Documentation
¶
Overview ¶
Package ratelimit implements per-IP token-bucket rate limiting and per-target cooldown / recent-scan cache.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type IPLimiter ¶
type IPLimiter struct {
// contains filtered or unexported fields
}
IPLimiter is a per-source-IP token bucket. The map of buckets is trimmed lazily — entries unused for cleanupAfter are evicted on the next Allow() call. No background goroutine.
func NewIPLimiter ¶
NewIPLimiter returns a limiter that enforces N requests per period with a small burst. period=0 → 1 minute default.
type PreScanDecision ¶
type PreScanDecision struct {
CachedScanID string // non-empty → reuse this scan instead of creating one
CooldownLeft time.Duration // > 0 → 429 with Retry-After
AbuseFlagged bool
}
PreScan inspects the (ip, host) pair before a new scan is launched. Returns the pre-existing scan ID when a fresh-enough cache entry exists and refresh is false.
type TargetTracker ¶
type TargetTracker struct {
// contains filtered or unexported fields
}
TargetTracker enforces the per-hostname cooldown, the 24h cached-scan reuse window, and the per-IP fan-out abuse heuristic.
func NewTargetTracker ¶
func NewTargetTracker(cooldown, cacheTTL time.Duration, abuseLim int, abuseWin time.Duration) *TargetTracker
NewTargetTracker — zero values fall back to sensible defaults.
func (*TargetTracker) PreScan ¶
func (t *TargetTracker) PreScan(ip, host string, refresh bool) PreScanDecision
PreScan registers the request and returns its decision.
func (*TargetTracker) Record ¶
func (t *TargetTracker) Record(host, scanID string)
Record registers the freshly created scan ID against host so future requests can reuse it for the cacheTTL window.
Source Files