Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API v2 improvements #7148

Merged
merged 23 commits into from Apr 5, 2023
Merged

API v2 improvements #7148

merged 23 commits into from Apr 5, 2023

Conversation

nikitosing
Copy link
Member

@nikitosing nikitosing commented Mar 27, 2023
edited

Close #6964
Close #6971

Changes

  • Add /tokens/{address_hash}/instances/{token_id}/holders
  • Add message different from 404 Not found for cases when requested block (by number) lost consensus
  • Flat 1155 batches in transfers embedded into transaction
  • Skip tags and watchlist name fetching for cases where it's unused on the front end
  • Switch backend for Hammer to Redis from ETS
  • Add rate limiting for API v2
  • Make field contract_name optional in contract verification
  • Add watch list address id to the address info (/addresses/{address_hash})

New/changes env variables:

  • API_RATE_LIMIT_HAMMER_REDIS_URL
  • API_RATE_LIMIT_BY_IP
  • API_RATE_LIMIT_IS_BLOCKSCOUT_BEHIND_PROXY
  • API_RATE_LIMIT_UI_V2_WITH_TOKEN
  • API_RATE_LIMIT_BY_IP -> API_RATE_LIMIT_BY_WHITELISTED_IP
  • API_RATE_LIMIT_TIME_INTERVAL (1s default)
  • API_RATE_LIMIT_BY_IP_TIME_INTERVAL (5m default)

blockscout/docs#132

Flow of rate limiting in UI 2.0:

  • If some IP address will send 3000 req per 5 minutes, then next request over limit will get 429
  • Client on this IP will need to submit correct reCAPTCHA response on /v2/key and get token for (5 rps) to send with the request in apikey parameter. This token will live 5 hours

Checklist for your Pull Request (PR)

@nikitosing nikitosing changed the title Np api v2 improvements API v2 improvements Mar 29, 2023
@tom2drum tom2drum mentioned this pull request Mar 30, 2023
Merged
@nikitosing nikitosing force-pushed the np-api-v2-improvements branch 2 times, most recently from 1b316b4 to 5f56073 Compare March 31, 2023 16:19
vbaranov
vbaranov reviewed Apr 4, 2023
View reviewed changes
Copy link
Member

@vbaranov vbaranov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please create a corresponding PR in order to update list of supported env vars. I would suggest put new env vars to section https://docs.blockscout.com/for-developers/information-and-settings/env-variables#api-rate-limit-management and add prefix API_RATE_LIMIT_ to all of them.

apps/block_scout_web/config/config.exs Outdated Show resolved Hide resolved
apps/block_scout_web/lib/block_scout_web/views/access_helper.ex Outdated Show resolved Hide resolved
apps/block_scout_web/lib/block_scout_web/views/access_helper.ex Outdated Show resolved Hide resolved
config/runtime.exs Outdated Show resolved Hide resolved
config/runtime.exs Outdated Show resolved Hide resolved
@nikitosing nikitosing requested a review from vbaranov April 4, 2023 18:18
nikitosing and others added 21 commits April 5, 2023 14:52
@nikitosing
Add RateLimit plug; Add TupleEncoder; Move Logger plug to first posit…
63fe0d3 
…ion in pipelines
@nikitosing
Forward address_with_info to read replica
bcbea6c
@nikitosing
Add message with hash for case when block(by number) lost consensus
023ab46
@nikitosing
Flat 1155 batches in preloaded transfers in transactions
fe70590
@nikitosing
Remove tags from address struct where unused
d93550b
@nikitosing
Add Redis backend for Hammer; Add rate limiting for UI 2.0 requests t…
fe55da4 
…o API v2
@nikitosing
Avoid rate limiting in /api/v2/key
bd9e7e9
@nikitosing
Add /tokens/{address_hash}/instances/{token_id}/holders; Add public t…
c180f92 
…ags to /addresses
@nikitosing
Make field contract_name optional
b52a88c
@nikitosing
Remove name check for vyper verification
05335c6
@nikitosing
Add user agent check to rate limiting
5cc1655
@nikitosing
Add watchlist id to address info
4bc6f52
@nikitosing
Simplify get_user_agent/1
4e6c1b6
@nikitosing
Add HAMMER_REDIS_URL env
e1d2287
@nikitosing
Refactoring
ac4cd69
@nikitosing
Fix credo
61b86d9
@nikitosing
Add envs to Makefile and .env
9ccb6f8
@nikitosing
Add API_RATE_LIMIT_UI_V2_TOKEN_TTL_IN_SECONDS
4398d5e
@vbaranov @nikitosing
Put API_RATE_LIMIT_ prefixed env vars together in Makefile
51bb420
@nikitosing
Add ETS Hammer backend as fallback
944b38a
@nikitosing
Handle case when no recaptcha_response provided in /api/v2/key
dfa5492
@vbaranov vbaranov merged commit 94cf98f into master Apr 5, 2023
16 checks passed
@vbaranov vbaranov deleted the np-api-v2-improvements branch April 5, 2023 14:56
@nikitosing nikitosing mentioned this pull request Apr 10, 2023
Merged
6 tasks
@rk18-art rk18-art mentioned this pull request Apr 24, 2023
Closed
fx0x55 pushed a commit to FunctionX/blockscout that referenced this pull request May 10, 2023
@nikitosing @fx0x55
API v2 improvements (blockscout#7148)
42d34c7 
* Add RateLimit plug; Add TupleEncoder; Move Logger plug to first position in pipelines

* Forward address_with_info to read replica

* Add message with hash for case when block(by number) lost consensus

* Flat 1155 batches in preloaded transfers in transactions

* Remove tags from address struct where unused

* Add Redis backend for Hammer; Add rate limiting for UI 2.0 requests to API v2

* Avoid rate limiting in /api/v2/key

* Add /tokens/{address_hash}/instances/{token_id}/holders; Add public tags to /addresses

* Make field contract_name optional

* Remove name check for vyper verification

* Add user agent check to rate limiting

* Add watchlist id to address info

* Simplify get_user_agent/1

* Add HAMMER_REDIS_URL env

* Refactoring

* Fix credo

* Add envs to Makefile and .env

* Add API_RATE_LIMIT_UI_V2_TOKEN_TTL_IN_SECONDS

* Put API_RATE_LIMIT_ prefixed env vars together in Makefile

* Add ETS Hammer backend as fallback

* Handle case when no recaptcha_response provided in /api/v2/key

* Change encrypt/decrypt to sign/verify

* Add missed check

---------

Co-authored-by: Viktor Baranov <baranov.viktor.27@gmail.com>
(cherry picked from commit 94cf98f)
@tom2drum tom2drum mentioned this pull request Jul 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vbaranov vbaranov vbaranov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Search returns multiple results for the address Internal server error on reading contract via API v2
2 participants
@nikitosing @vbaranov