Add basic support to skip whitelisted API keys.

Author: travisbell

README.md

@@ -43,12 +43,15 @@ server {
                             rate = 40,
                             interval = 10,
                             log_level = ngx.NOTICE,
-                            redis_config = { host = "127.0.0.1", port = 6379, timeout = 1, pool_size = 100 } }
+                            redis_config = { host = "127.0.0.1", port = 6379, timeout = 1, pool_size = 100 },
+                            whitelisted_api_keys = { 'XXX', 'ZZZ' } }
         ';
 
         proxy_set_header  Host               $host;
+        proxy_set_header  X-Server-Scheme    $scheme;
         proxy_set_header  X-Real-IP          $remote_addr;
         proxy_set_header  X-Forwarded-For    $remote_addr;
+        proxy_set_header  X-Forwarded-Proto  $x_forwarded_proto;
 
         proxy_connect_timeout  1s;
         proxy_read_timeout     30s;

lib/resty/rate/limit.lua

@@ -12,7 +12,7 @@ end
 
 local function bump_request(redis_connection, redis_pool_size, ip_key, rate, interval, current_time, log_level)
     local key = "RL:" .. ip_key
-    
+
     local count, error = redis_connection:incr(key)
     if not count then
         ngx.log(log_level, "failed to incr count: ", error)
@@ -46,62 +46,75 @@ local function bump_request(redis_connection, redis_pool_size, ip_key, rate, int
 end
 
 function _M.limit(config)
-    local log_level = config.log_level or ngx.ERR
+    local uri_parameters = ngx.req.get_uri_args()
+    local enforce_limit = true
 
-    if not config.connection then
-        local ok, redis = pcall(require, "resty.redis")
-        if not ok then
-            ngx.log(log_level, "failed to require redis")
-            return
+    for i, api_key in ipairs(config.whitelisted_api_keys) do
+        if api_key == uri_parameters.api_key then
+            enforce_limit = false
         end
+    end
 
-        local redis_config = config.redis_config or {}
-        redis_config.timeout = redis_config.timeout or 1
-        redis_config.host = redis_config.host or "127.0.0.1"
-        redis_config.port = redis_config.port or 6379
-        redis_config.pool_size = redis_config.pool_size or 100
+    if enforce_limit then
+        local log_level = config.log_level or ngx.ERR
+
+        if not config.connection then
+            local ok, redis = pcall(require, "resty.redis")
+            if not ok then
+                ngx.log(log_level, "failed to require redis")
+                return
+            end
+
+            local redis_config = config.redis_config or {}
+            redis_config.timeout = redis_config.timeout or 1
+            redis_config.host = redis_config.host or "127.0.0.1"
+            redis_config.port = redis_config.port or 6379
+            redis_config.pool_size = redis_config.pool_size or 100
+
+            local redis_connection = redis:new()
+            redis_connection:set_timeout(redis_config.timeout * 1000)
+
+            local ok, error = redis_connection:connect(redis_config.host, redis_config.port)
+            if not ok then
+                ngx.log(log_level, "failed to connect to redis: ", error)
+                return
+            end
+
+            config.redis_config = redis_config
+            config.connection = redis_connection
+        end
 
-        local redis_connection = redis:new()
-        redis_connection:set_timeout(redis_config.timeout * 1000)
+        local current_time = ngx.now()
+        local connection = config.connection
+        local redis_pool_size = config.redis_config.pool_size
+        local key = config.key or ngx.var.remote_addr
+        local rate = config.rate or 10
+        local interval = config.interval or 1
 
-        local ok, error = redis_connection:connect(redis_config.host, redis_config.port)
-        if not ok then
-            ngx.log(log_level, "failed to connect to redis: ", error)
+        local response, error = bump_request(connection, redis_pool_size, key, rate, interval, current_time, log_level)
+        if not response then
             return
         end
 
-        config.redis_config = redis_config
-        config.connection = redis_connection
-    end
-
-    local current_time = ngx.now()
-    local connection = config.connection
-    local redis_pool_size = config.redis_config.pool_size
-    local key = config.key or ngx.var.remote_addr
-    local rate = config.rate or 10
-    local interval = config.interval or 1
-
-    local response, error = bump_request(connection, redis_pool_size, key, rate, interval, current_time, log_level)
-    if not response then
-        return
-    end
-
-    if response.count > rate then
-        local retry_after = math.floor(response.reset - current_time)
-        if retry_after < 0 then
-            retry_after = 0
+        if response.count > rate then
+            local retry_after = math.floor(response.reset - current_time)
+            if retry_after < 0 then
+                retry_after = 0
+            end
+
+            ngx.header["Access-Control-Allow-Origin"] = "*"
+            ngx.header["Content-Type"] = "application/json; charset=utf-8"
+            ngx.header["Retry-After"] = retry_after
+            ngx.status = 429
+            ngx.say('{"status_code":25,"status_message":"Your request count (' .. response.count .. ') is over the allowed limit of ' .. rate .. '."}')
+            ngx.exit(ngx.HTTP_OK)
+        else
+            ngx.header["X-RateLimit-Limit"] = rate
+            ngx.header["X-RateLimit-Remaining"] = math.floor(response.remaining)
+            ngx.header["X-RateLimit-Reset"] = math.floor(response.reset)
         end
-
-        ngx.header["Access-Control-Allow-Origin"] = "*"
-        ngx.header["Content-Type"] = "application/json; charset=utf-8"
-        ngx.header["Retry-After"] = retry_after
-        ngx.status = 429
-        ngx.say('{"status_code":25,"status_message":"Your request count (' .. response.count .. ') is over the allowed limit of ' .. rate .. '."}')
-        ngx.exit(ngx.HTTP_OK)
     else
-        ngx.header["X-RateLimit-Limit"] = rate
-        ngx.header["X-RateLimit-Remaining"] = math.floor(response.remaining)
-        ngx.header["X-RateLimit-Reset"] = math.floor(response.reset)
+        return
     end
 end