Merge branch 'main' of github.com:OliveTin/docs.olivetin.app

OliveTin · Apr 19, 2024 · ae4455d · ae4455d
2 parents 60ff24d + 579fb31
commit ae4455d
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 4 deletions.
diff --git a/action_customization.adoc b/action_customization.adoc
@@ -253,6 +253,31 @@ WARN Blocked from executing. This would mean this action is running 2 times conc
 
 Naturally, you can set `maxConcurrent` to `3` or some other number, to limit the amount of times the action executes at once.
 
+[#ratelimits]
+=== Rate limiting
+
+By default, OliveTin allows you to execute actions as fast as you can click the button. This is fine if you are running OliveTin with trusted users in a trusted environment, but otherwise you may want to rate limit actions.
+
+Rate limiting is implemented like this;
+
+[source,yaml]
+.`config.yaml`
+----
+actions:
+  - title: date
+    shell: date
+    icon: clock
+    maxRate:
+      - limit: 3
+        duration: 5m
+----
+
+If you try to execute `date` more than 3 times in 5 minutes, you will get a log message that looks like this;
+
+----
+INFO Blocked from executing. This action has run 3 out of 3 allowed times in the last 5m.  actionTitle="date"
+----
+
 [#action-ids]
 === IDs
 

diff --git a/authorization.adoc b/authorization.adoc
@@ -79,6 +79,7 @@ logLevel: "INFO"
 defaultPermissions:
     view: false
     exec: false
+    logs: true
 
 accessControlLists:
     - name: Admins
@@ -88,22 +89,24 @@ accessControlLists:
       permissions:
         view: true
         exec: true
+        logs: true
 
-    - name: "Web Admins"
+    - name: "Developers"
       matchUsergroups:
-      - "webadmin"
+      - "developer"
       permissions:
         view: true
         exec: false
+        logs: false
 
 actions:
     - name: Only visible to admins
       shell: echo "I am a secret command only visible to admins"
 
     - name: Restart database
-      shell: reboot
+      shell: systemctl restart mariadb
       acls:
-        - "webadmin"
+        - "developer"
 ----
 
 In the example above, the `admins` ACL is automatically added to every action, because `addToEveryAction` is true. 
@@ -131,13 +134,15 @@ You can have one default access control list, list this;
 defaultPermissions:
   view: false
   exec: false
+  logs: true
 
 accessControlLists:
   - name: admins
     addToEveryAction: true
     permissions:
       view: true
       exec: true
+      logs: true
 ----
 
 Or you can specify access control lists per action: