mirror of
				https://github.com/go-gitea/gitea
				synced 2025-10-26 08:58:24 +00:00 
			
		
		
		
	Add middleware for request prioritization (#33951)
This adds a middleware for overload protection that is intended to help protect against malicious scrapers. It does this via [`codel`](https://github.com/bohde/codel), which will perform the following: 1. Limit the number of in-flight requests to some user-defined max 2. When in-flight requests have reached their begin queuing requests. Logged-in requests having priority above logged-out requests 3. Once a request has been queued for too long, it has a probabilistic chance to be rejected based on how overloaded the entire system is. When a server experiences more traffic than it can handle, this keeps latency low for logged-in users and rejects just enough requests from logged-out users to not overload the service. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
This commit is contained in:
		
							
								
								
									
										5
									
								
								assets/go-licenses.json
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										5
									
								
								assets/go-licenses.json
									
									
									
										generated
									
									
									
								
							| @@ -294,6 +294,11 @@ | |||||||
|     "path": "github.com/bmatcuk/doublestar/v4/LICENSE", |     "path": "github.com/bmatcuk/doublestar/v4/LICENSE", | ||||||
|     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2014 Bob Matcuk\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n" |     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2014 Bob Matcuk\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n" | ||||||
|   }, |   }, | ||||||
|  |   { | ||||||
|  |     "name": "github.com/bohde/codel", | ||||||
|  |     "path": "github.com/bohde/codel/LICENSE", | ||||||
|  |     "licenseText": "BSD 3-Clause License\n\nCopyright (c) 2018, Rowan Bohde\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\n  list of conditions and the following disclaimer.\n\n* Redistributions in binary form must reproduce the above copyright notice,\n  this list of conditions and the following disclaimer in the documentation\n  and/or other materials provided with the distribution.\n\n* Neither the name of the copyright holder nor the names of its\n  contributors may be used to endorse or promote products derived from\n  this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n" | ||||||
|  |   }, | ||||||
|   { |   { | ||||||
|     "name": "github.com/boombuler/barcode", |     "name": "github.com/boombuler/barcode", | ||||||
|     "path": "github.com/boombuler/barcode/LICENSE", |     "path": "github.com/boombuler/barcode/LICENSE", | ||||||
|   | |||||||
| @@ -940,7 +940,29 @@ LEVEL = Info | |||||||
| ;; | ;; | ||||||
| ;; Disable the code explore page. | ;; Disable the code explore page. | ||||||
| ;DISABLE_CODE_PAGE = false | ;DISABLE_CODE_PAGE = false | ||||||
|  |  | ||||||
|  | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||||||
|  | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||||||
|  | ;[qos] | ||||||
|  | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||||||
|  | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||||||
| ;; | ;; | ||||||
|  | ;; Enable request quality of service and overload protection. | ||||||
|  | ; ENABLED = false | ||||||
|  | ;; | ||||||
|  | ;; The maximum number of concurrent requests that the server will | ||||||
|  | ;; process before enqueueing new requests. Default is "CpuNum * 4". | ||||||
|  | ; MAX_INFLIGHT = | ||||||
|  | ;; | ||||||
|  | ;; The maximum number of requests that can be enqueued before new | ||||||
|  | ;; requests will be dropped. | ||||||
|  | ; MAX_WAITING = 100 | ||||||
|  | ;; | ||||||
|  | ;; Target maximum wait time a request may be enqueued for. Requests | ||||||
|  | ;; that are enqueued for less than this amount of time will not be | ||||||
|  | ;; dropped. When wait times exceed this amount, a portion of requests | ||||||
|  | ;; will be dropped until wait times have decreased below this amount. | ||||||
|  | ; TARGET_WAIT_TIME = 250ms | ||||||
|  |  | ||||||
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||||||
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||||||
| @@ -1423,7 +1445,6 @@ LEVEL = Info | |||||||
| ;; or use comma separated list: inline-dollar, inline-parentheses, block-dollar, block-square-brackets | ;; or use comma separated list: inline-dollar, inline-parentheses, block-dollar, block-square-brackets | ||||||
| ;; Defaults to "inline-dollar,block-dollar" to follow GitHub's behavior. | ;; Defaults to "inline-dollar,block-dollar" to follow GitHub's behavior. | ||||||
| ;MATH_CODE_BLOCK_DETECTION = | ;MATH_CODE_BLOCK_DETECTION = | ||||||
| ;; |  | ||||||
|  |  | ||||||
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||||||
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | ||||||
|   | |||||||
							
								
								
									
										1
									
								
								go.mod
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								go.mod
									
									
									
									
									
								
							| @@ -32,6 +32,7 @@ require ( | |||||||
| 	github.com/aws/aws-sdk-go-v2/service/codecommit v1.28.1 | 	github.com/aws/aws-sdk-go-v2/service/codecommit v1.28.1 | ||||||
| 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb | 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb | ||||||
| 	github.com/blevesearch/bleve/v2 v2.4.2 | 	github.com/blevesearch/bleve/v2 v2.4.2 | ||||||
|  | 	github.com/bohde/codel v0.2.0 | ||||||
| 	github.com/buildkite/terminal-to-html/v3 v3.16.8 | 	github.com/buildkite/terminal-to-html/v3 v3.16.8 | ||||||
| 	github.com/caddyserver/certmagic v0.22.0 | 	github.com/caddyserver/certmagic v0.22.0 | ||||||
| 	github.com/charmbracelet/git-lfs-transfer v0.2.0 | 	github.com/charmbracelet/git-lfs-transfer v0.2.0 | ||||||
|   | |||||||
							
								
								
									
										6
									
								
								go.sum
									
									
									
									
									
								
							
							
						
						
									
										6
									
								
								go.sum
									
									
									
									
									
								
							| @@ -179,6 +179,9 @@ github.com/blevesearch/zapx/v16 v16.1.5 h1:b0sMcarqNFxuXvjoXsF8WtwVahnxyhEvBSRJi | |||||||
| github.com/blevesearch/zapx/v16 v16.1.5/go.mod h1:J4mSF39w1QELc11EWRSBFkPeZuO7r/NPKkHzDCoiaI8= | github.com/blevesearch/zapx/v16 v16.1.5/go.mod h1:J4mSF39w1QELc11EWRSBFkPeZuO7r/NPKkHzDCoiaI8= | ||||||
| github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38= | github.com/bmatcuk/doublestar/v4 v4.8.1 h1:54Bopc5c2cAvhLRAzqOGCYHYyhcDHsFF4wWIR5wKP38= | ||||||
| github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= | github.com/bmatcuk/doublestar/v4 v4.8.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= | ||||||
|  | github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b/go.mod h1:ac9efd0D1fsDb3EJvhqgXRbFx7bs2wqZ10HQPeU8U/Q= | ||||||
|  | github.com/bohde/codel v0.2.0 h1:fzF7ibgKmCfQbOzQCblmQcwzDRmV7WO7VMLm/hDvD3E= | ||||||
|  | github.com/bohde/codel v0.2.0/go.mod h1:Idb1IRvTdwkRjIjguLIo+FXhIBhcpGl94o7xra6ggWk= | ||||||
| github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= | github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= | ||||||
| github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4= | github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4= | ||||||
| github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= | github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= | ||||||
| @@ -881,6 +884,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ | |||||||
| golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
| golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
| golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
|  | golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
| golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
| golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | ||||||
| golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= | golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= | ||||||
| @@ -1025,6 +1029,8 @@ modernc.org/token v1.0.1 h1:A3qvTqOwexpfZZeyI0FeGPDlSWX5pjZu9hF4lU+EKWg= | |||||||
| modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= | modernc.org/token v1.0.1/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= | ||||||
| mvdan.cc/xurls/v2 v2.6.0 h1:3NTZpeTxYVWNSokW3MKeyVkz/j7uYXYiMtXRUfmjbgI= | mvdan.cc/xurls/v2 v2.6.0 h1:3NTZpeTxYVWNSokW3MKeyVkz/j7uYXYiMtXRUfmjbgI= | ||||||
| mvdan.cc/xurls/v2 v2.6.0/go.mod h1:bCvEZ1XvdA6wDnxY7jPPjEmigDtvtvPXAD/Exa9IMSk= | mvdan.cc/xurls/v2 v2.6.0/go.mod h1:bCvEZ1XvdA6wDnxY7jPPjEmigDtvtvPXAD/Exa9IMSk= | ||||||
|  | pgregory.net/rapid v0.4.2 h1:lsi9jhvZTYvzVpeG93WWgimPRmiJQfGFRNTEZh1dtY0= | ||||||
|  | pgregory.net/rapid v0.4.2/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU= | ||||||
| strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251 h1:mUcz5b3FJbP5Cvdq7Khzn6J9OCUQJaBwgBkCR+MOwSs= | strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251 h1:mUcz5b3FJbP5Cvdq7Khzn6J9OCUQJaBwgBkCR+MOwSs= | ||||||
| strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:FJGmPh3vz9jSos1L/F91iAgnC/aejc0wIIrF2ZwJxdY= | strk.kbt.io/projects/go/libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:FJGmPh3vz9jSos1L/F91iAgnC/aejc0wIIrF2ZwJxdY= | ||||||
| xorm.io/builder v0.3.13 h1:a3jmiVVL19psGeXx8GIurTp7p0IIgqeDmwhcR6BAOAo= | xorm.io/builder v0.3.13 h1:a3jmiVVL19psGeXx8GIurTp7p0IIgqeDmwhcR6BAOAo= | ||||||
|   | |||||||
| @@ -5,6 +5,7 @@ package setting | |||||||
|  |  | ||||||
| import ( | import ( | ||||||
| 	"regexp" | 	"regexp" | ||||||
|  | 	"runtime" | ||||||
| 	"strings" | 	"strings" | ||||||
| 	"time" | 	"time" | ||||||
|  |  | ||||||
| @@ -98,6 +99,13 @@ var Service = struct { | |||||||
| 		DisableOrganizationsPage bool `ini:"DISABLE_ORGANIZATIONS_PAGE"` | 		DisableOrganizationsPage bool `ini:"DISABLE_ORGANIZATIONS_PAGE"` | ||||||
| 		DisableCodePage          bool `ini:"DISABLE_CODE_PAGE"` | 		DisableCodePage          bool `ini:"DISABLE_CODE_PAGE"` | ||||||
| 	} `ini:"service.explore"` | 	} `ini:"service.explore"` | ||||||
|  |  | ||||||
|  | 	QoS struct { | ||||||
|  | 		Enabled             bool | ||||||
|  | 		MaxInFlightRequests int | ||||||
|  | 		MaxWaitingRequests  int | ||||||
|  | 		TargetWaitTime      time.Duration | ||||||
|  | 	} | ||||||
| }{ | }{ | ||||||
| 	AllowedUserVisibilityModesSlice: []bool{true, true, true}, | 	AllowedUserVisibilityModesSlice: []bool{true, true, true}, | ||||||
| } | } | ||||||
| @@ -255,6 +263,7 @@ func loadServiceFrom(rootCfg ConfigProvider) { | |||||||
| 	mustMapSetting(rootCfg, "service.explore", &Service.Explore) | 	mustMapSetting(rootCfg, "service.explore", &Service.Explore) | ||||||
|  |  | ||||||
| 	loadOpenIDSetting(rootCfg) | 	loadOpenIDSetting(rootCfg) | ||||||
|  | 	loadQosSetting(rootCfg) | ||||||
| } | } | ||||||
|  |  | ||||||
| func loadOpenIDSetting(rootCfg ConfigProvider) { | func loadOpenIDSetting(rootCfg ConfigProvider) { | ||||||
| @@ -276,3 +285,11 @@ func loadOpenIDSetting(rootCfg ConfigProvider) { | |||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| } | } | ||||||
|  |  | ||||||
|  | func loadQosSetting(rootCfg ConfigProvider) { | ||||||
|  | 	sec := rootCfg.Section("qos") | ||||||
|  | 	Service.QoS.Enabled = sec.Key("ENABLED").MustBool(false) | ||||||
|  | 	Service.QoS.MaxInFlightRequests = sec.Key("MAX_INFLIGHT").MustInt(4 * runtime.NumCPU()) | ||||||
|  | 	Service.QoS.MaxWaitingRequests = sec.Key("MAX_WAITING").MustInt(100) | ||||||
|  | 	Service.QoS.TargetWaitTime = sec.Key("TARGET_WAIT_TIME").MustDuration(250 * time.Millisecond) | ||||||
|  | } | ||||||
|   | |||||||
| @@ -117,6 +117,7 @@ files = Files | |||||||
|  |  | ||||||
| error = Error | error = Error | ||||||
| error404 = The page you are trying to reach either <strong>does not exist</strong> or <strong>you are not authorized</strong> to view it. | error404 = The page you are trying to reach either <strong>does not exist</strong> or <strong>you are not authorized</strong> to view it. | ||||||
|  | error503 = The server was unable to complete your request. Please try again later. | ||||||
| go_back = Go Back | go_back = Go Back | ||||||
| invalid_data = Invalid data: %v | invalid_data = Invalid data: %v | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										145
									
								
								routers/common/qos.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										145
									
								
								routers/common/qos.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,145 @@ | |||||||
|  | // Copyright 2025 The Gitea Authors. All rights reserved. | ||||||
|  | // SPDX-License-Identifier: MIT | ||||||
|  |  | ||||||
|  | package common | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"context" | ||||||
|  | 	"fmt" | ||||||
|  | 	"net/http" | ||||||
|  | 	"strings" | ||||||
|  |  | ||||||
|  | 	user_model "code.gitea.io/gitea/models/user" | ||||||
|  | 	"code.gitea.io/gitea/modules/log" | ||||||
|  | 	"code.gitea.io/gitea/modules/setting" | ||||||
|  | 	"code.gitea.io/gitea/modules/templates" | ||||||
|  | 	"code.gitea.io/gitea/modules/web/middleware" | ||||||
|  | 	giteacontext "code.gitea.io/gitea/services/context" | ||||||
|  |  | ||||||
|  | 	"github.com/bohde/codel" | ||||||
|  | 	"github.com/go-chi/chi/v5" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | const tplStatus503 templates.TplName = "status/503" | ||||||
|  |  | ||||||
|  | type Priority int | ||||||
|  |  | ||||||
|  | func (p Priority) String() string { | ||||||
|  | 	switch p { | ||||||
|  | 	case HighPriority: | ||||||
|  | 		return "high" | ||||||
|  | 	case DefaultPriority: | ||||||
|  | 		return "default" | ||||||
|  | 	case LowPriority: | ||||||
|  | 		return "low" | ||||||
|  | 	default: | ||||||
|  | 		return fmt.Sprintf("%d", p) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | const ( | ||||||
|  | 	LowPriority     = Priority(-10) | ||||||
|  | 	DefaultPriority = Priority(0) | ||||||
|  | 	HighPriority    = Priority(10) | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | // QoS implements quality of service for requests, based upon whether | ||||||
|  | // or not the user is logged in. All traffic may get dropped, and | ||||||
|  | // anonymous users are deprioritized. | ||||||
|  | func QoS() func(next http.Handler) http.Handler { | ||||||
|  | 	if !setting.Service.QoS.Enabled { | ||||||
|  | 		return nil | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	maxOutstanding := setting.Service.QoS.MaxInFlightRequests | ||||||
|  | 	if maxOutstanding <= 0 { | ||||||
|  | 		maxOutstanding = 10 | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	c := codel.NewPriority(codel.Options{ | ||||||
|  | 		// The maximum number of waiting requests. | ||||||
|  | 		MaxPending: setting.Service.QoS.MaxWaitingRequests, | ||||||
|  | 		// The maximum number of in-flight requests. | ||||||
|  | 		MaxOutstanding: maxOutstanding, | ||||||
|  | 		// The target latency that a blocked request should wait | ||||||
|  | 		// for. After this, it might be dropped. | ||||||
|  | 		TargetLatency: setting.Service.QoS.TargetWaitTime, | ||||||
|  | 	}) | ||||||
|  |  | ||||||
|  | 	return func(next http.Handler) http.Handler { | ||||||
|  | 		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { | ||||||
|  | 			ctx := req.Context() | ||||||
|  |  | ||||||
|  | 			priority := requestPriority(ctx) | ||||||
|  |  | ||||||
|  | 			// Check if the request can begin processing. | ||||||
|  | 			err := c.Acquire(ctx, int(priority)) | ||||||
|  | 			if err != nil { | ||||||
|  | 				log.Error("QoS error, dropping request of priority %s: %v", priority, err) | ||||||
|  | 				renderServiceUnavailable(w, req) | ||||||
|  | 				return | ||||||
|  | 			} | ||||||
|  |  | ||||||
|  | 			// Release long-polling immediately, so they don't always | ||||||
|  | 			// take up an in-flight request | ||||||
|  | 			if strings.Contains(req.URL.Path, "/user/events") { | ||||||
|  | 				c.Release() | ||||||
|  | 			} else { | ||||||
|  | 				defer c.Release() | ||||||
|  | 			} | ||||||
|  |  | ||||||
|  | 			next.ServeHTTP(w, req) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // requestPriority assigns a priority value for a request based upon | ||||||
|  | // whether the user is logged in and how expensive the endpoint is | ||||||
|  | func requestPriority(ctx context.Context) Priority { | ||||||
|  | 	// If the user is logged in, assign high priority. | ||||||
|  | 	data := middleware.GetContextData(ctx) | ||||||
|  | 	if _, ok := data[middleware.ContextDataKeySignedUser].(*user_model.User); ok { | ||||||
|  | 		return HighPriority | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	rctx := chi.RouteContext(ctx) | ||||||
|  | 	if rctx == nil { | ||||||
|  | 		return DefaultPriority | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// If we're operating in the context of a repo, assign low priority | ||||||
|  | 	routePattern := rctx.RoutePattern() | ||||||
|  | 	if strings.HasPrefix(routePattern, "/{username}/{reponame}/") { | ||||||
|  | 		return LowPriority | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return DefaultPriority | ||||||
|  | } | ||||||
|  |  | ||||||
|  | // renderServiceUnavailable will render an HTTP 503 Service | ||||||
|  | // Unavailable page, providing HTML if the client accepts it. | ||||||
|  | func renderServiceUnavailable(w http.ResponseWriter, req *http.Request) { | ||||||
|  | 	acceptsHTML := false | ||||||
|  | 	for _, part := range req.Header["Accept"] { | ||||||
|  | 		if strings.Contains(part, "text/html") { | ||||||
|  | 			acceptsHTML = true | ||||||
|  | 			break | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// If the client doesn't accept HTML, then render a plain text response | ||||||
|  | 	if !acceptsHTML { | ||||||
|  | 		http.Error(w, "503 Service Unavailable", http.StatusServiceUnavailable) | ||||||
|  | 		return | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	tmplCtx := giteacontext.TemplateContext{} | ||||||
|  | 	tmplCtx["Locale"] = middleware.Locale(w, req) | ||||||
|  | 	ctxData := middleware.GetContextData(req.Context()) | ||||||
|  | 	err := templates.HTMLRenderer().HTML(w, http.StatusServiceUnavailable, tplStatus503, ctxData, tmplCtx) | ||||||
|  | 	if err != nil { | ||||||
|  | 		log.Error("Error occurs again when rendering service unavailable page: %v", err) | ||||||
|  | 		w.WriteHeader(http.StatusInternalServerError) | ||||||
|  | 		_, _ = w.Write([]byte("Internal server error, please collect error logs and report to Gitea issue tracker")) | ||||||
|  | 	} | ||||||
|  | } | ||||||
							
								
								
									
										91
									
								
								routers/common/qos_test.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										91
									
								
								routers/common/qos_test.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,91 @@ | |||||||
|  | // Copyright 2025 The Gitea Authors. All rights reserved. | ||||||
|  | // SPDX-License-Identifier: MIT | ||||||
|  |  | ||||||
|  | package common | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"net/http" | ||||||
|  | 	"testing" | ||||||
|  |  | ||||||
|  | 	user_model "code.gitea.io/gitea/models/user" | ||||||
|  | 	"code.gitea.io/gitea/modules/web/middleware" | ||||||
|  | 	"code.gitea.io/gitea/services/contexttest" | ||||||
|  |  | ||||||
|  | 	"github.com/go-chi/chi/v5" | ||||||
|  | 	"github.com/stretchr/testify/assert" | ||||||
|  | ) | ||||||
|  |  | ||||||
|  | func TestRequestPriority(t *testing.T) { | ||||||
|  | 	type test struct { | ||||||
|  | 		Name         string | ||||||
|  | 		User         *user_model.User | ||||||
|  | 		RoutePattern string | ||||||
|  | 		Expected     Priority | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	cases := []test{ | ||||||
|  | 		{ | ||||||
|  | 			Name:     "Logged In", | ||||||
|  | 			User:     &user_model.User{}, | ||||||
|  | 			Expected: HighPriority, | ||||||
|  | 		}, | ||||||
|  | 		{ | ||||||
|  | 			Name:         "Sign In", | ||||||
|  | 			RoutePattern: "/user/login", | ||||||
|  | 			Expected:     DefaultPriority, | ||||||
|  | 		}, | ||||||
|  | 		{ | ||||||
|  | 			Name:         "Repo Home", | ||||||
|  | 			RoutePattern: "/{username}/{reponame}", | ||||||
|  | 			Expected:     DefaultPriority, | ||||||
|  | 		}, | ||||||
|  | 		{ | ||||||
|  | 			Name:         "User Repo", | ||||||
|  | 			RoutePattern: "/{username}/{reponame}/src/branch/main", | ||||||
|  | 			Expected:     LowPriority, | ||||||
|  | 		}, | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	for _, tc := range cases { | ||||||
|  | 		t.Run(tc.Name, func(t *testing.T) { | ||||||
|  | 			ctx, _ := contexttest.MockContext(t, "") | ||||||
|  |  | ||||||
|  | 			if tc.User != nil { | ||||||
|  | 				data := middleware.GetContextData(ctx) | ||||||
|  | 				data[middleware.ContextDataKeySignedUser] = tc.User | ||||||
|  | 			} | ||||||
|  |  | ||||||
|  | 			rctx := chi.RouteContext(ctx) | ||||||
|  | 			rctx.RoutePatterns = []string{tc.RoutePattern} | ||||||
|  |  | ||||||
|  | 			assert.Exactly(t, tc.Expected, requestPriority(ctx)) | ||||||
|  | 		}) | ||||||
|  | 	} | ||||||
|  | } | ||||||
|  |  | ||||||
|  | func TestRenderServiceUnavailable(t *testing.T) { | ||||||
|  | 	t.Run("HTML", func(t *testing.T) { | ||||||
|  | 		ctx, resp := contexttest.MockContext(t, "") | ||||||
|  | 		ctx.Req.Header.Set("Accept", "text/html") | ||||||
|  |  | ||||||
|  | 		renderServiceUnavailable(resp, ctx.Req) | ||||||
|  | 		assert.Equal(t, http.StatusServiceUnavailable, resp.Code) | ||||||
|  | 		assert.Contains(t, resp.Header().Get("Content-Type"), "text/html") | ||||||
|  |  | ||||||
|  | 		body := resp.Body.String() | ||||||
|  | 		assert.Contains(t, body, `lang="en-US"`) | ||||||
|  | 		assert.Contains(t, body, "503 Service Unavailable") | ||||||
|  | 	}) | ||||||
|  |  | ||||||
|  | 	t.Run("plain", func(t *testing.T) { | ||||||
|  | 		ctx, resp := contexttest.MockContext(t, "") | ||||||
|  | 		ctx.Req.Header.Set("Accept", "text/plain") | ||||||
|  |  | ||||||
|  | 		renderServiceUnavailable(resp, ctx.Req) | ||||||
|  | 		assert.Equal(t, http.StatusServiceUnavailable, resp.Code) | ||||||
|  | 		assert.Contains(t, resp.Header().Get("Content-Type"), "text/plain") | ||||||
|  |  | ||||||
|  | 		body := resp.Body.String() | ||||||
|  | 		assert.Contains(t, body, "503 Service Unavailable") | ||||||
|  | 	}) | ||||||
|  | } | ||||||
| @@ -285,7 +285,7 @@ func Routes() *web.Router { | |||||||
|  |  | ||||||
| 	webRoutes := web.NewRouter() | 	webRoutes := web.NewRouter() | ||||||
| 	webRoutes.Use(mid...) | 	webRoutes.Use(mid...) | ||||||
| 	webRoutes.Group("", func() { registerWebRoutes(webRoutes) }, common.BlockExpensive()) | 	webRoutes.Group("", func() { registerWebRoutes(webRoutes) }, common.BlockExpensive(), common.QoS()) | ||||||
| 	routes.Mount("", webRoutes) | 	routes.Mount("", webRoutes) | ||||||
| 	return routes | 	return routes | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								templates/status/503.tmpl
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								templates/status/503.tmpl
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,12 @@ | |||||||
|  | {{template "base/head" .}} | ||||||
|  | <div role="main" aria-label="503 Service Unavailable" class="page-content"> | ||||||
|  | 	<div class="ui container"> | ||||||
|  | 		<div class="status-page-error"> | ||||||
|  | 			<div class="status-page-error-title">503 Service Unavailable</div> | ||||||
|  | 			<div class="tw-text-center"> | ||||||
|  | 				<div class="tw-my-4">{{ctx.Locale.Tr "error503"}}</div> | ||||||
|  | 			</div> | ||||||
|  | 		</div> | ||||||
|  | 	</div> | ||||||
|  | </div> | ||||||
|  | {{template "base/footer" .}} | ||||||
		Reference in New Issue
	
	Block a user