Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add rate limiting across multiple servers via Redis #8394

Merged
merged 15 commits into from
Mar 6, 2023

Conversation

dblythy
Copy link
Member

@dblythy dblythy commented Jan 19, 2023

New Pull Request Checklist

Issue Description

Currently, the rate limiter only works on single instances

Closes: #8393

Approach

Adds a RedisStore

TODOs before merging

  • Add tests

@parse-github-assistant
Copy link

parse-github-assistant bot commented Jan 19, 2023

Thanks for opening this pull request!

  • 🎉 We are excited about your hands-on contribution!

@codecov
Copy link

codecov bot commented Jan 19, 2023

Codecov Report

Patch coverage: 23.52% and project coverage change: -0.36 ⚠️

Comparison is base (4ce135a) 94.30% compared to head (fd4dfff) 93.95%.

❗ Current head fd4dfff differs from pull request most recent head 2cc16b4. Consider uploading reports for the commit 2cc16b4 to get more accurate results

Additional details and impacted files
@@            Coverage Diff             @@
##            alpha    #8394      +/-   ##
==========================================
- Coverage   94.30%   93.95%   -0.36%     
==========================================
  Files         183      183              
  Lines       14484    14501      +17     
==========================================
- Hits        13659    13624      -35     
- Misses        825      877      +52     
Impacted Files Coverage Δ
src/Options/Definitions.js 100.00% <ø> (ø)
src/Options/index.js 100.00% <ø> (ø)
src/middlewares.js 92.64% <23.52%> (-4.17%) ⬇️
src/Adapters/Cache/RedisCacheAdapter.js 17.39% <0.00%> (-73.92%) ⬇️
src/LiveQuery/ParseCloudCodePublisher.js 84.21% <0.00%> (-15.79%) ⬇️
src/ParseServer.js 92.20% <0.00%> (-0.44%) ⬇️
src/LiveQuery/ParseLiveQueryServer.js 95.78% <0.00%> (-0.22%) ⬇️
src/RestWrite.js 94.76% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@dblythy dblythy closed this Jan 19, 2023
@dblythy dblythy reopened this Jan 19, 2023
@dblythy dblythy requested a review from a team January 20, 2023 04:30
src/Options/Definitions.js Outdated Show resolved Hide resolved
src/Options/index.js Outdated Show resolved Hide resolved
src/middlewares.js Show resolved Hide resolved
@dblythy dblythy requested a review from a team January 21, 2023 05:01
Copy link
Member

@mtrezza mtrezza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo

src/Options/index.js Outdated Show resolved Hide resolved
Copy link
Member

@mtrezza mtrezza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@mtrezza mtrezza changed the title feat: Add redis store for rate limiter feat: Add rate limiting across a group of server via Redis Feb 1, 2023
@mtrezza mtrezza changed the title feat: Add rate limiting across a group of server via Redis feat: Add rate limiting across multiple servers via Redis Feb 1, 2023
Copy link
Member

@mtrezza mtrezza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems the definitions file needs an update

@dblythy dblythy requested a review from a team March 5, 2023 06:36
Copy link
Member

@mtrezza mtrezza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, waiting for CI to pass...

@mtrezza mtrezza merged commit 34833e4 into parse-community:alpha Mar 6, 2023
parseplatformorg pushed a commit that referenced this pull request Mar 6, 2023
# [6.1.0-alpha.6](6.1.0-alpha.5...6.1.0-alpha.6) (2023-03-06)

### Features

* Add rate limiting across multiple servers via Redis ([#8394](#8394)) ([34833e4](34833e4))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.1.0-alpha.6

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Mar 6, 2023
@dblythy dblythy deleted the redis-store branch March 6, 2023 20:51
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.1.0-alpha.7

parseplatformorg pushed a commit that referenced this pull request May 1, 2023
# [6.1.0-beta.2](6.1.0-beta.1...6.1.0-beta.2) (2023-05-01)

### Bug Fixes

* LiveQuery can return incorrectly formatted date ([#8456](#8456)) ([4ce135a](4ce135a))
* Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([#8446](#8446)) ([22d2446](22d2446))
* Parameters missing in `afterFind` trigger of authentication adapters ([#8458](#8458)) ([ce34747](ce34747))
* Rate limiting across multiple servers via Redis not working ([#8469](#8469)) ([d9e347d](d9e347d))

### Features

* Add `afterFind` trigger to authentication adapters ([#8444](#8444)) ([c793bb8](c793bb8))
* Add rate limiting across multiple servers via Redis ([#8394](#8394)) ([34833e4](34833e4))
* Allow multiple origins for header `Access-Control-Allow-Origin` ([#8517](#8517)) ([4f15539](4f15539))
* Export `AuthAdapter` to make it available for extension with custom authentication adapters ([#8443](#8443)) ([40c1961](40c1961))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.1.0-beta.2

@parseplatformorg parseplatformorg added the state:released-beta Released as beta version label May 1, 2023
parseplatformorg pushed a commit that referenced this pull request May 1, 2023
# [6.1.0](6.0.0...6.1.0) (2023-05-01)

### Bug Fixes

* LiveQuery can return incorrectly formatted date ([#8456](#8456)) ([4ce135a](4ce135a))
* Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([#8446](#8446)) ([22d2446](22d2446))
* Parameters missing in `afterFind` trigger of authentication adapters ([#8458](#8458)) ([ce34747](ce34747))
* Rate limiting across multiple servers via Redis not working ([#8469](#8469)) ([d9e347d](d9e347d))
* Security upgrade jsonwebtoken to 9.0.0 ([#8420](#8420)) ([f5bfe45](f5bfe45))

### Features

* Add `afterFind` trigger to authentication adapters ([#8444](#8444)) ([c793bb8](c793bb8))
* Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([#8436](#8436)) ([b3b76de](b3b76de))
* Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](#7551)) ([e5d610e](e5d610e))
* Add rate limiting across multiple servers via Redis ([#8394](#8394)) ([34833e4](34833e4))
* Allow multiple origins for header `Access-Control-Allow-Origin` ([#8517](#8517)) ([4f15539](4f15539))
* Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([#8388](#8388)) ([a49e323](a49e323))
* Export `AuthAdapter` to make it available for extension with custom authentication adapters ([#8443](#8443)) ([40c1961](40c1961))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.1.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label May 1, 2023
mtrezza added a commit to mtrezza/parse-server that referenced this pull request Jun 10, 2023
commit 1506273
Author: semantic-release-bot <[email protected]>
Date:   Sat May 20 23:24:03 2023 +0000

    chore(release): 6.2.0 [skip ci]

    # [6.2.0](parse-community/parse-server@6.1.0...6.2.0) (2023-05-20)

    ### Features

    * Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([parse-community#8538](parse-community#8538)) ([a318e7b](parse-community@a318e7b))

commit a318e7b
Author: Manuel <[email protected]>
Date:   Sun May 21 01:23:00 2023 +0200

    feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (parse-community#8538)

commit 832702d
Author: semantic-release-bot <[email protected]>
Date:   Mon May 1 21:50:23 2023 +0000

    chore(release): 6.1.0 [skip ci]

    # [6.1.0](parse-community/parse-server@6.0.0...6.1.0) (2023-05-01)

    ### Bug Fixes

    * LiveQuery can return incorrectly formatted date ([parse-community#8456](parse-community#8456)) ([4ce135a](parse-community@4ce135a))
    * Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([parse-community#8446](parse-community#8446)) ([22d2446](parse-community@22d2446))
    * Parameters missing in `afterFind` trigger of authentication adapters ([parse-community#8458](parse-community#8458)) ([ce34747](parse-community@ce34747))
    * Rate limiting across multiple servers via Redis not working ([parse-community#8469](parse-community#8469)) ([d9e347d](parse-community@d9e347d))
    * Security upgrade jsonwebtoken to 9.0.0 ([parse-community#8420](parse-community#8420)) ([f5bfe45](parse-community@f5bfe45))

    ### Features

    * Add `afterFind` trigger to authentication adapters ([parse-community#8444](parse-community#8444)) ([c793bb8](parse-community@c793bb8))
    * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([parse-community#8436](parse-community#8436)) ([b3b76de](parse-community@b3b76de))
    * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([parse-community#7551](parse-community#7551)) ([e5d610e](parse-community@e5d610e))
    * Add rate limiting across multiple servers via Redis ([parse-community#8394](parse-community#8394)) ([34833e4](parse-community@34833e4))
    * Allow multiple origins for header `Access-Control-Allow-Origin` ([parse-community#8517](parse-community#8517)) ([4f15539](parse-community@4f15539))
    * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([parse-community#8388](parse-community#8388)) ([a49e323](parse-community@a49e323))
    * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([parse-community#8443](parse-community#8443)) ([40c1961](parse-community@40c1961))

commit 18b63d1
Merge: f7eee19 f59d46c
Author: Manuel <[email protected]>
Date:   Mon May 1 23:49:22 2023 +0200

    build: Release (parse-community#8526)
mtrezza added a commit to mtrezza/parse-server that referenced this pull request Jun 10, 2023
commit 1506273
Author: semantic-release-bot <[email protected]>
Date:   Sat May 20 23:24:03 2023 +0000

    chore(release): 6.2.0 [skip ci]

    # [6.2.0](parse-community/parse-server@6.1.0...6.2.0) (2023-05-20)

    ### Features

    * Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([parse-community#8538](parse-community#8538)) ([a318e7b](parse-community@a318e7b))

commit a318e7b
Author: Manuel <[email protected]>
Date:   Sun May 21 01:23:00 2023 +0200

    feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (parse-community#8538)

commit 832702d
Author: semantic-release-bot <[email protected]>
Date:   Mon May 1 21:50:23 2023 +0000

    chore(release): 6.1.0 [skip ci]

    # [6.1.0](parse-community/parse-server@6.0.0...6.1.0) (2023-05-01)

    ### Bug Fixes

    * LiveQuery can return incorrectly formatted date ([parse-community#8456](parse-community#8456)) ([4ce135a](parse-community@4ce135a))
    * Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([parse-community#8446](parse-community#8446)) ([22d2446](parse-community@22d2446))
    * Parameters missing in `afterFind` trigger of authentication adapters ([parse-community#8458](parse-community#8458)) ([ce34747](parse-community@ce34747))
    * Rate limiting across multiple servers via Redis not working ([parse-community#8469](parse-community#8469)) ([d9e347d](parse-community@d9e347d))
    * Security upgrade jsonwebtoken to 9.0.0 ([parse-community#8420](parse-community#8420)) ([f5bfe45](parse-community@f5bfe45))

    ### Features

    * Add `afterFind` trigger to authentication adapters ([parse-community#8444](parse-community#8444)) ([c793bb8](parse-community@c793bb8))
    * Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([parse-community#8436](parse-community#8436)) ([b3b76de](parse-community@b3b76de))
    * Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([parse-community#7551](parse-community#7551)) ([e5d610e](parse-community@e5d610e))
    * Add rate limiting across multiple servers via Redis ([parse-community#8394](parse-community#8394)) ([34833e4](parse-community@34833e4))
    * Allow multiple origins for header `Access-Control-Allow-Origin` ([parse-community#8517](parse-community#8517)) ([4f15539](parse-community@4f15539))
    * Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([parse-community#8388](parse-community#8388)) ([a49e323](parse-community@a49e323))
    * Export `AuthAdapter` to make it available for extension with custom authentication adapters ([parse-community#8443](parse-community#8443)) ([40c1961](parse-community@40c1961))

commit 18b63d1
Merge: f7eee19 f59d46c
Author: Manuel <[email protected]>
Date:   Mon May 1 23:49:22 2023 +0200

    build: Release (parse-community#8526)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
state:released Released as stable version state:released-alpha Released as alpha version state:released-beta Released as beta version
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Rate limit with RedisStore
3 participants