From cf4eb36023e7a9dd1e9cc3758679dedcddce453e Mon Sep 17 00:00:00 2001
From: Al Cutter <al@google.com>
Date: Tue, 25 Jun 2024 12:46:26 +0100
Subject: [PATCH] Wire up bastion rate limit

---
 trusted_applet/main.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/trusted_applet/main.go b/trusted_applet/main.go
index 345b226..59c4988 100644
--- a/trusted_applet/main.go
+++ b/trusted_applet/main.go
@@ -71,6 +71,9 @@ const (
 	// updateCheckInterval is the time between checking the FT Log for firmware
 	// updates.
 	updateCheckInterval = 5 * time.Minute
+
+	// bastionRateLimit is the maximum number of bastion requests per second to serve.
+	bastionRateLimit = float64(20.0)
 )
 
 var (
@@ -360,6 +363,8 @@ func runWithNetworking(ctx context.Context) error {
 		klog.Infof("Bastion host %q configured", BastionAddr)
 		opConfig.BastionAddr = BastionAddr
 		opConfig.BastionKey = bastionSigningKey
+		opConfig.BastionRateLimit = bastionRateLimit
+
 	}
 	mainListener, err := listenCfg.Listen(ctx, "tcp", ":80")
 	if err != nil {