The rate limiting error message used the term "tokens," which could be
easily misconstrued to refer to REST auth tokens, and not rate limit
leaky-bucket tokens. Since we don't expose the internals of the leaky
bucket to end-users, this error message is essentially just not good.
Without knowledge of a leaky bucket/GCRA, it really makes no sense.
Therefore, this changes the message to indicate that the "tokens" are
rate-limit tokens. It also adds a hint that there's a config setting
that can be changed to raise the limit, which further makes it more
understandable, and also provides a reasonable hint as to what setting
to change to alleviate this problem immediately. This makes it easier
for users to debug and less likely they have to read old docs/wait for help.
If there's one thing I learned in this exercise, it's that letting
people add random python scripts to the repo like gpltext.py that
promise to be easier than find and replace is a bad idea.
Added token bucket and timer to degrade token bucket
Modified REST API rate limiting
Changed limiting to only be on token create and v2 token create
Added config options to choose time limits
Passed HttpContext to the execute method of endpoints
Made blocking failed API logins optional
Changed error codes on failed login to be ambiguous
Added config to decide whether all or failed logins are limited
Changed config variable names
Cleaned up duplicate code in REST rate limiting
Fixed my typo
Changed error 431 to 403
Currently, this is an extremely complex looking field in the config file now. I don't think we should add a placeholder tho as servers wouldn't realize they had a rest token there. Perhaps when we do a dump of the config file, someone can add the format for this field.
Closes#520
-Added REST endpoint "/v2/server/restart".
-Added REST endpoint "/v2/server/reload".
-Added REST endpoint "/v3/server/rawcmd", will output all returned lines as an array instead.
-Added "uptime", "serverpassword", "rules/ServerSideInventory" fields to REST endpoint "/v2/server/status".
-REST requests are now logged.
-Endpoint "/v2/server/rawcmd" does now check whether the user has the sufficient permission to execute the command.
-Fixed Config.EnableTokenEndpointAuthentication not working properly before.
-Removed obsolete "api" permission (only "restapi" now).
- /v2/token/password?username={user}
TSHOCKPLUGINS-1 #resolve #time 5m #comment Deprecating old token create syntax, new endpoint added as a replacement.
