CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-30 01:08:13 +13:00
Code Issues Projects Releases Wiki Activity

Merge pull request #816 from appwrite/feat-no-ratelimits-on-server-api

Browse source 
Feat no ratelimits on server api
This commit is contained in:
Eldad A. Fux 2021-01-12 18:58:37 +02:00 committed by GitHub
commit b57326e0c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/functions.php
View file

@ -629,6 +629,8 @@ App::post('/v1/functions/:functionId/executions')
->label('sdk.response.code', Response::STATUS_CODE_CREATED)
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
->label('sdk.response.model', Response::MODEL_EXECUTION)
->label('abuse-limit', 60)
->label('abuse-time', 60)
->param('functionId', '', new UID(), 'Function unique ID.')
// ->param('async', 1, new Range(0, 1), 'Execute code asynchronously. Pass 1 for true, 0 for false. Default value is 1.', true)
->inject('response')

3
app/controllers/api/users.php
View file

@ -418,7 +418,6 @@ App::delete('/v1/users/:userId/sessions/:sessionId')
->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
->label('sdk.response.model', Response::MODEL_NONE)
->label('abuse-limit', 100)
->param('userId', '', new UID(), 'User unique ID.')
->param('sessionId', null, new UID(), 'User unique session ID.')
->inject('response')
@ -465,7 +464,6 @@ App::delete('/v1/users/:userId/sessions')
->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
->label('sdk.response.model', Response::MODEL_NONE)
->label('abuse-limit', 100)
->param('userId', '', new UID(), 'User unique ID.')
->inject('response')
->inject('projectDB')
@ -509,7 +507,6 @@ App::delete('/v1/users/:userId')
->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT)
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
->label('sdk.response.model', Response::MODEL_NONE)
->label('abuse-limit', 100)
->param('userId', '', function () {return new UID();}, 'User unique ID.')
->inject('response')
->inject('projectDB')

10
app/controllers/shared/api.php
View file

@ -1,5 +1,7 @@
<?php
use Appwrite\Auth\Auth;
use Appwrite\Database\Validator\Authorization;
use Utopia\App;
use Utopia\Exception;
use Utopia\Abuse\Abuse;
@ -49,7 +51,13 @@ App::init(function ($utopia, $request, $response, $project, $user, $register) {
;
}
if ($abuse->check() && App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') {
$isPreviliggedUser = Auth::isPreviliggedUser(Authorization::$roles);
$isAppUser = Auth::isAppUser(Authorization::$roles);
if (($abuse->check() // Route is rate-limited
&& App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not diabled
&& (!$isAppUser && !$isPreviliggedUser)) // User is not an admin or API key
{
throw new Exception('Too many requests', 429);
}
}, ['utopia', 'request', 'response', 'project', 'user', 'register'], 'api');

8
tests/e2e/Services/Functions/FunctionsCustomServerTest.php
View file

@ -455,6 +455,7 @@ class FunctionsCustomServerTest extends Scope
public function testENVS():array
{
sleep(120);
/**
* Test for SUCCESS
*/
@ -591,7 +592,7 @@ class FunctionsCustomServerTest extends Scope
$executionId = $execution['body']['$id'] ?? '';
$this->assertEquals(201, $execution['headers']['status-code']);
sleep(20);
sleep(30);
$executions = $this->client->call(Client::METHOD_GET, '/functions/'.$functionId.'/executions', array_merge([
'content-type' => 'application/json',
@ -601,6 +602,11 @@ class FunctionsCustomServerTest extends Scope
if($executions['body']['executions'][0]['status'] !== 'completed') {
var_dump($env);
var_dump($executions['body']['executions'][0]);
$stdout = '';
$stderr = '';
Console::execute('docker logs appwrite-worker-functions', '', $stdout, $stderr);
var_dump($stdout);
var_dump($stderr);
}
$this->assertEquals($executions['headers']['status-code'], 200);