Rate limiting based on client id from token

[sachinjagdale]

New feature

Requirement is as follows

Rate limit as per client id from auth token. (Bearer token for e.g)
Need white listing based on client id in token

I need to use client id from token instead of header. header based implementation not suitable in cases where user can make requests by changing client id .

Is there way to do this ClientRateLimitingMiddleware? I can see some code coupled with middleware (whitelist check and header verification) so cannot extend it.

Please help.

[MSchmack]

Solution that seems to work for me is to add a ClientRateLimitMiddleware with modified Setidentity.

The middleware is roughly described here: https://github.com/ThreeMammals/Ocelot/tree/develop/src/Ocelot/RateLimit/Middleware
The user context value will vary depending on your auth provider.

        public virtual ClientRequestIdentity SetIdentity(HttpContext httpContext, RateLimitOptions option)
        {
            var clientId = "client";
            if (httpContext.Request.Headers.Keys.Contains("Authorization"))
            {
                clientId = httpContext.User.FindFirst("user_id").Value;
            }

            return new ClientRequestIdentity(
                clientId,
                httpContext.Request.Path.ToString().ToLowerInvariant(),
                httpContext.Request.Method.ToLowerInvariant()
                );
        }