feat: block instances (#7129)

* docs: fix init description typos * feat: block instances using limits * translate * unit tests * fix translations * redirect /ui/login * fix http interceptor * cleanup * fix http interceptor * fix: delete cookies on gateway 200 * add integration tests * add command test * docs * fix integration tests * add bulk api and integration test * optimize bulk set limits * unit test bulk limits * fix broken link * fix assets middleware * fix broken link * validate instance id format * Update internal/eventstore/search_query.go Co-authored-by: Livio Spring <livio.a@gmail.com> * remove support for owner bulk limit commands * project limits to instances * migrate instances projection * Revert "migrate instances projection" This reverts commit 214218732a. * join limits, remove owner * remove todo * use optional bool * normally validate instance ids * use 302 * cleanup * cleanup * Update internal/api/grpc/system/limits_converter.go Co-authored-by: Livio Spring <livio.a@gmail.com> * remove owner * remove owner from reset --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:07:31 +00:00 · 2024-01-17 11:16:48 +01:00
parent d9d376a275
commit ed0bc39ea4
80 changed files with 1609 additions and 438 deletions
--- a/internal/api/grpc/server/gateway.go
+++ b/internal/api/grpc/server/gateway.go
@@ -185,7 +185,7 @@ func addInterceptors(
 	handler = http_mw.ActivityHandler(handler)
 	// For some non-obvious reason, the exhaustedCookieInterceptor sends the SetCookie header
 	// only if it follows the http_mw.DefaultTelemetryHandler
-	handler = exhaustedCookieInterceptor(handler, accessInterceptor, queries)
+	handler = exhaustedCookieInterceptor(handler, accessInterceptor)
 	handler = http_mw.DefaultMetricsHandler(handler)
 	return handler
 }
@@ -205,14 +205,12 @@ func http1Host(next http.Handler, http1HostName string) http.Handler {
 func exhaustedCookieInterceptor(
 	next http.Handler,
 	accessInterceptor *http_mw.AccessInterceptor,
-	queries *query.Queries,
 ) http.Handler {
 	return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
 		next.ServeHTTP(&cookieResponseWriter{
 			ResponseWriter:    writer,
 			accessInterceptor: accessInterceptor,
 			request:           request,
-			queries:           queries,
 		}, request)
 	})
 }
@@ -221,7 +219,7 @@ type cookieResponseWriter struct {
 	http.ResponseWriter
 	accessInterceptor *http_mw.AccessInterceptor
 	request           *http.Request
-	queries           *query.Queries
+	headerWritten     bool
 }

 func (r *cookieResponseWriter) WriteHeader(status int) {
@@ -231,9 +229,18 @@ func (r *cookieResponseWriter) WriteHeader(status int) {
 	if status == http.StatusTooManyRequests {
 		r.accessInterceptor.SetExhaustedCookie(r.ResponseWriter, r.request)
 	}
+	r.headerWritten = true
 	r.ResponseWriter.WriteHeader(status)
 }

+func (r *cookieResponseWriter) Write(bytes []byte) (int, error) {
+	if !r.headerWritten {
+		// If no header was written before the data, the status code is 200 and we can delete the cookie
+		r.accessInterceptor.DeleteExhaustedCookie(r.ResponseWriter)
+	}
+	return r.ResponseWriter.Write(bytes)
+}
+
 func grpcCredentials(tlsConfig *tls.Config) credentials.TransportCredentials {
 	creds := insecure.NewCredentials()
 	if tlsConfig != nil {