From 404fb52aa282c39705dcb6cfbdc5cff089bade6a Mon Sep 17 00:00:00 2001 From: jamesread Date: Thu, 18 Apr 2024 22:21:55 +0100 Subject: [PATCH 1/3] auth logs --- authorization.adoc | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/authorization.adoc b/authorization.adoc index 9ea047a79..94992c89b 100644 --- a/authorization.adoc +++ b/authorization.adoc @@ -79,6 +79,7 @@ logLevel: "INFO" defaultPermissions: view: false exec: false + logs: true accessControlLists: - name: Admins @@ -88,22 +89,24 @@ accessControlLists: permissions: view: true exec: true + logs: true - - name: "Web Admins" + - name: "Developers" matchUsergroups: - - "webadmin" + - "developer" permissions: view: true exec: false + logs: false actions: - name: Only visible to admins shell: echo "I am a secret command only visible to admins" - name: Restart database - shell: reboot + shell: systemctl restart mariadb acls: - - "webadmin" + - "developer" ---- In the example above, the `admins` ACL is automatically added to every action, because `addToEveryAction` is true. @@ -131,6 +134,7 @@ You can have one default access control list, list this; defaultPermissions: view: false exec: false + logs: true accessControlLists: - name: admins @@ -138,6 +142,7 @@ accessControlLists: permissions: view: true exec: true + logs: true ---- Or you can specify access control lists per action: From 2a5e7aaa7cfef530837f836f0c17356dc391c55b Mon Sep 17 00:00:00 2001 From: jamesread Date: Fri, 19 Apr 2024 00:53:30 +0100 Subject: [PATCH 2/3] rate limiting --- action_customization.adoc | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/action_customization.adoc b/action_customization.adoc index c2997dcb9..77fc68c8a 100644 --- a/action_customization.adoc +++ b/action_customization.adoc @@ -253,6 +253,30 @@ WARN Blocked from executing. This would mean this action is running 2 times conc Naturally, you can set `maxConcurrent` to `3` or some other number, to limit the amount of times the action executes at once. +[#ratelimits] +=== Rate limiting + +By default, OliveTin allows you to execute actions as fast as you can click the button. This is fine if you are running OliveTin with trusted users in a trusted environment, but otherwise you may want to rate limit actions. + +Rate limiting is implemented like this; + +[source,yaml] +.`config.yaml` +---- +actions: + # This is the most simple action, it just runs the command and flashes the + # button to indicate status. + # + # If you are running OliveTin in a container remember to pass through the + # docker socket! https://docs.olivetin.app/action-container-control.html + - title: date + shell: date + icon: clock + maxRate: + - limit: 3 + duration: 5m +---- + [#action-ids] === IDs From 579fb31dc900c84b120a6f3d0300eccf7c51c952 Mon Sep 17 00:00:00 2001 From: jamesread Date: Fri, 19 Apr 2024 01:00:26 +0100 Subject: [PATCH 3/3] rate docs --- action_customization.adoc | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/action_customization.adoc b/action_customization.adoc index 77fc68c8a..f7bc354ea 100644 --- a/action_customization.adoc +++ b/action_customization.adoc @@ -264,11 +264,6 @@ Rate limiting is implemented like this; .`config.yaml` ---- actions: - # This is the most simple action, it just runs the command and flashes the - # button to indicate status. - # - # If you are running OliveTin in a container remember to pass through the - # docker socket! https://docs.olivetin.app/action-container-control.html - title: date shell: date icon: clock @@ -277,6 +272,12 @@ actions: duration: 5m ---- +If you try to execute `date` more than 3 times in 5 minutes, you will get a log message that looks like this; + +---- +INFO Blocked from executing. This action has run 3 out of 3 allowed times in the last 5m. actionTitle="date" +---- + [#action-ids] === IDs