-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
www: Email rate limit #1448
www: Email rate limit #1448
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks pretty good. Its clean and readable. I think you've go an issue with one of your design decisions though.
I gave this a high level review and will take a deeper look once the design issue has been sorted out.
This is ready for another look mate @lukebp fixed the design issue. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This still isn't right. Why do you have two different mail clients?
@lukebp my bad, nuked limiter client and extended our existing client with the limiting functionality. Also created the |
…okups, return concrete types intead of interface. & misc fixes. TODO: fixing tests
…ing cooldown time; cleanups
…tations (cdb,mysql) and reorder functions to match the interface declaration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall design looks good. Most of my comments are related to formatting or documentation.
…nts list; localdb mailerDB implm; review fixes
… sample-politeiawww.conf
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking much better. The code is clean and readable. I think the overall design looks good. There are still a couple parts I need to look at more carefully, but I've got to run. Remove the CMS bits and fix the comments. I'll give it a another review and test it once that's done.
Update the original pull request message too with a more in depth breakdown. It should describe from a high level the interfaces that you added, the fact that this is a new databaes table instead of adding it to the user object, and why we chose to do that. |
Done @lukebp, removed cms bits, addressed the remaining comments and updated the PR message 👍 |
mail: Refactor client tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK
This diff adds a email rate limiter functionality for the
mail
package. It extendsclient
with the rate limiting functionality. This is done in order to avoid malicious behaviour and avoid spams on the politeia's smtp server.Adds a
Mailer
interface to themail
package, providing an API to interact with the smtp client.IsEnabled
returns wether the smtp server is enabledSendTo
sends emails to anyone without rate limiting functionalitySendToUsers
sends emails to politeiawww users with rate limiting functionalityAdds a new
email_histories
table to theuser
database.user_id
as primary key.blob
containing the user's email history, which in turn contains the unix timestamps in which the last emails were sent in a 24h window for that user, and abool
to tell if the user has already received the rate limit warning email.Adds a
MailerDB
interface to theuser
package, used to interact with theemail_histories
table.EmailHistoriesSave
upsert email histories for the given usersEmailHistoriesGet
retrieve email histories for the given usersAdds a
TestMailerDB
interface to theuser
package, used to test the rate limiting functionality from themail
package.The reason a new table was created for this, instead of just adding this data to the user object, was to avoid race conditions on database calls, since our
user
database currently does not support transactions, and email notifications run in a separate go routine. This will not be the case once the user layer gets rewritten.closes #1398