LCOV - code coverage report
Current view: top level - httpd/restapi - RestApiQuotaEnforcer.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 24 24 100.0 %
Date: 2022-11-19 15:00:39 Functions: 4 4 100.0 % 

          Line data    Source code
       1             : // Copyright (C) 2018 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.httpd.restapi;
      16             : 
      17             : import com.google.gerrit.extensions.restapi.RestResource;
      18             : import com.google.gerrit.server.account.AccountResource;
      19             : import com.google.gerrit.server.change.ChangeResource;
      20             : import com.google.gerrit.server.project.ProjectResource;
      21             : import com.google.gerrit.server.quota.QuotaBackend;
      22             : import com.google.gerrit.server.quota.QuotaException;
      23             : import com.google.gerrit.util.http.RequestUtil;
      24             : import com.google.inject.Inject;
      25             : import javax.servlet.http.HttpServletRequest;
      26             : 
      27             : /**
      28             :  * Enforces quota on specific REST API endpoints.
      29             :  *
      30             :  * <p>Examples:
      31             :  *
      32             :  * <ul>
      33             :  *   <li>GET /a/accounts/self/detail => /restapi/accounts/detail:GET
      34             :  *   <li>GET /changes/123/revisions/current/detail => /restapi/changes/revisions/detail:GET
      35             :  *   <li>PUT /changes/10/reviewed => /restapi/changes/reviewed:PUT
      36             :  * </ul>
      37             :  *
      38             :  * <p>Adds context (change, project, account) to the quota check if the call is for an existing
      39             :  * entity that was successfully parsed. This quota check is generally enforced after the resource
      40             :  * was parsed, but before the view is executed. If a quota enforcer desires to throttle earlier,
      41             :  * they should consider quota groups in the {@code /http/*} space.
      42             :  */
      43             : public class RestApiQuotaEnforcer {
      44             :   private final QuotaBackend quotaBackend;
      45             : 
      46             :   @Inject
      47          99 :   RestApiQuotaEnforcer(QuotaBackend quotaBackend) {
      48          99 :     this.quotaBackend = quotaBackend;
      49          99 :   }
      50             : 
      51             :   /** Enforce quota on a request not tied to any {@code RestResource}. */
      52             :   void enforce(HttpServletRequest req) throws QuotaException {
      53           9 :     String pathForQuotaReporting = RequestUtil.getRestPathWithoutIds(req);
      54           9 :     quotaBackend
      55           9 :         .currentUser()
      56           9 :         .requestToken(quotaGroup(pathForQuotaReporting, req.getMethod()))
      57           9 :         .throwOnError();
      58           9 :   }
      59             : 
      60             :   /** Enforce quota on a request for a given resource. */
      61             :   void enforce(RestResource rsrc, HttpServletRequest req) throws QuotaException {
      62          26 :     String pathForQuotaReporting = RequestUtil.getRestPathWithoutIds(req);
      63             :     // Enrich the quota request we are operating on an interesting collection
      64          26 :     QuotaBackend.WithResource report = quotaBackend.currentUser();
      65          26 :     if (rsrc instanceof ChangeResource) {
      66          13 :       ChangeResource changeResource = (ChangeResource) rsrc;
      67          13 :       report =
      68          13 :           quotaBackend.currentUser().change(changeResource.getId(), changeResource.getProject());
      69          26 :     } else if (rsrc instanceof AccountResource) {
      70           6 :       AccountResource accountResource = (AccountResource) rsrc;
      71           6 :       report = quotaBackend.currentUser().account(accountResource.getUser().getAccountId());
      72          20 :     } else if (rsrc instanceof ProjectResource) {
      73          14 :       ProjectResource projectResource = (ProjectResource) rsrc;
      74          14 :       report = quotaBackend.currentUser().project(projectResource.getNameKey());
      75             :     }
      76             : 
      77          26 :     report.requestToken(quotaGroup(pathForQuotaReporting, req.getMethod())).throwOnError();
      78          26 :   }
      79             : 
      80             :   private static String quotaGroup(String path, String method) {
      81          28 :     return "/restapi" + path + ":" + method;
      82             :   }
      83             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750