feat: add flag to disable all rate limits

coder · deansheather · Jan 5, 2023 · Jan 4, 2023 · Jan 4, 2023 · Jan 5, 2023
commit 91da46fdcc4900fc66e91bb2f4dd755a42be311d
diff --git a/cli/deployment/config.go b/cli/deployment/config.go
@@ -430,6 +430,12 @@ func newConfig() *codersdk.DeploymentConfig {
 			},
 		},
 		RateLimit: &codersdk.RateLimitConfig{
+			DisableAll: &codersdk.DeploymentConfigField[bool]{
+				Name:    "Disable All Rate Limits",
+				Usage:   "Disables all rate limits. This is not recommended in production.",
+				Flag:    "dangerous-disable-rate-limits",
+				Default: false,
+			},
 			API: &codersdk.DeploymentConfigField[int]{
 				Name:    "API Rate Limit",
 				Usage:   "Maximum number of requests per minute allowed to the API per user, or per IP address for unauthenticated users. Negative values mean no rate limit. Some API endpoints have separate flags to control rate limits to help prevent denial-of-service attacks.",

diff --git a/cli/server.go b/cli/server.go
@@ -104,6 +104,14 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				return xerrors.Errorf("either HTTP or TLS must be enabled")
 			}
 
+			// Disable rate limits if the `--dangerous-disable-rate-limits` flag
+			// was specified.
+			if cfg.RateLimit.DisableAll.Value {
+				cfg.RateLimit.API.Value = -1
+				cfg.RateLimit.Login.Value = -1
+				cfg.RateLimit.Files.Value = -1
+			}
+
 			printLogo(cmd)
 			logger := slog.Make(sloghuman.Sink(cmd.ErrOrStderr()))
 			if ok, _ := cmd.Flags().GetBool(varVerbose); ok {

diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden
@@ -28,6 +28,9 @@ Flags:
                                                      with systemd.
                                                      Consumes $CODER_CACHE_DIRECTORY (default
                                                      "/tmp/coder-cli-test-cache")
+      --dangerous-disable-rate-limits                Disables all rate limits. This is not
+                                                     recommended in production.
+                                                     Consumes $CODER_RATE_LIMIT_DISABLE_ALL
       --derp-config-path string                      Path to read a DERP mapping from. See:
                                                      https://tailscale.com/kb/1118/custom-derp-servers/
                                                      Consumes $CODER_DERP_CONFIG_PATH

diff --git a/codersdk/deploymentconfig.go b/codersdk/deploymentconfig.go
@@ -147,9 +147,10 @@ type ProvisionerConfig struct {
 }
 
 type RateLimitConfig struct {
-	API   *DeploymentConfigField[int] `json:"api" typescript:",notnull"`
-	Files *DeploymentConfigField[int] `json:"files" typescript:",notnull"`
-	Login *DeploymentConfigField[int] `json:"login" typescript:",notnull"`
+	DisableAll *DeploymentConfigField[bool] `json:"disable_all" typescript:",notnull"`
+	API        *DeploymentConfigField[int]  `json:"api" typescript:",notnull"`
+	Files      *DeploymentConfigField[int]  `json:"files" typescript:",notnull"`
+	Login      *DeploymentConfigField[int]  `json:"login" typescript:",notnull"`
 }
 
 type SwaggerConfig struct {