Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugfix: implement rate limiting for auth endpoints #942

Merged
merged 20 commits into from
Aug 23, 2024
Merged

Bugfix: implement rate limiting for auth endpoints #942

merged 20 commits into from
Aug 23, 2024

Conversation

MikeSoft007
Copy link
Collaborator

@MikeSoft007 MikeSoft007 commented Aug 23, 2024
edited
Loading

Description

This pull request introduces rate limiting to selected API endpoints in our application. The goal is to prevent abuse and ensure fair usage by restricting the number of requests a client can make within a given time frame.

Rate Limiting Implementation:

  • Added rate limiting middleware to the application.
  • Configured rate limits for key API endpoints, including:
    -- /api/v1/auth/magic-link: Limited to 5 requests per minute per user.
    -- /api/v1/auth/login: Limited to 10 requests per minute per user.
    -- /api/v1/resource/*: General rate limiting applied across all resource-related endpoints.

Configuration:

  • Introduced environment variables to manage rate limiting settings:
  • RATE_LIMIT: Sets the maximum number of requests per time window (e.g., 100 requests per minute).
  • RATE_LIMIT_SCOPE: Determines the scope of rate limiting (e.g., by IP address, user ID, etc.).

Related Issue (Link to issue ticket)

hngprojects/hng_boilerplate_nestjs#911

Motivation and Context

This change is required to ensure that the backend can handle request loads more effectively and prevent abuse, especially in high-traffic scenarios. Implementing rate limiting helps to maintain service availability and improves the overall user experience by ensuring that the API remains responsive and fair to all users.
This change is required to ensure that the backend can send emails that are more aligned with the requirements of the endpoints.

How Has This Been Tested?

The change was tested using integration tests in a development environment. The tests included:

  • Sending various requests from Postman and verifying that the rate limiting is enforced correctly.
  • Ensuring that users receive a 429 Too Many Requests response when exceeding the rate limits.
  • Confirming that valid requests within the rate limits are processed as expected.

Screenshots (if appropriate - Postman, etc):

image

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@johnson-oragui
Copy link
Collaborator

@MikeSoft007

add slowapi to requirements.txt, then update the branch

@MikeSoft007 MikeSoft007 force-pushed the bugfix/waitlist_email branch from 9a3dc47 to 4a55c85 Compare August 23, 2024 18:50
@MikeSoft007 MikeSoft007 changed the title Bugfix: send confirmation email after waitlist signup Bugfix: send confirmation email after waitlist signup and added rate limit to authentication routes Aug 23, 2024
@MikeSoft007 MikeSoft007 changed the title Bugfix: send confirmation email after waitlist signup and added rate limit to authentication routes Bugfix: implement rate limiting for auth endpoints Aug 23, 2024
@johnson-oragui johnson-oragui merged commit fd78c63 into hngprojects:dev Aug 23, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johnson-oragui johnson-oragui johnson-oragui approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MikeSoft007 @johnson-oragui