Make RateLimitingMiddleware endpoint aware (#42417)

* Add IEndpointConventionBuilder extensions for RateLimitingMiddleware

* Some changes

* More

* Rename

* More

* More fixes

* More stuff

* Example of activating

* Changes

* More stuff

* Name change

* Fix some stuff

* Fixup

* Add some tests

* More tests

* Renames

* Minor

* Some feedback

* No more reflection

* Try to satisfy linuc

* Suppress linker warning

* Fix linkability bug

* Add sample project (not yet usable)

* Fix sample, fix some feedback

* Feedback

* Some feedback

* Different key strategy

* New DefaultKeyType strategy

* HashCode.Combine

* Feedback again

* Small fixes

* Update compilah

* Feedbacks

* Fix comment

* Feedbock

Author: wtgodbe

AspNetCore.sln

@@ -1,4 +1,3 @@
-
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 17
 VisualStudioVersion = 17.0.31606.5
@@ -1736,6 +1735,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "CustomElements", "CustomEle
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Templates.Blazor.WebAssembly.Tests", "src\ProjectTemplates\test\Templates.Blazor.WebAssembly.Tests\Templates.Blazor.WebAssembly.Tests.csproj", "{7CA0A9AF-9088-471C-B0B6-EBF43F21D3B9}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "RateLimitingSample", "src\Middleware\RateLimiting\samples\RateLimitingSample\RateLimitingSample.csproj", "{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -10417,6 +10418,22 @@ Global
 		{7CA0A9AF-9088-471C-B0B6-EBF43F21D3B9}.Release|x64.Build.0 = Release|Any CPU
 		{7CA0A9AF-9088-471C-B0B6-EBF43F21D3B9}.Release|x86.ActiveCfg = Release|Any CPU
 		{7CA0A9AF-9088-471C-B0B6-EBF43F21D3B9}.Release|x86.Build.0 = Release|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Debug|arm64.ActiveCfg = Debug|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Debug|arm64.Build.0 = Debug|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Debug|x64.Build.0 = Debug|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Debug|x86.Build.0 = Debug|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Release|Any CPU.Build.0 = Release|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Release|arm64.ActiveCfg = Release|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Release|arm64.Build.0 = Release|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Release|x64.ActiveCfg = Release|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Release|x64.Build.0 = Release|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Release|x86.ActiveCfg = Release|Any CPU
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -11274,6 +11291,7 @@ Global
 		{76C3E22D-092B-4E8A-81F0-DCF071BFF4CD} = {0BB58FB6-8B66-4C6D-BA8A-DF3AFAF9AB8F}
 		{0BB58FB6-8B66-4C6D-BA8A-DF3AFAF9AB8F} = {60D51C98-2CC0-40DF-B338-44154EFEE2FF}
 		{7CA0A9AF-9088-471C-B0B6-EBF43F21D3B9} = {08D53E58-4AAE-40C4-8497-63EC8664F304}
+		{91C3C03E-EA56-4ABA-9E73-A3DA4C2833D9} = {1D865E78-7A66-4CA9-92EE-2B350E45281F}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {3E8720B3-DBDD-498C-B383-2CC32A054E8F}

eng/Versions.props

@@ -50,6 +50,8 @@
     <UsingToolNetFrameworkReferenceAssemblies Condition="'$(OS)' != 'Windows_NT'">true</UsingToolNetFrameworkReferenceAssemblies>
     <!-- Disable XLIFF tasks -->
     <UsingToolXliff>false</UsingToolXliff>
+    <!-- Use custom version of Roslyn Compiler -->
+    <UsingToolMicrosoftNetCompilers>true</UsingToolMicrosoftNetCompilers>
   </PropertyGroup>
   <!--
 
@@ -194,6 +196,10 @@
       framework in current .NET SDKs.
     -->
     <MicrosoftNETTestSdkVersion>17.1.0-preview-20211109-03</MicrosoftNETTestSdkVersion>
+    <!--
+      Use a compiler new enough to use required keyword
+    -->
+    <MicrosoftNetCompilersToolsetVersion>4.4.0-1.22358.14</MicrosoftNetCompilersToolsetVersion>
     <!--
       Versions of Microsoft.CodeAnalysis packages referenced by analyzers shipped in the SDK.
       This need to be pinned since they're used in 3.1 apps and need to be loadable in VS 2019.

src/Middleware/Middleware.slnf

@@ -80,6 +80,7 @@
       "src\\Middleware\\OutputCaching\\src\\Microsoft.AspNetCore.OutputCaching.csproj",
       "src\\Middleware\\OutputCaching\\test\\Microsoft.AspNetCore.OutputCaching.Tests.csproj",
       "src\\Middleware\\RateLimiting\\src\\Microsoft.AspNetCore.RateLimiting.csproj",
+      "src\\Middleware\\RateLimiting\\samples\\RateLimitingSample\\RateLimitingSample.csproj",
       "src\\Middleware\\RateLimiting\\test\\Microsoft.AspNetCore.RateLimiting.Tests.csproj",
       "src\\Middleware\\RequestDecompression\\perf\\Microbenchmarks\\Microsoft.AspNetCore.RequestDecompression.Microbenchmarks.csproj",
       "src\\Middleware\\RequestDecompression\\sample\\RequestDecompressionSample.csproj",

src/Middleware/RateLimiting/samples/RateLimitingSample/Program.cs

@@ -0,0 +1,108 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.EntityFrameworkCore;
+using System.Threading.RateLimiting;
+using Microsoft.AspNetCore.RateLimiting;
+using RateLimitingSample;
+using Microsoft.Extensions.Logging.Abstractions;
+
+var builder = WebApplication.CreateBuilder(args);
+builder.Services.AddDbContext<TodoDb>(opt => opt.UseInMemoryDatabase("TodoList"));
+builder.Services.AddDatabaseDeveloperPageExceptionFilter();
+// Inject an ILogger<SampleRateLimiterPolicy>
+builder.Services.AddLogging();
+
+var app = builder.Build();
+
+var todoName = "todoPolicy";
+var completeName = "completePolicy";
+var helloName = "helloPolicy";
+
+// Define endpoint limiters and a global limiter.
+var options = new RateLimiterOptions()
+        .AddTokenBucketLimiter(todoName, new TokenBucketRateLimiterOptions(1, QueueProcessingOrder.OldestFirst, 1, TimeSpan.FromSeconds(10), 1))
+        .AddPolicy<string>(completeName, new SampleRateLimiterPolicy(NullLogger<SampleRateLimiterPolicy>.Instance))
+        .AddPolicy<string, SampleRateLimiterPolicy>(helloName);
+// The global limiter will be a concurrency limiter with a max permit count of 10 and a queue depth of 5.
+options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(context =>
+        {
+            return RateLimitPartition.CreateConcurrencyLimiter<string>("globalLimiter", key => new ConcurrencyLimiterOptions(10, QueueProcessingOrder.NewestFirst, 5));
+        });
+app.UseRateLimiter(options);
+
+// The limiter on this endpoint allows 1 request every 5 seconds
+app.MapGet("/", () => "Hello World!").RequireRateLimiting(helloName);
+
+// Requests to this endpoint will be processed in 10 second intervals
+app.MapGet("/todoitems", async (TodoDb db) =>
+    await db.Todos.ToListAsync())
+    .RequireRateLimiting(todoName);
+
+// The limiter on this endpoint allows 1 request every 5 seconds
+app.MapGet("/todoitems/complete", async (TodoDb db) =>
+    await db.Todos.Where(t => t.IsComplete).ToListAsync())
+    .RequireRateLimiting(completeName);
+
+app.MapGet("/todoitems/{id}", async (int id, TodoDb db) =>
+    await db.Todos.FindAsync(id)
+        is Todo todo
+            ? Results.Ok(todo)
+            : Results.NotFound());
+
+app.MapPost("/todoitems", async (Todo todo, TodoDb db) =>
+{
+    db.Todos.Add(todo);
+    await db.SaveChangesAsync();
+
+    return Results.Created($"/todoitems/{todo.Id}", todo);
+});
+
+app.MapPut("/todoitems/{id}", async (int id, Todo inputTodo, TodoDb db) =>
+{
+    var todo = await db.Todos.FindAsync(id);
+
+    if (todo is null)
+    {
+        return Results.NotFound();
+    }
+
+    todo.Name = inputTodo.Name;
+    todo.IsComplete = inputTodo.IsComplete;
+
+    await db.SaveChangesAsync();
+
+    return Results.NoContent();
+});
+
+app.MapDelete("/todoitems/{id}", async (int id, TodoDb db) =>
+{
+    if (await db.Todos.FindAsync(id) is Todo todo)
+    {
+        db.Todos.Remove(todo);
+        await db.SaveChangesAsync();
+        return Results.Ok(todo);
+    }
+
+    return Results.NotFound();
+});
+
+app.Run();
+
+class Todo
+{
+    public int Id { get; set; }
+    public string? Name { get; set; }
+    public bool IsComplete { get; set; }
+}
+
+class TodoDb : DbContext
+{
+    public TodoDb(DbContextOptions<TodoDb> options)
+        : base(options) { }
+
+    public DbSet<Todo> Todos => Set<Todo>();
+}

src/Middleware/RateLimiting/samples/RateLimitingSample/Properties/launchSettings.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:8855",
+      "sslPort": 44312
+    }
+  },
+  "profiles": {
+    "RateLimitingSample": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "https://localhost:7036;http://localhost:5085",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

src/Middleware/RateLimiting/samples/RateLimitingSample/RateLimitingSample.csproj

@@ -0,0 +1,19 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Reference Include="Microsoft.AspNetCore" />
+    <Reference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" />
+    <Reference Include="Microsoft.AspNetCore.HttpsPolicy" />
+    <Reference Include="Microsoft.AspNetCore.Http.Results" />
+    <Reference Include="Microsoft.AspNetCore.Mvc" />
+    <Reference Include="Microsoft.AspNetCore.RateLimiting" />
+    <Reference Include="Microsoft.EntityFrameworkCore.InMemory" />
+    <Reference Include="Microsoft.Extensions.DependencyInjection" />
+  </ItemGroup>
+
+</Project>

src/Middleware/RateLimiting/samples/RateLimitingSample/SampleRateLimiterPolicy.cs

@@ -0,0 +1,30 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading.RateLimiting;
+using Microsoft.AspNetCore.RateLimiting;
+
+namespace RateLimitingSample;
+
+public class SampleRateLimiterPolicy : IRateLimiterPolicy<string>
+{
+    private Func<OnRejectedContext, CancellationToken, ValueTask>? _onRejected;
+
+    public SampleRateLimiterPolicy(ILogger<SampleRateLimiterPolicy> logger)
+    {
+        _onRejected = (context, token) =>
+        {
+            context.HttpContext.Response.StatusCode = 429;
+            logger.LogInformation($"Request rejected by {nameof(SampleRateLimiterPolicy)}");
+            return ValueTask.CompletedTask;
+        };
+    }
+
+    public Func<OnRejectedContext, CancellationToken, ValueTask>? OnRejected { get => _onRejected; }
+
+    // Use a sliding window limiter allowing 1 request every 10 seconds
+    public RateLimitPartition<string> GetPartition(HttpContext httpContext)
+    {
+        return RateLimitPartition.CreateSlidingWindowLimiter<string>(string.Empty, key => new SlidingWindowRateLimiterOptions(1, QueueProcessingOrder.OldestFirst, 1, TimeSpan.FromSeconds(5), 1));
+    }
+}

src/Middleware/RateLimiting/samples/RateLimitingSample/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

src/Middleware/RateLimiting/samples/RateLimitingSample/appsettings.json

@@ -0,0 +1,9 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*"
+}

src/Middleware/RateLimiting/src/DefaultCombinedLease.cs

@@ -0,0 +1,99 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading.RateLimiting;
+
+namespace Microsoft.AspNetCore.RateLimiting;
+
+internal sealed class DefaultCombinedLease : RateLimitLease
+{
+    private readonly RateLimitLease _globalLease;
+    private readonly RateLimitLease _endpointLease;
+    private HashSet<string>? _metadataNames;
+
+    public DefaultCombinedLease(RateLimitLease globalLease, RateLimitLease endpointLease)
+    {
+        _globalLease = globalLease;
+        _endpointLease = endpointLease;
+    }
+
+    public override bool IsAcquired => true;
+
+    public override IEnumerable<string> MetadataNames
+    {
+        get
+        {
+            if (_metadataNames is null)
+            {
+                _metadataNames = new HashSet<string>();
+                foreach (var metadataName in _globalLease.MetadataNames)
+                {
+                    _metadataNames.Add(metadataName);
+                }
+                foreach (var metadataName in _endpointLease.MetadataNames)
+                {
+                    _metadataNames.Add(metadataName);
+                }
+            }
+            return _metadataNames;
+        }
+    }
+
+    public override bool TryGetMetadata(string metadataName, out object? metadata)
+    {
+        // Use the first metadata item of a given name, ignore duplicates, we can't reliably merge arbitrary metadata
+        // Creating an object[] if there are multiple of the same metadataName could work, but makes consumption of metadata messy
+        // and makes MetadataName.Create<T>(...) uses no longer work
+        if (_endpointLease.TryGetMetadata(metadataName, out metadata))
+        {
+            return true;
+        }
+        if (_globalLease.TryGetMetadata(metadataName, out metadata))
+        {
+            return true;
+        }
+
+        metadata = null;
+        return false;
+    }
+
+    protected override void Dispose(bool disposing)
+    {
+        List<Exception>? exceptions = null;
+
+        // Dispose endpoint lease first, then global lease (reverse order of when they were acquired)
+        // Avoids issues where dispose might unblock a queued acquire and then the acquire fails when acquiring the next limiter.
+        // When disposing in reverse order there wont be any issues of unblocking an acquire that affects acquires on limiters in the chain after it
+        try
+        {
+            _endpointLease.Dispose();
+        }
+        catch (Exception ex)
+        {
+            exceptions ??= new List<Exception>();
+            exceptions.Add(ex);
+        }
+
+        try
+        {
+            _globalLease.Dispose();
+        }
+        catch (Exception ex)
+        {
+            exceptions ??= new List<Exception>(1);
+            exceptions.Add(ex);
+        }
+
+        if (exceptions is not null)
+        {
+            if (exceptions.Count == 1)
+            {
+                throw exceptions[0];
+            }
+            else
+            {
+                throw new AggregateException(exceptions);
+            }
+        }
+    }
+}