-
Notifications
You must be signed in to change notification settings - Fork 391
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http-server create new github issues. #4167
Conversation
- add a client for github web API to create github issues - update http-server to use this new client to create github issues from error reports.
Codecov Report
@@ Coverage Diff @@
## master #4167 +/- ##
============================================
- Coverage 22.62% 22.59% -0.04%
+ Complexity 6115 6109 -6
============================================
Files 857 871 +14
Lines 71337 71413 +76
Branches 11397 11398 +1
============================================
- Hits 16140 16135 -5
- Misses 53132 53209 +77
- Partials 2065 2069 +4
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't quite wrapped my head around the overall structure of the server side of things, but mostly the code changes seem resonable.
I noticed the usage of Gson, not quite familiar with it, did you test what happens when loading invalid/outdated JSON into a class?
General Questions
Once this project is finished, will a new issue be created for every user that uses this function?
If so, what are the odds this feature will be misused to spam the issue section?
<<<<<<< HEAD:http-client/src/test/java/org/triplea/http/client/WireMockSystemTest.java | ||
======= | ||
import org.triplea.http.client.ServiceCallResult; | ||
>>>>>>> Group error reporting http client classes together in a package:http-client/src/test/java/org/triplea/http/client/error/reporting/WireMockSystemTest.java |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Errm I'm pretty sure that's a bad merge conflict resolution
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Been a while since I checked in an extra file.. 😞
http-client/src/test/java/org/triplea/http/client/error/reporting/WireMockSystemTest.java.orig
In this case when adding entire new folders I did not notice the '.orig' files that resulted from resolving conflicts. A better self-review IMO should have caught that if not better inspection of the add list.
And even better, I also found the steps on stack-overflow to turn off the creation of '.orig' files 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
File removed: 7590176
/** | ||
* Marker interface for any spark component that will register an endpoint and associated handler. | ||
*/ | ||
public interface SparkController extends Runnable { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this interface really unecessary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
269006c removes the unnecessary "aliasing" interface. I'm compromising on this style in another project that it got a bit too ingrained 😟
That's a good point. Also, we need to consider that GitHub will throttle our access to their API, so the server needs to be able to handle storing and retrying issue creation at a later time (or, if the server needs to remain truly stateless, report failure to submit the bug report to the user and tell them to try again later). |
@ssoloff With a proper API Token we have plenty of requests to issue, I believe there are like 5000 request per hour, so we're not going to exceed this limit that quickly |
@RoiEXLab Right. I thought it was 1,000 per hour, but whatever--same order of magnitude. 😄 I was raising the rate limiting issue specifically in response to your concern of an attack on the server. We can exceed 5,000 requests pretty easily if someone writes a script to attack the HTTP endpoint directly. We can't really rely on HTTP authentication to stop bogus submissions, right? Otherwise the TripleA client wouldn't be able to submit the report (unless we do some kind of OAuth integration with a provider or providers most players have an account with). Maybe the server itself needs to rate limit reports by source IP? "Sorry, you can only submit 5 bug reports per hour." Once again, though, that will make the server stateful. |
You'll get an exception:
I've mostly used Jackson for JSON parsing, gson is pretty similar AFAIK, mostly a difference of whether properties are inferred from the 'getter' methods or from private properties. The 'feign' encoding/decode had a gson decode chosen, so just sticking with that same general set of libraries. I do not know if out of the box whether gson will ignore or explode when it sees unrecognized properties.
Good question, been wondering this one: #3949. Any version that stores reports in DB and has some sort of acceptance system get pretty convoluted soon, is hard to enlist help, is very custom, and could easily see starvation in bug reports. Overall, creating the report directly seemed to be a convenient and appropriate choice.
In general, low, over time, it'll probably happen. There is some client side rate limiting put in place, the server side will have rate limiting as well, it's not in place yet though (https://github.com/triplea-game/triplea/projects/4#card-12668058) I wouldn't mind out of the scope of these changes a brainstorming session of the abuse-prevention items that we should build in. Happily github has mass issue delete in case we get flooded, but unlikely given the rate limit I suspect will be something like 10 per hour. |
@ssoloff basically exactly that 😄 The state would be kept presumably in a DB table. |
@RoiEXLab the updates you requested in code have been completed & pushed. Please take a look. @RoiEXLab @ssoloff throttling and further rate limiting/abuse prevention is out of scope for now; the http-server is not even yet live/deployed. The main focus of this PR is that we have a new http integration to create issues and the backend server is wired to send those requests. I have more updates waiting in the wings for after this is merged. The throttling piece is being tracked in the project, it is not part of this PR intentionally. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just some minor issues.
After that I'd leave it to @ssoloff to see if he has something additional to say.
@Log | ||
final class FeignFactory { | ||
private static GsonEncoder gsonEncoder = new GsonEncoder(); | ||
private static GsonDecoder gsonDecoder = new GsonDecoder(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think those variables are never getting reassigned, so making them final would be good
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While there I also weakened the variable types.
import org.triplea.test.common.Integration; | ||
|
||
import spark.Spark; | ||
|
||
|
||
@Integration | ||
@ExtendWith(MockitoExtension.class) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct me if I'm wrong, but I'm pretty sure this isn't necessary, because no mockito annotations are being used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right, it's only needed when using the annotations. 👍
Overview
error reports.
Functional Changes
Manual Testing Performed
Additional Review Notes