Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add: Feature flag service backend integration #2266

Open
wants to merge 8 commits into
base: develop
Choose a base branch
from
Open

Add: Feature flag service backend integration #2266

wants to merge 8 commits into from

Conversation

MehulKChaudhari
Copy link
Member

@MehulKChaudhari MehulKChaudhari commented Nov 25, 2024
edited
Loading

Date: 27/11/2024

Developer Name: @MehulKChaudhari

Description

This PR will add APIs to interact with feature-flag-service

Documentation Updated?

  • Yes
  • No

Under Feature Flag

  • Yes
  • No

Database Changes

  • Yes
  • No

Breaking Changes

  • Yes
  • No

Development Tested?

  • Yes
  • No

Test Coverage

image

Additional Notes

We will need to set env variables for staging and prod.

baseUrl: "FEATURE_FLAG_SERVICE_BASE_URL",
apiKey: "FEATURE_FLAG_SERVICE_API_KEY",

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 25, 2024
View reviewed changes
routes/featureFlag.ts
const { SUPERUSER } = require("../constants/roles");
import { validateUpdateFeatureFlag, validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 4 days ago

To fix the problem, we should introduce rate limiting to the routes in the routes/featureFlag.ts file. The best way to do this is by using the express-rate-limit package, which allows us to easily set up rate limiting for our Express routes.

  1. Install the express-rate-limit package.
  2. Import the express-rate-limit package in the routes/featureFlag.ts file.
  3. Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).
  4. Apply the rate limiter to the routes that need protection.
Suggested changeset 2
routes/featureFlag.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/routes/featureFlag.ts b/routes/featureFlag.ts
--- a/routes/featureFlag.ts
+++ b/routes/featureFlag.ts
@@ -7,6 +7,12 @@
 import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
+import rateLimit from 'express-rate-limit';
 
-router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
-router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
-router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // max 100 requests per windowMs
+});
+
+router.get("/getAllFeatureFlags", authenticate, limiter, getAllFeatureFlags);
+router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById);
+router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, limiter, createFeatureFlag);
 
EOF
@@ -7,6 +7,12 @@
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
import rateLimit from 'express-rate-limit';

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // max 100 requests per windowMs
});

router.get("/getAllFeatureFlags", authenticate, limiter, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, limiter, createFeatureFlag);

package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -43,3 +43,4 @@
     "rate-limiter-flexible": "5.0.3",
-    "winston": "3.13.0"
+    "winston": "3.13.0",
+    "express-rate-limit": "^7.4.1"
   },
EOF
@@ -43,3 +43,4 @@
"rate-limiter-flexible": "5.0.3",
"winston": "3.13.0"
"winston": "3.13.0",
"express-rate-limit": "^7.4.1"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.4.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
routes/featureFlag.ts
import { validateUpdateFeatureFlag, validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 4 days ago

To fix the problem, we need to introduce rate limiting to the route handler in question. The best way to do this is by using the express-rate-limit package, which provides a simple and effective way to limit the number of requests a client can make to the server within a specified time window.

  1. Install the express-rate-limit package.
  2. Import the express-rate-limit package in the routes/featureFlag.ts file.
  3. Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).
  4. Apply the rate limiter to the route handler on line 10.
Suggested changeset 2
routes/featureFlag.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/routes/featureFlag.ts b/routes/featureFlag.ts
--- a/routes/featureFlag.ts
+++ b/routes/featureFlag.ts
@@ -7,5 +7,11 @@
 import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
+import rateLimit from 'express-rate-limit';
+
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+});
 
 router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
-router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
+router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById);
 router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
EOF
@@ -7,5 +7,11 @@
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -43,3 +43,4 @@
     "rate-limiter-flexible": "5.0.3",
-    "winston": "3.13.0"
+    "winston": "3.13.0",
+    "express-rate-limit": "^7.4.1"
   },
EOF
@@ -43,3 +43,4 @@
"rate-limiter-flexible": "5.0.3",
"winston": "3.13.0"
"winston": "3.13.0",
"express-rate-limit": "^7.4.1"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.4.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
routes/featureFlag.ts

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.
This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 4 days ago

To fix the problem, we need to introduce rate limiting to the route handler to prevent potential denial-of-service attacks. The best way to do this is by using the express-rate-limit package, which allows us to set up rate limiting middleware easily.

We will:

  1. Install the express-rate-limit package.
  2. Import the package in the routes/featureFlag.ts file.
  3. Set up a rate limiter with appropriate configuration.
  4. Apply the rate limiter to the route handler.
Suggested changeset 2
routes/featureFlag.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/routes/featureFlag.ts b/routes/featureFlag.ts
--- a/routes/featureFlag.ts
+++ b/routes/featureFlag.ts
@@ -7,2 +7,8 @@
 import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
+import rateLimit from 'express-rate-limit';
+
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+});
 
@@ -10,3 +16,3 @@
 router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
-router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
+router.post('/createFeatureFlag', limiter, authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
 
EOF
@@ -7,2 +7,8 @@
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

@@ -10,3 +16,3 @@
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
router.post('/createFeatureFlag', limiter, authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);

package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -43,3 +43,4 @@
     "rate-limiter-flexible": "5.0.3",
-    "winston": "3.13.0"
+    "winston": "3.13.0",
+    "express-rate-limit": "^7.4.1"
   },
EOF
@@ -43,3 +43,4 @@
"rate-limiter-flexible": "5.0.3",
"winston": "3.13.0"
"winston": "3.13.0",
"express-rate-limit": "^7.4.1"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.4.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
routes/featureFlag.ts Fixed Show fixed Hide fixed
services/featureFlagService.ts Fixed Show fixed Hide fixed
services/featureFlagService.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 27, 2024
View reviewed changes
services/featureFlagService.ts
Comment on lines +60 to +63
const response = await fetch(`${FEATURE_FLAG_BASE_URL}/feature-flags/${flagId}`, {
method: "GET",
headers: defaultHeaders,
});

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
@MehulKChaudhari MehulKChaudhari marked this pull request as ready for review November 27, 2024 10:00
@MehulKChaudhari MehulKChaudhari changed the title Feature flag backend integration Add: Feature flag service backend integration Nov 27, 2024
@MehulKChaudhari MehulKChaudhari mentioned this pull request Nov 30, 2024
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prakashchoudhary07 prakashchoudhary07 Awaiting requested review from prakashchoudhary07

@lakshayman lakshayman Awaiting requested review from lakshayman

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MehulKChaudhari