Merge pull request #1070 from RadoslavGatev/patch-1

Add a justification about the ratelimit middleware

README.md

@@ -61,7 +61,7 @@ npm install
 ```sh
 hugo server --disableFastRender
 ```
-3. Navigate to `http://localhost:1313/docs`
+3. Navigate to `http://localhost:1313/`
 
 ## Update docs
 1. Fork repo into your account

daprdocs/content/en/developing-applications/middleware/middleware-opa-policies.md

@@ -1,15 +1,16 @@
 ---
 type: docs
-title: "How-To: Apply OPA policies"
-linkTitle: "How-To: Apply OPA policies"
-weight: 1000
+title: "How-To: Apply Open Policy Agent (OPA) policies"
+linkTitle: "Apply OPA policies"
+weight: 2000
 description: "Use Dapr middleware to apply Open Policy Agent (OPA) policies on incoming requests"
 type: docs
 ---
 
-The Dapr Open Policy Agent (OPA) [HTTP middleware](https://github.com/dapr/docs/blob/master/concepts/middleware/README.md) allows applying [OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests. This can be used to apply reusable authorization policies to app endpoints.
+The Dapr Open Policy Agent (OPA) [HTTP middleware]({{< ref middleware-concept.md >}}) allows applying [OPA Policies](https://www.openpolicyagent.org/) to incoming Dapr HTTP requests. This can be used to apply reusable authorization policies to app endpoints.
+
+## Middleware component definition
 
-## Middleware Component Definition
 ```yaml
 apiVersion: dapr.io/v1alpha1
 kind: Component
@@ -59,7 +60,6 @@ spec:
         } {
             my_claim := jwt.payload["my-claim"]
         }
-
         jwt = { "payload": payload } {
             auth_header := input.request.headers["authorization"]
             [_, jwt] := split(auth_header, " ")
@@ -122,7 +122,7 @@ default allow = {
 }
 ```
 
-### Changing the Rejected Response Status Code
+### Changing the rejected response status code
 
 When rejecting a request, you can override the status code the that gets returned. For example, if you wanted to return a `401` instead of a `403`, you could do the following:
 
@@ -135,7 +135,7 @@ default allow = {
 }
 ```
 
-### Adding Response Headers
+### Adding response headers
 
 To redirect, add headers and set the `status_code` to the returned result:
 
@@ -151,7 +151,7 @@ default allow = {
 }
 ```
 
-### Adding Request Headers
+### Adding request headers
 
 You can also set additional headers on the allowed request:
 
@@ -162,12 +162,12 @@ default allow = false
 
 allow = { "allow": true, "additional_headers": { "X-JWT-Payload": payload } } {
   not input.path[0] == "forbidden"
-  # Where `jwt` is the result of another rule
+  // Where `jwt` is the result of another rule
   payload := base64.encode(json.marshal(jwt.payload))
 }
 ```
 
-### Result Structure
+### Result structure
 ```go
 type Result bool
 // or
@@ -183,5 +183,5 @@ type Result struct {
 
 ## Related links
 
-- Open Policy Agent: https://www.openpolicyagent.org
-- HTTP API Example: https://www.openpolicyagent.org/docs/latest/http-api-authorization/
+- [Open Policy Agent](https://www.openpolicyagent.org)
+- [HTTP API Example](https://www.openpolicyagent.org/docs/latest/http-api-authorization/)

daprdocs/content/en/developing-applications/middleware/middleware-rate-limit.md

@@ -0,0 +1,34 @@
+---
+type: docs
+title: "How-To: Rate limiting"
+linkTitle: "Rate limiting"
+weight: 1000
+description: "Use Dapr rate limit middleware to limit requests per second"
+type: docs
+---
+
+The Dapr Rate limit [HTTP middleware]({{< ref middleware-concept.md >}}) allows restricting the maximum number of allowed HTTP requests per second. 
+
+## Middleware component definition
+
+In the following definition, the maximum requests per second are set to 10:
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: ratelimit
+spec:
+  type: middleware.http.ratelimit
+  metadata:
+  - name: maxRequestsPerSecond
+    value: 10
+```
+Once the limit is reached, the request will return *HTTP Status code 429: Too Many Requests*. 
+
+## Referencing the rate limit middleware
+
+To be applied, the middleware must be referenced in a [Dapr Configuration]({{< ref configuration-concept.md >}}). See [Middleware pipelines]({{< ref "middleware-concept.md#customize-processing-pipeline">}}).
+
+## Related links
+- [Middleware concept]({{< ref middleware-concept.md >}})
+- [Dapr configuration]({{< ref configuration-concept.md >}})

daprdocs/content/en/operations/configuration/control-concurrency.md

@@ -9,7 +9,9 @@ description: "Control how many requests and events will invoke your application
 A common scenario in distributed computing is to only allow for a given number of requests to execute concurrently.
 Using Dapr, you can control how many requests and events will invoke your application simultaneously.
 
-*Note that this rate limiting is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.*
+*Note that this rate limiing is guaranteed for every event that's coming from Dapr, meaning Pub/Sub events, direct invocation from other services, bindings events etc. Dapr can't enforce the concurrency policy on requests that are coming to your app externally.*
+
+*Note that rate limiting per second can be achieved by using the **middleware.http.ratelimit** middleware. However, there is an imporant difference between the two approaches. The rate limit middlware is time bound and limits the number of requests per second, while the `app-max-concurrency` flag specifies the number of concurrent requests (and events) at any point of time. See [Rate limit middleware]({{< ref middleware-rate-limit.md >}}). *
 
 ## Setting app-max-concurrency