Implement minimal RateLimitingMiddleware

AspNetCore.sln

@@ -1696,6 +1696,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "BuildAfterTargetingPack", "
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "BuildAfterTargetingPack", "src\BuildAfterTargetingPack\BuildAfterTargetingPack.csproj", "{8FED7E65-A7DD-4F13-8980-BF03E77B6C85}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.RateLimiting", "src\Middleware\RateLimiting\src\Microsoft.AspNetCore.RateLimiting.csproj", "{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.AspNetCore.RateLimiting.Tests", "src\Middleware\RateLimiting\test\Microsoft.AspNetCore.RateLimiting.Tests.csproj", "{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -10151,6 +10155,38 @@ Global
 		{8FED7E65-A7DD-4F13-8980-BF03E77B6C85}.Release|x64.Build.0 = Release|Any CPU
 		{8FED7E65-A7DD-4F13-8980-BF03E77B6C85}.Release|x86.ActiveCfg = Release|Any CPU
 		{8FED7E65-A7DD-4F13-8980-BF03E77B6C85}.Release|x86.Build.0 = Release|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Debug|arm64.ActiveCfg = Debug|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Debug|arm64.Build.0 = Debug|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Debug|x64.Build.0 = Debug|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Debug|x86.Build.0 = Debug|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Release|Any CPU.Build.0 = Release|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Release|arm64.ActiveCfg = Release|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Release|arm64.Build.0 = Release|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Release|x64.ActiveCfg = Release|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Release|x64.Build.0 = Release|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Release|x86.ActiveCfg = Release|Any CPU
+		{00C3F1D7-0B5E-4FFE-949C-AA11C1E4BBE7}.Release|x86.Build.0 = Release|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Debug|arm64.ActiveCfg = Debug|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Debug|arm64.Build.0 = Debug|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Debug|x64.Build.0 = Debug|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Debug|x86.Build.0 = Debug|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Release|arm64.ActiveCfg = Release|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Release|arm64.Build.0 = Release|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Release|x64.ActiveCfg = Release|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Release|x64.Build.0 = Release|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Release|x86.ActiveCfg = Release|Any CPU
+		{5125141D-2B8B-4A13-95D3-1CDAA1EF276A}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

eng/ProjectReferences.props

@@ -89,6 +89,7 @@
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.Localization.Routing" ProjectPath="$(RepoRoot)src\Middleware\Localization.Routing\src\Microsoft.AspNetCore.Localization.Routing.csproj" />
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.Localization" ProjectPath="$(RepoRoot)src\Middleware\Localization\src\Microsoft.AspNetCore.Localization.csproj" />
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.MiddlewareAnalysis" ProjectPath="$(RepoRoot)src\Middleware\MiddlewareAnalysis\src\Microsoft.AspNetCore.MiddlewareAnalysis.csproj" />
+    <ProjectReferenceProvider Include="Microsoft.AspNetCore.RateLimiting" ProjectPath="$(RepoRoot)src\Middleware\RateLimiting\src\Microsoft.AspNetCore.RateLimiting.csproj" />
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.ResponseCaching.Abstractions" ProjectPath="$(RepoRoot)src\Middleware\ResponseCaching.Abstractions\src\Microsoft.AspNetCore.ResponseCaching.Abstractions.csproj" />
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.ResponseCaching" ProjectPath="$(RepoRoot)src\Middleware\ResponseCaching\src\Microsoft.AspNetCore.ResponseCaching.csproj" />
     <ProjectReferenceProvider Include="Microsoft.AspNetCore.ResponseCompression" ProjectPath="$(RepoRoot)src\Middleware\ResponseCompression\src\Microsoft.AspNetCore.ResponseCompression.csproj" />

src/Middleware/Middleware.slnf

@@ -76,6 +76,8 @@
       "src\\Middleware\\MiddlewareAnalysis\\samples\\MiddlewareAnalysisSample\\MiddlewareAnalysisSample.csproj",
       "src\\Middleware\\MiddlewareAnalysis\\src\\Microsoft.AspNetCore.MiddlewareAnalysis.csproj",
       "src\\Middleware\\MiddlewareAnalysis\\test\\Microsoft.AspNetCore.MiddlewareAnalysis.Tests.csproj",
+      "src\\Middleware\\RateLimiting\\src\\Microsoft.AspNetCore.RateLimiting.csproj",
+      "src\\Middleware\\RateLimiting\\test\\Microsoft.AspNetCore.RateLimiting.Tests.csproj",
       "src\\Middleware\\ResponseCaching.Abstractions\\src\\Microsoft.AspNetCore.ResponseCaching.Abstractions.csproj",
       "src\\Middleware\\ResponseCaching\\samples\\ResponseCachingSample\\ResponseCachingSample.csproj",
       "src\\Middleware\\ResponseCaching\\src\\Microsoft.AspNetCore.ResponseCaching.csproj",
@@ -115,4 +117,4 @@
       "src\\Servers\\Kestrel\\Transport.Sockets\\src\\Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets.csproj"
     ]
   }
-}
+}

src/Middleware/RateLimiting/src/Microsoft.AspNetCore.RateLimiting.csproj

@@ -0,0 +1,20 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <Description>ASP.NET Core middleware for enforcing rate limiting in an application</Description>
+    <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
+    <GenerateDocumentationFile>true</GenerateDocumentationFile>
+    <PackageTags>aspnetcore</PackageTags>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Reference Include="Microsoft.AspNetCore.Http.Abstractions" />
+    <Reference Include="Microsoft.Extensions.Logging.Abstractions" />
+    <Reference Include="Microsoft.Extensions.Options" />
+    <Reference Include="System.Threading.RateLimiting" />
+
+    <Compile Include="$(SharedSourceRoot)ValueStopwatch\*.cs" />
+  </ItemGroup>
+
+</Project>

src/Middleware/RateLimiting/src/PublicAPI.Shipped.txt

@@ -0,0 +1 @@
+#nullable enable

src/Middleware/RateLimiting/src/PublicAPI.Unshipped.txt

@@ -0,0 +1,9 @@
+Microsoft.AspNetCore.RateLimiting.RateLimitingMiddleware
+Microsoft.AspNetCore.RateLimiting.RateLimitingMiddleware.Invoke(Microsoft.AspNetCore.Http.HttpContext! context) -> System.Threading.Tasks.Task!
+Microsoft.AspNetCore.RateLimiting.RateLimitingMiddleware.RateLimitingMiddleware(Microsoft.AspNetCore.Http.RequestDelegate! next, Microsoft.Extensions.Logging.ILoggerFactory! loggerFactory, Microsoft.Extensions.Options.IOptions<Microsoft.AspNetCore.RateLimiting.RateLimitingOptions!>! options) -> void
+Microsoft.AspNetCore.RateLimiting.RateLimitingOptions
+Microsoft.AspNetCore.RateLimiting.RateLimitingOptions.AddLimiter<HttpContext>(System.Threading.RateLimiting.PartitionedRateLimiter<Microsoft.AspNetCore.Http.HttpContext!>! limiter) -> Microsoft.AspNetCore.RateLimiting.RateLimitingOptions!
+Microsoft.AspNetCore.RateLimiting.RateLimitingOptions.Limiter.get -> System.Threading.RateLimiting.PartitionedRateLimiter<Microsoft.AspNetCore.Http.HttpContext!>?
+Microsoft.AspNetCore.RateLimiting.RateLimitingOptions.OnRejected.get -> Microsoft.AspNetCore.Http.RequestDelegate!
+Microsoft.AspNetCore.RateLimiting.RateLimitingOptions.OnRejected.set -> void
+Microsoft.AspNetCore.RateLimiting.RateLimitingOptions.RateLimitingOptions() -> void

src/Middleware/RateLimiting/src/RateLimitingMiddleware.cs

@@ -0,0 +1,148 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading.RateLimiting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+
+namespace Microsoft.AspNetCore.RateLimiting;
+
+/// <summary>
+/// Limits the rate of requests allowed in the application, based on limits set by a user-provided <see cref="PartitionedRateLimiter{TResource}"/>.
+/// </summary>
+public partial class RateLimitingMiddleware
+{
+
+    private readonly RequestDelegate _next;
+    private readonly RequestDelegate _onRejected;
+    private readonly ILogger _logger;
+    private readonly PartitionedRateLimiter<HttpContext> _limiter;
+    private RateLimitLease? _lease;
+
+    /// <summary>
+    /// Creates a new <see cref="RateLimitingMiddleware"/>.
+    /// </summary>
+    /// <param name="next">The <see cref="RequestDelegate"/> representing the next middleware in the pipeline.</param>
+    /// <param name="loggerFactory">The <see cref="ILoggerFactory"/> used for logging.</param>
+    /// <param name="options">The options for the middleware.</param>
+    public RateLimitingMiddleware(RequestDelegate next, ILoggerFactory loggerFactory, IOptions<RateLimitingOptions> options)
+    {
+        _next = next ?? throw new ArgumentNullException(nameof(next));
+
+        if (options.Value.Limiter == null)
+        {
+            throw new ArgumentException("The value of 'options.Limiter' must not be null.", nameof(options));
+        }
+
+        if (options.Value.OnRejected == null)
+        {
+            throw new ArgumentException("The value of 'options.OnRejected' must not be null.", nameof(options));
+        }
+
+        if (loggerFactory == null)
+        {
+            throw new ArgumentNullException(nameof(loggerFactory));
+        }
+
+        _logger = loggerFactory.CreateLogger<RateLimitingMiddleware>();
+        _limiter = options.Value.Limiter;
+        _onRejected = options.Value.OnRejected;
+    }
+
+    // TODO - EventSource?
+    /// <summary>
+    /// Invokes the logic of the middleware.
+    /// </summary>
+    /// <param name="context">The <see cref="HttpContext"/>.</param>
+    /// <returns>A <see cref="Task"/> that completes when the request leaves.</returns>
+    public async Task Invoke(HttpContext context)
+    {
+        var acquireLeaseTask = TryAcquireAsync(context);
+
+        // Make sure we only ever call GetResult once on the TryEnterAsync ValueTask b/c it resets.
+        bool result;
+
+        if (acquireLeaseTask.IsCompleted)
+        {
+            result = acquireLeaseTask.Result;
+        }
+        else
+        {
+            result = await acquireLeaseTask;
+        }
+
+        if (result)
+        {
+            try
+            {
+                await _next(context);
+            }
+            finally
+            {
+                OnCompletion();
+            }
+        }
+        else
+        {
+            RateLimiterLog.RequestRejectedLimitsExceeded(_logger);
+            context.Response.StatusCode = StatusCodes.Status503ServiceUnavailable;
+            await _onRejected(context);
+        }
+    }
+
+    private ValueTask<bool> TryAcquireAsync(HttpContext context)
+    {
+        // a return value of 'false' indicates that the request is rejected
+        // a return value of 'true' indicates that the request may proceed
+
+        var lease = _limiter.Acquire(context);
+        if (lease.IsAcquired)
+        {
+            _lease = lease;
+            return ValueTask.FromResult(true);
+        }
+
+        var task = _limiter.WaitAsync(context);
+        if (task.IsCompletedSuccessfully)
+        {
+            lease = task.Result;
+            if (lease.IsAcquired)
+            {
+                _lease = lease;
+                return ValueTask.FromResult(true);
+            }
+
+            return ValueTask.FromResult(false);
+        }
+
+        return Awaited(task);
+    }
+
+    private void OnCompletion()
+    {
+        if (_lease != null)
+        {
+            _lease.Dispose();
+        }
+    }
+
+    private async ValueTask<bool> Awaited(ValueTask<RateLimitLease> task)
+    {
+        var lease = await task;
+
+        if (lease.IsAcquired)
+        {
+            _lease = lease;
+            return true;
+        }
+
+        return false;
+    }
+
+    private static partial class RateLimiterLog
+    {
+        [LoggerMessage(1, LogLevel.Debug, "Rate limits exceeded, rejecting this request with a '503 server not available' error", EventName = "RequestRejectedLimitsExceeded")]
+        internal static partial void RequestRejectedLimitsExceeded(ILogger logger);
+    }
+}

src/Middleware/RateLimiting/src/RateLimitingOptions.cs

@@ -0,0 +1,47 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading.RateLimiting;
+using Microsoft.AspNetCore.Http;
+
+namespace Microsoft.AspNetCore.RateLimiting;
+
+/// <summary>
+/// Specifies options for the <see cref="RateLimitingMiddleware"/>.
+/// </summary>
+public class RateLimitingOptions
+{
+    // TODO - Provide a default?
+    private PartitionedRateLimiter<HttpContext>? _limiter;
+
+    /// <summary>
+    /// Gets the <see cref="PartitionedRateLimiter{TResource}"/>
+    /// </summary>
+    public PartitionedRateLimiter<HttpContext>? Limiter
+    {
+        get => _limiter;
+    }
+
+    /// <summary>
+    /// Adds a new rate limiter.
+    /// </summary>
+    /// <param name="limiter">The <see cref="PartitionedRateLimiter{TResource}"/> to be added.</param>
+    public RateLimitingOptions AddLimiter<HttpContext>(PartitionedRateLimiter<Http.HttpContext> limiter)
+    {
+        if (limiter == null)
+        {
+            throw new ArgumentNullException(nameof(limiter));
+        }
+        _limiter = limiter;
+        return this;
+    }
+
+    /// <summary>
+    /// A <see cref="RequestDelegate"/> that handles requests rejected by this middleware.
+    /// If it doesn't modify the response, an empty 503 response will be written.
+    /// </summary>
+    public RequestDelegate OnRejected { get; set; } = context =>
+    {
+        return Task.CompletedTask;
+    };
+}

src/Middleware/RateLimiting/test/Microsoft.AspNetCore.RateLimiting.Tests.csproj

@@ -0,0 +1,11 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <Reference Include="Microsoft.AspNetCore.Http" />
+    <Reference Include="Microsoft.AspNetCore.RateLimiting" />
+  </ItemGroup>
+</Project>