f2d3ad6d52
Previously we introduced the concept of a "pending orders per account ID" rate limit. After struggling with making an implementation of this rate limit perform well we reevaluated the problem and decided a "new orders per account per time window" rate limit would be a better fit for ACMEv2 overall. This commit introduces the new newOrdersPerAccount rate limit. The RA now checks this before creating new pending orders in ra.NewOrder. It does so after order reuse takes place ensuring the rate limit is only applied in cases when a distinct new pending order row would be created. To accomplish this a migration for a new orders field (created) and an index over created and registrationID is added. It would be possible to use the existing expires field for this like we've done in the past, but that was primarily to avoid running a migration on a large table in prod. Since we don't have that problem yet for V2 tables we can Do The Right Thing and add a column. For deployability the deprecated pendingOrdersPerAccount code & SA gRPC bits are left around. A follow-up PR will be needed to remove those (#3502). Resolves #3410 |
||
|---|---|---|
| .. | ||
| generate.go | ||
| sa.pb.go | ||
| sa.proto | ||