-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api: acl: bring limit for hackers down to 5 per node #2058
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
@@ -23,7 +23,7 @@ import { isFreeTierUser } from "./helpers"; | |||
import { cache } from "../store/cache"; | |||
|
|||
const WEBHOOK_TIMEOUT = 30 * 1000; | |||
const MAX_ALLOWED_VIEWERS_FOR_FREE_TIER = 30; | |||
const MAX_ALLOWED_VIEWERS_FOR_FREE_TIER = 5; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd change the variable name to MAX_ALLOWED_VIEWERS_FOR_HACKER_TIER_PER_NODE
or comment that it's per-node value. It's not obvious in this context.
With this implementation lower limit is the only option. The problem is that with scaling up the number of nodes (like for Fishtank) we raise the global viewers limit for the hacker plan. Maybe it's acceptable for now. Also with current 29 nodes. 29 * 5 = 145 which is quite high and still above our alert's thresholds |
Yes, until we have a catalyst shared state with the amount of viewers globally, this is the only space we have to move around. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that bringing this down makes sense - hopefully 5 per node is low enough that the system's not usable for people trying to abuse the free tier
Right. I guess that rate-limiting is done after geolocation... so if we reach the limit on a node we won't redirect viewer to another node. |
What does this pull request do? Explain your changes. (required)
Specific updates (required)
How did you test each of these updates (required)
Does this pull request close any open issues?
Screenshots (optional)
Checklist