Hey I m having a slight issue with Ktor using Rate Limiters kotlinlang #ktor

Hey! I’m having a slight issue with Ktor using Rat...

Tech

01/19/2024, 3:11 AM

Hey! I’m having a slight issue with Ktor using Rate Limiters and Bearer Authentication. I have my rate limiter and authentication setup and in the route I define them like this,

Copy code

routing {
  rateLimiter(/*name*/) {
    authentication {
      /*route defs*/
    }
  }
}

Which is fine however, I want the Rate Limiter to run first before authentication to prevent brute force attacks on the key. Even if I switch the order authentication runs first. Is there a way to fix this?

Aleksei Tirman [JB]

01/19/2024, 7:04 AM

I can't find an easy fix because the

AuthenticationInterceptors

plugin intercepts the route's pipeline in a later phase than the one which is intercepted by the

RateLimitInterceptors

plugin.

Tech

01/19/2024, 11:17 AM

Shoot, is there a way to manually edit the order of which interceptor gets ran?

Aleksei Tirman [JB]

01/19/2024, 11:32 AM

Tech

01/19/2024, 11:44 AM

Am I able to make my own interceptor that runs before Auth that just hooks into Rate Limiter?

Aleksei Tirman [JB]

01/19/2024, 3:57 PM

What do you mean by hooking into Rate Limiter?

Tech

01/19/2024, 4:00 PM

Do you think it’d be possible to write my own interceptor that runs before Auth that just uses Rate Limiter internally

Tech

01/20/2024, 4:35 PM

Do Interceptors have some sort of priority system I can use to run the rate limiter before Authentication?

Aleksei Tirman [JB]

01/22/2024, 8:06 AM

Unfortunately, that's no possible. Can you please file an issue about the order problem?

Tech

01/23/2024, 12:49 PM

I managed to get it to work with a global rate limiter, I’ll file an issue when I’m back to my setup

Open in Slack

Previous Next