Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(api): Apply rate limit decorators to api controllers and methods #4915

Merged
merged 199 commits into from
Dec 5, 2023
Merged

feat(api): Apply rate limit decorators to api controllers and methods #4915

merged 199 commits into from
Dec 5, 2023

Conversation

rifont
Copy link
Contributor

@rifont rifont commented Nov 29, 2023
edited
Loading

What change does this PR introduce?

  • Apply rate limit guard category and cost decorators to api controllers and methods. All non decorated endpoints have a Global category and Single cost applied by default, per feat(api): Add API rate limiting NestJS guard #4910
  • Categories - Controllers - Endpoints [Cost]:
    • Trigger:
      • /events
        • /events/trigger - [Bulk]
        • /events/broadcast - [Bulk]
    • Configuration
      • /subscribers
        • /subscribers/bulk - [Bulk]
      • /tenants
      • /topics
    • Global
      • /changes
        • /changes/bulk/apply - [Bulk]
      • /invites
        • /invites/bulk - [Bulk]

Why was this change needed?

In order to provide a fair service to all clients, some API resources must have a differing category and cost applied given that underlying resource consumption can vary. This change colocates resources and methods whose category falls into a similar infrastructure bucket, and applies bulk cost to bulk endpoints which place a higher load on infrastructure.

Other information (Screenshots)

N/A

@rifont
feat(dal, shared, api): Add DAL fields for rate limiting
748b194
@rifont
test(api): Add tests for rate limit fields
4b47cce
@rifont
test(api): Use enum for apiServiceLevel test assertion
75febc1
@rifont
Merge branch 'next' into nv-3058-rate-limiting-dtos
1e06a6d
@rifont
fix(dal): Use api prefix for rate limits to differentiate from other …
15035d0 
…future rate limited protocols
@rifont
fix(dal): Update category enum to also include api prefix
81ef5b7
@rifont
fix(dal): Make apiRateLimits subdocument optional
d9d86d9
@rifont
feat(shared): Add API rate limiting cache key builder
05962ea
@rifont
fix(dal): Add fallback unlimited tier
975df32
@rifont
Merge branch 'nv-3058-rate-limiting-dtos' into nv-3059-get-rate-limit…
e17ef8e 
…-use-case
@rifont
feat(shared): Add rate limiting constants
7618b62
@rifont
feat(api): Add get rate limit use case
1d5d7db
@rifont
fix(api): Fix import path
15324a5
@rifont
test(application-generic): Refactor mock cache service into separate …
642b046 
…file
@rifont
test(api): Add unit tests for get-api-rate-limit use-case
acab424
@rifont
fix(api): Remove unused LOG_CONTEXT declaration in get-api-rate-limit…
167631f 
… use case
@rifont
feat(api): Add rate limiting module, add get-default-api-rate-limit u…
9cde897 
…se-case
@rifont
feat(shared): Add types for env var format and platform rate limit map
5b8a128
@rifont
refactor(api): Refactor get-api-rate-limit use-case to use the get-de…
9f9cd55 
…fault-api-rate-limits use-case
@rifont
Merge branch 'next' into nv-3059-get-rate-limit-use-case
72cf83b
@rifont
refactor(api, shared): Rename api rate limiting interface for descrip…
e5e7357 
…tiveness
@rifont
refactor(api): Rename get-api-rate-limit use-case helper method for c…
e2a40cd 
…onsistency
@rifont
Merge branch 'nv-3059-get-rate-limit-use-case' of ssh://github.com/no…
17a3bfb 
…vuhq/novu into nv-3059-get-rate-limit-use-case
@rifont
feat(api): Add logging to get-api-rate-limit use case
de803e3
@rifont
fix(shared): Add missing newline
d8de11e
@rifont
fix(api): Typo
e746b41
@rifont
fix(api): Removed unused import in get-api-rate-limit use-case
ad7e156
@rifont
refactor(api, application-generic): Rename max api rate limit cache key
06ce24b
@rifont
feat(application-generic): Add evaluate api rate limit cache key builder
c065cf0
@rifont
fix(shared): Remove redundant import rename
310b877
@linear Linear
Copy link

linear bot commented Nov 29, 2023

NV-3062 🏎️ API Resource Protection

What?

  • Attach the rate limiting guard to the relevant controllers - UseGuards(RateLimitGuard(CategoryTypeEnum.<ENUM>))
  • Attach the guard to the App-level - UseGuards(RateLimitGuard(CategoryTypeEnum.Global))

Why? (Context)

In order to rate limit access to specific resources in the service, we must apply the custom Rate Limiting controller to specific resources to allocate access to them into a specific bucket.

Definition of Done

  • All endpoints listed in a specific resource category have the rate limiting controller applied

@rifont rifont changed the title feat(api): Apply rate limit category and cost decorators to api controllers and methods feat(api): Apply rate limit decorators to api controllers and methods Nov 29, 2023
Base automatically changed from nv-3061-rate-limiting-nestjs-guard to next December 5, 2023 07:16
@rifont rifont merged commit 3e0a58e into next Dec 5, 2023
20 checks passed
@rifont rifont deleted the nv-3062-api-resource-protection branch December 5, 2023 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Cliftonz Cliftonz Cliftonz approved these changes

@djabarovgeorge djabarovgeorge Awaiting requested review from djabarovgeorge

@scopsy scopsy Awaiting requested review from scopsy

Assignees
No one assigned
Labels
@novu/api
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rifont @Cliftonz