feat: add quotas (#4779)

adds possibilities to cap authenticated requests and execution seconds of actions on a defined intervall
2025-08-11 21:27:42 +00:00 · 2023-02-15 02:52:11 +01:00
parent 45f6a4436e
commit 681541f41b
117 changed files with 4652 additions and 510 deletions
--- a/cmd/setup/07.go
+++ b/cmd/setup/07.go
@@ -0,0 +1,32 @@
+package setup
+
+import (
+	"context"
+	"database/sql"
+	_ "embed"
+	"strings"
+)
+
+var (
+	//go:embed 07/logstore.sql
+	createLogstoreSchema07 string
+	//go:embed 07/access.sql
+	createAccessLogsTable07 string
+	//go:embed 07/execution.sql
+	createExecutionLogsTable07 string
+)
+
+type LogstoreTables struct {
+	dbClient *sql.DB
+	username string
+}
+
+func (mig *LogstoreTables) Execute(ctx context.Context) error {
+	stmt := strings.ReplaceAll(createLogstoreSchema07, "%[1]s", mig.username) + createAccessLogsTable07 + createExecutionLogsTable07
+	_, err := mig.dbClient.ExecContext(ctx, stmt)
+	return err
+}
+
+func (mig *LogstoreTables) String() string {
+	return "07_logstore"
+}
--- a/cmd/setup/07/access.sql
+++ b/cmd/setup/07/access.sql
@@ -0,0 +1,14 @@
+CREATE TABLE IF NOT EXISTS logstore.access (
+    log_date TIMESTAMPTZ NOT NULL
+    , protocol INT NOT NULL
+    , request_url TEXT NOT NULL
+    , response_status INT NOT NULL
+    , request_headers JSONB
+    , response_headers JSONB
+    , instance_id TEXT NOT NULL
+    , project_id TEXT NOT NULL
+    , requested_domain TEXT
+    , requested_host TEXT
+
+    , INDEX protocol_date_desc (instance_id, protocol, log_date DESC) STORING (request_url, response_status, request_headers)
+);
--- a/cmd/setup/07/execution.sql
+++ b/cmd/setup/07/execution.sql
@@ -0,0 +1,11 @@
+CREATE TABLE IF NOT EXISTS logstore.execution (
+    log_date TIMESTAMPTZ NOT NULL
+    , took INTERVAL
+    , message TEXT NOT NULL
+    , loglevel INT NOT NULL
+    , instance_id TEXT NOT NULL
+    , action_id TEXT NOT NULL
+    , metadata JSONB
+
+    , INDEX log_date_desc (instance_id, log_date DESC) STORING (took)
+);
--- a/cmd/setup/07/logstore.sql
+++ b/cmd/setup/07/logstore.sql
@@ -0,0 +1,3 @@
+CREATE SCHEMA IF NOT EXISTS logstore;
+
+GRANT ALL ON ALL TABLES IN SCHEMA logstore TO %[1]s;
--- a/cmd/setup/config.go
+++ b/cmd/setup/config.go
@@ -62,6 +62,7 @@ type Steps struct {
 	s4EventstoreIndexes  *EventstoreIndexes
 	s5LastFailed         *LastFailed
 	s6OwnerRemoveColumns *OwnerRemoveColumns
+	s7LogstoreTables     *LogstoreTables
 }

 type encryptionKeyConfig struct {
--- a/cmd/setup/setup.go
+++ b/cmd/setup/setup.go
@@ -84,6 +84,7 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	steps.s4EventstoreIndexes = &EventstoreIndexes{dbClient: dbClient, dbType: config.Database.Type()}
 	steps.s5LastFailed = &LastFailed{dbClient: dbClient}
 	steps.s6OwnerRemoveColumns = &OwnerRemoveColumns{dbClient: dbClient}
+	steps.s7LogstoreTables = &LogstoreTables{dbClient: dbClient, username: config.Database.Username()}

 	err = projection.Create(ctx, dbClient, eventstoreClient, config.Projections, nil, nil)
 	logging.OnError(err).Fatal("unable to start projections")
@@ -113,6 +114,8 @@ func Setup(config *Config, steps *Steps, masterKey string) {
 	logging.OnError(err).Fatal("unable to migrate step 5")
 	err = migration.Migrate(ctx, eventstoreClient, steps.s6OwnerRemoveColumns)
 	logging.OnError(err).Fatal("unable to migrate step 6")
+	err = migration.Migrate(ctx, eventstoreClient, steps.s7LogstoreTables)
+	logging.OnError(err).Fatal("unable to migrate step 7")

 	for _, repeatableStep := range repeatableSteps {
 		err = migration.Migrate(ctx, eventstoreClient, repeatableStep)