelloHandler))

http.Handle("/", tollbooth.LimitFuncHandler(lmt, HelloHandler))
http.ListenAndServe(":12345", nil)
http.ListenAndServe(":12345", nil)
}

```

## Features

1. Rate-limit by request's remote IP, path, methods, custom headers, & basic auth usernames.

```go
import (
"time"

"github.com/didip/tollbooth/v8"
"github.com/didip/tollbooth/v8/limiter"
)
Expand All @@ -84,7 +88,7 @@ func main() {
// The name of lookup method.
// Possible options are: RemoteAddr, X-Forwarded-For, X-Real-IP, CF-Connecting-IP
// All other headers are considered unknown and will be ignored.
Name: "X-Real-IP",
Name: "X-Real-IP",

// The index position to pick the ip address from a comma separated list.
// The index goes from right to left.
Expand Down
2 changes: 1 addition & 1 deletion tollbooth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ func LimitFuncHandler(lmt *limiter.Limiter, nextFunc func(http.ResponseWriter, *

// HTTPMiddleware wraps http.Handler with tollbooth limiter
func HTTPMiddleware(lmt *limiter.Limiter) func(http.Handler) http.Handler {
// // set IP lookup only if not set
// set IP lookup only if not set
if lmt.GetIPLookup().Name == "" {
lmt.SetIPLookup(limiter.IPLookup{Name: "RemoteAddr"})
}
Expand Down

0 comments on commit 458a309

Please sign in to comment.