New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mark Google API requests from PHP client as user-specific #2217
Comments
Looks like we always want to set a query param, even for Just wanting to make sure as the ACs don't explicitly mention it, but the param should ALWAYS be a query param/"GET" param. That said, it looks like an HTTP Header ( @felixarntz This would slightly change the ACs, but how would you feel about using the HTTP header instead? Otherwise IB looks good, though explicitly mentioning how the param should be used or linking to the above docs would be good because without it there's not much context to how this param works. I guess this comment can serve as that 🙂 |
@ivankruchkoff @tofumatt Using the HTTP header lgtm, although I don't have a strong opinion on either. I've updated the ACs to mention both approaches, i.e. being more agnostic about this. The IB here is ✅ from my end, but I'll defer to you whether to go with the HTTP header approach (if so, please make the changes accordingly). |
@ivankruchkoff Is it anymore of a pain to send this data via an HTTP header instead of a query param? If it's more work to do so with Guzzle (I don't know the API well) then we don't have to bother as the IB looks fine, but if it's possible to use the HTTP Header instead of the query param I think it'd be nicer. I guess to me, the query params are more related to the specific request endpoint, but the headers are usually more "broad" requests metadata (eg access tokens, user info, etc.) If it's straightforward to use the HTTP Header instead can you update the IB? But if it's not straightforward just assign this back to me and let me know—either way after that this is good-to-go 🙂 |
@tofumatt updated to use a header. I was initially thinking to add both, query param and header, but maybe that gets handled differently, so I added an html comment in the IB for the query string approach. |
Awesome, thanks for checking into that, IB looks good 🙂 IB ✅ |
@aaemnnosttv @felixarntz do either of you mind reviewing my PR #3737 for this ticket? I found a way to add that header more easily without creating custom hooks and intercepting all requests. Hope it looks good to you. |
From
QA: ✅ |
Almost all Google APIs generally support a request query parameter called
quotaUser
, which allows passing a string that uniquely identifies a user of the application. This parameter is recommended to be used when issuing Google API requests from a server backend, as otherwise it may be impossible for the API to distinguish where the traffic is coming from and which rate limits it applies to.The Site Kit authentication service makes use of this parameter because otherwise all requests would be associated with the same user which obviously would result in rate limits being exceeded at that scale. We didn't implement the same behavior in the plugin originally, however there could still be a case where it helps, e.g. if a site itself has too many users.
Do not alter or remove anything below. The following sections will be managed by moderators only.
Acceptance criteria
quotaUser
query parameter or theX-Goog-Quota-User
HTTP header to every Google API request with a string that uniquely identifies this user (e.g. some combination of site URL and WordPress user ID). The string doesn't need to be immutable (e.g. if the site URL changes, that's okay), it's just important that it doesn't conflict with another Site Kit user's identifier.Implementation Brief
quotaUser
query string param, by editing the following file/includes/Core/Authentication/Clients/OAuth_Client.php
and adding the function:private function get_quota_user()
return get_home_url() . '-' . get_current_user_id();
site-kit-wp/includes/Core/Authentication/Clients/OAuth_Client.php
Line 237 in 8c341d3
Google Header Reference
For future reference Guzzle 7 middlewares https://docs.guzzlephp.org/en/stable/handlers-and-middleware.html which will come in handy if we ever update to guzzle 6/7. Keep in mind that Guzzle 7 requires php 7.2.5 ( https://docs.guzzlephp.org/en/stable/overview.html#requirements ) whereas guzzle 6 only requires php 5.5 ( https://github.com/guzzle/guzzle/tree/6.5 ), also here's how to upgrade to v6 guzzle to middlewares: https://github.com/guzzle/guzzle/blob/master/UPGRADING.md#migrating-to-middleware
Test Coverage
/tests/phpunit/integration/Core/Authentication/Clients/OAuth_ClientTest.php
Add a
test_get_quota_user()
Visual Regression Changes
N/A
QA Brief
third-party/guzzlehttp/guzzle/src/Client.php
inpublic function send()
just beforereturn $trans->response;
add this:error_log( var_export( $request->getHeaders(), true ) );
enable your debugging, and open a page that makes requests to google apis/wp-admin/admin.php?page=googlesitekit-dashboard
check yourdebug.log
and ensure that the requested urls all contain thequotaUser=
param.Changelog entry
The text was updated successfully, but these errors were encountered: