Add temporary per-day user throttling (#392)

molly-moen · web-flow · commit 60bb9af3f2f9 · 2023-05-03T13:05:05.000-07:00
* update daily blocking logic

* add config for dev setup

* updates

* decrease dev limit

* update constants

* update string

* update configs

* update prod to have no daily limit

* make no limit clearer

* try out -1 as no limit
diff --git a/cicd/3-app/javabuilder/config/production-demo.config.json b/cicd/3-app/javabuilder/config/production-demo.config.json
@@ -5,8 +5,8 @@
     "BaseDomainNameHostedZonedID": "Z2LCOI49SCXUGU",
     "ProvisionedConcurrentExecutions": "1",
     "ReservedConcurrentExecutions": "5",
-    "LimitPerHour": "25",
-    "LimitPerDay": "100",
+    "LimitPerHour": "-1",
+    "LimitPerDay": "50",
     "SilenceAlerts": "false"
   },
   "Tags": {
diff --git a/cicd/3-app/javabuilder/config/production.config.json b/cicd/3-app/javabuilder/config/production.config.json
@@ -5,7 +5,7 @@
     "ProvisionedConcurrentExecutions": "50",
     "ReservedConcurrentExecutions": "500",
     "LimitPerHour": "1000",
-    "LimitPerDay": "5000",
+    "LimitPerDay": "-1",
     "SilenceAlerts": "false",
     "TeacherLimitPerHour": "25000"
   },
diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb
@@ -26,13 +26,13 @@ Parameters:
     Default: 3
   LimitPerHour:
     Type: Number
-    Description: The number of Javabuilder invocations allowed per user per hour.
-    MinValue: 1
+    Description: The number of Javabuilder invocations allowed per user per hour. If the value is -1, then there is no limit on the number of invocations per hour.
+    MinValue: -1
     Default: 50
   LimitPerDay:
     Type: Number
-    Description: The number of Javabuilder invocations allowed per user per day.
-    MinValue: 1
+    Description: The number of Javabuilder invocations allowed per user per day. If the value is -1, then there is no limit on the number of invocations per day.
+    MinValue: -1
     Default: 150
   TeacherLimitPerHour:
     Type: Number
diff --git a/javabuilder-authorizer/token_status.rb b/javabuilder-authorizer/token_status.rb
@@ -2,7 +2,7 @@ module TokenStatus
   ### Token statuses used in HTTP authorizer (first step in token validation)
   # Token was validated by HTTP authorizer
   VALID_HTTP = 'VALID_HTTP'.freeze
-  # User has been blocked for violating hourly or daily throttle limits
+  # User has been blocked for violating hourly throttle limits
   USER_BLOCKED = 'USER_BLOCKED'.freeze
   # All of a user's teachers (or the teacher themselves, if the user is a teacher)
   # has been blocked for violating hourly throttle limits
@@ -24,12 +24,15 @@ module TokenStatus
   UNKNOWN_ID = 'UNKNOWN_ID'.freeze
   # Token provided was not vetted by hTTP authorizer
   NOT_VETTED = 'NOT_VETTED'.freeze
+  # User has been blocks for violating daily limits. They will be automatically unblocked 
+  # once they are no longer over the limit.
+  USER_BLOCKED_TEMPORARY = 'USER_BLOCKED_TEMPORARY'.freeze
 
   ### Token status used by both authorizers
   # Token provided to the authorizer has already been used
   TOKEN_USED = 'TOKEN_USED'.freeze
 
-  ERROR_STATES = [USER_BLOCKED, CLASSROOM_BLOCKED, USER_OVER_DAILY_LIMIT, USER_OVER_HOURLY_LIMIT, TEACHERS_OVER_HOURLY_LIMIT, UNKNOWN_ID, NOT_VETTED, TOKEN_USED]
+  ERROR_STATES = [USER_BLOCKED, CLASSROOM_BLOCKED, USER_OVER_DAILY_LIMIT, USER_OVER_HOURLY_LIMIT, TEACHERS_OVER_HOURLY_LIMIT, UNKNOWN_ID, NOT_VETTED, TOKEN_USED, USER_BLOCKED_TEMPORARY]
   WARNING_STATES = [NEAR_LIMIT]
   VALID_STATES = [VALID_HTTP, VALID_WEBSOCKET]
 
@@ -38,10 +41,19 @@ module TokenStatus
     CLASSROOM_BLOCKED => 'ClassroomBlocked',
     UNKNOWN_ID => 'TokenUnknownId',
     NOT_VETTED => 'TokenNotVetted',
-    TOKEN_USED => 'TokenUsed'
+    TOKEN_USED => 'TokenUsed',
+    USER_BLOCKED_TEMPORARY => 'UserBlockedTemporary',
   }.freeze
 
   NEW_USER_BLOCKED = 'NewUserBlocked'.freeze
   NEW_CLASSROOM_BLOCKED = 'NewClassroomBlocked'.freeze
   CLASSROOM_HOURLY_REQUEST_COUNT = 'ClassroomHourlyRequestCount'.freeze
+
+  # Lockout statuses
+  PERMANENT_LOCKOUT = 'PERMANENT'.freeze
+  TEMPORARY_LOCKOUT = 'TEMPORARY'.freeze
+
+  # Lockout periods
+  DAY = 'DAY'.freeze
+  HOUR = 'HOUR'.freeze
 end
diff --git a/javabuilder-authorizer/token_validator.rb b/javabuilder-authorizer/token_validator.rb
@@ -11,6 +11,7 @@ class TokenValidator
   USER_REQUEST_RECORD_TTL_SECONDS = 25 * ONE_HOUR_SECONDS
   TEACHER_ASSOCIATED_REQUEST_TTL_SECONDS = 25 * ONE_HOUR_SECONDS
   NEAR_LIMIT_BUFFER = 10
+  NO_LIMIT = -1
 
   def initialize(payload, origin, context)
     @token_id = payload['sid']
@@ -29,10 +30,14 @@ def validate
     return error(CLASSROOM_BLOCKED) if teachers_blocked?
     hourly_usage_response = user_usage(ONE_HOUR_SECONDS)
     return error(USER_BLOCKED) if user_over_hourly_limit?(hourly_usage_response)
-    # return error(USER_BLOCKED) if user_over_daily_limit?
+    daily_usage_response = user_usage(ONE_DAY_SECONDS)
+    return error(USER_BLOCKED_TEMPORARY) if user_over_daily_limit?(daily_usage_response)
     return error(CLASSROOM_BLOCKED) if teachers_over_hourly_limit?
 
     near_limit_detail = get_user_near_hourly_limit_detail(hourly_usage_response.count)
+    if !near_limit_detail
+      near_limit_detail = get_user_near_daily_limit_detail(daily_usage_response.count)
+    end
     log_requests
     mark_token_as_vetted
     set_token_warning(NEAR_LIMIT, near_limit_detail) if near_limit_detail
@@ -88,23 +93,32 @@ def teachers_blocked?
   end
 
   def user_over_hourly_limit?(hourly_usage_response)
+    limit_per_hour =  ENV['limit_per_hour'].to_i
+    return false if limit_per_hour == NO_LIMIT
     user_over_limit?(
       hourly_usage_response,
-      ENV['limit_per_hour'].to_i,
-      USER_OVER_HOURLY_LIMIT
+      limit_per_hour,
+      USER_OVER_HOURLY_LIMIT,
+      true # Should block permanently if the limit has been reached.
     )
   end
 
   def get_user_near_hourly_limit_detail(hourly_usage_count)
-    get_user_near_limit_detail(hourly_usage_count, ENV['limit_per_hour'].to_i)
+    get_user_near_limit_detail(hourly_usage_count, ENV['limit_per_hour'].to_i, HOUR, PERMANENT_LOCKOUT)
+  end
+
+  def get_user_near_daily_limit_detail(daily_usage_count)
+    get_user_near_limit_detail(daily_usage_count, ENV['limit_per_day'].to_i, DAY, TEMPORARY_LOCKOUT)
   end
 
-  def user_over_daily_limit?
-    usage_response = user_usage(ONE_DAY_SECONDS)
+  def user_over_daily_limit?(daily_usage_response)
+    limit_per_day = ENV['limit_per_day'].to_i
+    return false if limit_per_day == NO_LIMIT
     user_over_limit?(
-      usage_response,
-      ENV['limit_per_day'].to_i,
-      USER_OVER_DAILY_LIMIT
+      daily_usage_response,
+      limit_per_day,
+      USER_OVER_DAILY_LIMIT,
+      false # Should not block permanently if the limit has been reached.
     )
   end
 
@@ -226,17 +240,17 @@ def user_usage(time_range_seconds)
     response
   end
 
-  def get_user_near_limit_detail(count, limit)
-    if count <= limit && count >= (limit - NEAR_LIMIT_BUFFER)
-      return {remaining: limit - count}
+  def get_user_near_limit_detail(count, limit, period, lockout_type)
+    if limit != NO_LIMIT && count <= limit && count >= (limit - NEAR_LIMIT_BUFFER)
+      return {remaining: limit - count, period: period, lockout_type: lockout_type}
     else
       return nil
     end
   end
 
-  def user_over_limit?(query_response, limit, logging_message)
+  def user_over_limit?(query_response, limit, logging_message, should_block_permanently)
     over_limit = query_response.count > limit
-    if over_limit
+    if over_limit && should_block_permanently
       # logging could be improved,
       # [{"ttl"=>0.1648766446e10, "user_id"=>"611", "issued_at"=>0.1648680046e10}, {...
       begin
