From 04054dbd5cc1720fa3ab80c0dd36026562365b5d Mon Sep 17 00:00:00 2001 From: ABSinhaa Date: Tue, 24 Jun 2025 19:55:30 +0100 Subject: [PATCH 1/5] TD_5410_Adding config to the rate limiter so that we can conpare the environment, and add production logic to it. --- .../Middleware/DLSIPRateLimitMiddleware.cs | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs index 2789283fe8..161d41d8d9 100644 --- a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs +++ b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs @@ -1,17 +1,22 @@ namespace DigitalLearningSolutions.Web.Middleware { + using System; using System.Threading.Tasks; using AspNetCoreRateLimit; using Microsoft.AspNetCore.Http; + using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; + using static Org.BouncyCastle.Math.EC.ECCurve; public class DLSIPRateLimitMiddleware : IpRateLimitMiddleware { + private readonly IConfiguration _configuration; public DLSIPRateLimitMiddleware( RequestDelegate next, IProcessingStrategy processingStrategy, IOptions options, + IConfiguration configuration, IIpPolicyStore policyStore, IRateLimitConfiguration config, ILogger logger) @@ -21,16 +26,23 @@ public DLSIPRateLimitMiddleware( policyStore, config, logger) - { } + { + _configuration = configuration; + } public override Task ReturnQuotaExceededResponse( HttpContext httpContext, RateLimitRule rule, string retryAfter) { - httpContext.Response.Headers["Location"] = "/toomanyrequests"; - httpContext.Response.StatusCode = 302; + if (_configuration["ASPNETCORE_ENVIRONMENT"] == "PRODUCTION") + { + httpContext.Response.Headers["Location"] = "/toomanyrequests"; + httpContext.Response.StatusCode = 302; + + } return httpContext.Response.WriteAsync(""); + } } } From 22a9fa2187529c076b58e20a4eba6abc333fb28d Mon Sep 17 00:00:00 2001 From: ABSinhaa Date: Tue, 12 Aug 2025 13:57:40 +0100 Subject: [PATCH 2/5] TD_5410 Changes after discussion over moving the changs from class file to environment. --- .../Middleware/DLSIPRateLimitMiddleware.cs | 9 ++------- .../appSettings.UAT.json | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs index 161d41d8d9..83cdd67962 100644 --- a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs +++ b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs @@ -35,14 +35,9 @@ public override Task ReturnQuotaExceededResponse( RateLimitRule rule, string retryAfter) { - if (_configuration["ASPNETCORE_ENVIRONMENT"] == "PRODUCTION") - { - httpContext.Response.Headers["Location"] = "/toomanyrequests"; - httpContext.Response.StatusCode = 302; - - } + httpContext.Response.Headers["Location"] = "/toomanyrequests"; + httpContext.Response.StatusCode = 302; return httpContext.Response.WriteAsync(""); - } } } diff --git a/DigitalLearningSolutions.Web/appSettings.UAT.json b/DigitalLearningSolutions.Web/appSettings.UAT.json index 3c6921bb01..d7619d78c6 100644 --- a/DigitalLearningSolutions.Web/appSettings.UAT.json +++ b/DigitalLearningSolutions.Web/appSettings.UAT.json @@ -24,6 +24,24 @@ "MaxBulkUploadRows": 200, "LoginWithLearningHub": true }, + "IpRateLimiting": { + "EnableEndpointRateLimiting": false, + "StackBlockedRequests": false, + "RealIpHeader": "X-Real-IP", + "HttpStatusCode": 429, + "GeneralRules": [ + { + "Endpoint": "post:/ForgotPassword", + "Period": "1m", + "Limit": 5 + }, + { + "Endpoint": "post:/Login", + "Period": "1m", + "Limit": 5 + } + ] + }, "LearningHubOpenAPIBaseUrl": "https://uks-learninghubnhsuk-openapi-test.azurewebsites.net", "FreshdeskAPIConfig": { "GroupId": "80000650208", From 195dfef8da093a6f737846db1b319215327c6897 Mon Sep 17 00:00:00 2001 From: ABSinhaa Date: Tue, 12 Aug 2025 15:26:17 +0100 Subject: [PATCH 3/5] TD_5410 Changes after discussion, removing IConfiguration and Extra json parameters from IPRateLimitor --- .../Middleware/DLSIPRateLimitMiddleware.cs | 2 -- .../appSettings.UAT.json | 17 +---------------- 2 files changed, 1 insertion(+), 18 deletions(-) diff --git a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs index 83cdd67962..ed2a4b974b 100644 --- a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs +++ b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs @@ -16,7 +16,6 @@ public DLSIPRateLimitMiddleware( RequestDelegate next, IProcessingStrategy processingStrategy, IOptions options, - IConfiguration configuration, IIpPolicyStore policyStore, IRateLimitConfiguration config, ILogger logger) @@ -27,7 +26,6 @@ public DLSIPRateLimitMiddleware( config, logger) { - _configuration = configuration; } public override Task ReturnQuotaExceededResponse( diff --git a/DigitalLearningSolutions.Web/appSettings.UAT.json b/DigitalLearningSolutions.Web/appSettings.UAT.json index d7619d78c6..d5e33fc1b4 100644 --- a/DigitalLearningSolutions.Web/appSettings.UAT.json +++ b/DigitalLearningSolutions.Web/appSettings.UAT.json @@ -25,22 +25,7 @@ "LoginWithLearningHub": true }, "IpRateLimiting": { - "EnableEndpointRateLimiting": false, - "StackBlockedRequests": false, - "RealIpHeader": "X-Real-IP", - "HttpStatusCode": 429, - "GeneralRules": [ - { - "Endpoint": "post:/ForgotPassword", - "Period": "1m", - "Limit": 5 - }, - { - "Endpoint": "post:/Login", - "Period": "1m", - "Limit": 5 - } - ] + "EnableEndpointRateLimiting": false }, "LearningHubOpenAPIBaseUrl": "https://uks-learninghubnhsuk-openapi-test.azurewebsites.net", "FreshdeskAPIConfig": { From 3745b6ebcb7230e8ee010cab9dbe645df8dd5743 Mon Sep 17 00:00:00 2001 From: ABSinhaa Date: Tue, 12 Aug 2025 16:01:47 +0100 Subject: [PATCH 4/5] TD_5410 Reoving unwanted nuget packages, variable declarations and empty lines from the class file. --- .../Middleware/DLSIPRateLimitMiddleware.cs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs index ed2a4b974b..f1683d6a44 100644 --- a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs +++ b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs @@ -4,14 +4,11 @@ namespace DigitalLearningSolutions.Web.Middleware using System.Threading.Tasks; using AspNetCoreRateLimit; using Microsoft.AspNetCore.Http; - using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; - using static Org.BouncyCastle.Math.EC.ECCurve; public class DLSIPRateLimitMiddleware : IpRateLimitMiddleware { - private readonly IConfiguration _configuration; public DLSIPRateLimitMiddleware( RequestDelegate next, IProcessingStrategy processingStrategy, @@ -25,8 +22,7 @@ public DLSIPRateLimitMiddleware( policyStore, config, logger) - { - } + { } public override Task ReturnQuotaExceededResponse( HttpContext httpContext, From 225b6ae764fe1f37d7a8f6f852e4cbc013d79715 Mon Sep 17 00:00:00 2001 From: ABSinhaa Date: Tue, 12 Aug 2025 16:10:56 +0100 Subject: [PATCH 5/5] TD_5410_removing unwanted System from the namespace section. --- .../Middleware/DLSIPRateLimitMiddleware.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs index f1683d6a44..2789283fe8 100644 --- a/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs +++ b/DigitalLearningSolutions.Web/Middleware/DLSIPRateLimitMiddleware.cs @@ -1,6 +1,5 @@ namespace DigitalLearningSolutions.Web.Middleware { - using System; using System.Threading.Tasks; using AspNetCoreRateLimit; using Microsoft.AspNetCore.Http;