up
Some checks failed
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Build Test Deploy / authority-container (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Build Test Deploy / authority-container (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
27
docs/assets/authority/authority-rate-limit-flow.mmd
Normal file
27
docs/assets/authority/authority-rate-limit-flow.mmd
Normal file
@@ -0,0 +1,27 @@
|
||||
%% Rate limit and lockout interplay for Standard plug-in (Mermaid)
|
||||
sequenceDiagram
|
||||
autonumber
|
||||
participant Client as Client/App
|
||||
participant Host as Authority Host
|
||||
participant Limiter as Rate Limiter Middleware
|
||||
participant Plugin as Standard Plugin
|
||||
participant Store as Credential Store / Lockout State
|
||||
|
||||
Client->>Host: POST /token (client_id, credentials)
|
||||
Host->>Limiter: Check quota (client_id + remote_ip)
|
||||
alt quota exceeded
|
||||
Limiter-->>Host: Reject (429, retryAfter)
|
||||
Host-->>Client: 429 Too Many Requests\nRetry-After header with limiter tags
|
||||
else quota ok
|
||||
Limiter-->>Host: Allow (remaining tokens)
|
||||
Host->>Plugin: VerifyCredentials(subject)
|
||||
Plugin->>Store: Load hashed password + lockout counters
|
||||
Store-->>Plugin: Credential result + deterministic counter
|
||||
alt lockout threshold reached
|
||||
Plugin-->>Host: Locked (retryAfter=lockoutWindow)
|
||||
Host-->>Client: 423 Locked\nRetry-After header + `authority.lockout` tag
|
||||
else valid credentials
|
||||
Plugin-->>Host: Success (issue tokens)
|
||||
Host-->>Client: 200 OK + tokens + limiter metadata
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user