optional rate limit

[n1ru4l]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @n1ru4l, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the service's configurability by introducing a flexible and optional rate limiting system for SuperTokens, specifically impacting email verification flows. It centralizes and structures the configuration for identifying client IP addresses, allowing administrators to easily enable or disable rate limiting and specify the relevant IP header. This change provides better control over resource usage and helps mitigate potential abuse by making rate limiting an opt-in feature.

Highlights

• Optional Rate Limiting: Introduced an optional rate limiting mechanism for SuperTokens, configurable via new environment variables SUPERTOKENS_RATE_LIMIT and SUPERTOKENS_RATE_LIMIT_IP_HEADER_NAME.
• Configuration Refactoring: Refactored the rate limit configuration into a dedicated RateLimitConfig class and a structured object, replacing a simple string for the forwarded IP header name.
• Conditional Rate Limiting: Updated the email verification logic to respect the new optional rate limiting, ensuring rate limits are only applied when an IP address is available and rate limiting is explicitly enabled.
• Documentation Update: Added documentation in README.md for the newly introduced environment variables related to SuperTokens rate limiting.

Changelog

• packages/services/api/src/create.ts
  • Replaced direct FORWARDED_IP_HEADER_NAME injection with a structured RateLimitConfig object.
  • Updated createRegistry configuration to accept an optional rateLimit object instead of a direct IP header name.
• packages/services/api/src/modules/auth/providers/email-verification.ts
  • Modified sendVerificationEmail to accept ipAddress as string | null.
  • Wrapped the rate limiter check with a conditional if (ipAddress) block, applying rate limits only when an IP is provided.
• packages/services/api/src/modules/auth/resolvers/Mutation/sendVerificationEmail.ts
  • Switched to injecting RateLimitConfig and conditionally extracting the IP address for rate limiting based on its presence and configuration.
• packages/services/api/src/modules/shared/providers/tokens.ts
  • Removed the FORWARDED_IP_HEADER_NAME constant.
  • Introduced the RateLimitConfig class to encapsulate rate limit configuration, allowing it to be null or contain an ipHeaderName.
• packages/services/server/README.md
  • Added documentation for SUPERTOKENS_RATE_LIMIT and SUPERTOKENS_RATE_LIMIT_IP_HEADER_NAME environment variables.
• packages/services/server/src/environment.ts
  • Extended SuperTokensModel to include SUPERTOKENS_RATE_LIMIT for environment variable parsing.
  • Transformed environment variables into a structured rateLimit object within the env.supertokens configuration, which can be null if rate limiting is disabled.
• packages/services/server/src/index.ts
  • Updated the app configuration passed to createRegistry to use the new env.supertokens.rateLimit object.
• packages/services/server/src/supertokens.ts
  • Adjusted extractIPFromUserContext to use the new optional ipHeaderName from env.supertokens.rateLimit.
  • Added a check in isRateLimited to immediately disable rate limiting if env.supertokens.rateLimit is null.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/tests-e2e.yaml

Activity

• No specific activity (comments, reviews, etc.) has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
hive	9.3.1-alpha-20260205151457-e0d5ab7a57b0797a8fca8fa45a49b9d302216f61	npm ↗︎ unpkg ↗︎

[github-actions]

📚 Storybook Deployment

The latest changes are available as preview in: https://pr-7637.hive-storybook.pages.dev

[gemini-code-assist]

Code Review

This pull request makes rate limiting optional, controlled by the SUPERTOKENS_RATE_LIMIT environment variable. The implementation introduces a RateLimitConfig class and updates various parts of the codebase to handle the optional configuration. The changes are mostly correct, but I've found a potential bug in supertokens.ts where a fallback IP address mechanism was unintentionally removed. Additionally, this pull request modifies files within /packages/services and according to the repository's style guide (lines 78-80), it should include a changeset file, which appears to be missing.

[github-actions]

🐋 This PR was built and pushed to the following Docker images:

Targets: build

Platforms: linux/amd64

Image Tag: e0d5ab7a57b0797a8fca8fa45a49b9d302216f61

[github-actions]

💻 Website Preview

The latest changes are available as preview in: https://pr-7637.hive-landing-page.pages.dev