Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable Authorization Request Limits #9

Merged
merged 2 commits into from
Jan 26, 2024

Conversation

NeonDaniel
Copy link
Member

Description

Make authorization requests per minute param configurable with comparable defaults (6/60 from 3/30)
Document configuration option in README.md

Issues

Other Notes

Follow-up to #8

…able defaults (6/60 from 3/30)

Document configuration option in README.md
@NeonDaniel NeonDaniel requested a review from mikejgray January 24, 2024 02:16
Copy link
Contributor

@mikejgray mikejgray left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One request per 10 seconds seems fair to me, and configurable settings are always good

Comment on lines 79 to 80
f"{origin_ip}. Wait 30 seconds.")
f"{origin_ip}. Wait 1 minute.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, giving the exact time to wait helps people infer the rate limit, and they can script it more accurately to stay within the window. No matter what the approach is, it's probably best to make sure there's monitoring in place for multiple failed requests inside a time window.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some logic and update the return to give the time until the rate-limit counter resets.

When we implement some actual auth validation I agree we should also monitor failed requests and impose some stricter limits for bad credentials

@NeonDaniel NeonDaniel merged commit 63fd997 into dev Jan 26, 2024
6 checks passed
@NeonDaniel NeonDaniel deleted the FEAT_MakeAuthRPMConfigurable branch January 26, 2024 00:35
@github-actions github-actions bot mentioned this pull request Feb 26, 2024
NeonDaniel added a commit that referenced this pull request Feb 27, 2024
# Changelog

## [0.0.1a9](https://github.com/NeonGeckoCom/neon-hana/tree/0.0.1a9)
(2024-02-26)

[Full
Changelog](0.0.1a8...0.0.1a9)

**Merged pull requests:**

- Cleanup comments and prep for release
[\#13](#13)
([NeonDaniel](https://github.com/NeonDaniel))

## [0.0.1a8](https://github.com/NeonGeckoCom/neon-hana/tree/0.0.1a8)
(2024-01-26)

[Full
Changelog](0.0.1a7...0.0.1a8)

**Merged pull requests:**

- Update to use client-provided public IP address when available
[\#12](#12)
([NeonDaniel](https://github.com/NeonDaniel))

## [0.0.1a7](https://github.com/NeonGeckoCom/neon-hana/tree/0.0.1a7)
(2024-01-26)

[Full
Changelog](0.0.1a6...0.0.1a7)

**Merged pull requests:**

- Add Node data model and Session support
[\#11](#11)
([NeonDaniel](https://github.com/NeonDaniel))

## [0.0.1a6](https://github.com/NeonGeckoCom/neon-hana/tree/0.0.1a6)
(2024-01-26)

[Full
Changelog](0.0.1a5...0.0.1a6)

**Merged pull requests:**

- Configurable Authorization Request Limits
[\#9](#9)
([NeonDaniel](https://github.com/NeonDaniel))

## [0.0.1a5](https://github.com/NeonGeckoCom/neon-hana/tree/0.0.1a5)
(2024-01-23)

[Full
Changelog](0.0.1a4...0.0.1a5)

**Merged pull requests:**

- JWT server cache fix and client response update
[\#8](#8)
([NeonDaniel](https://github.com/NeonDaniel))

## [0.0.1a4](https://github.com/NeonGeckoCom/neon-hana/tree/0.0.1a4)
(2024-01-22)

[Full
Changelog](0.0.1a3...0.0.1a4)

**Merged pull requests:**

- Default disable email service with note in docs explaining rationale
[\#4](#4)
([NeonDaniel](https://github.com/NeonDaniel))

## [0.0.1a3](https://github.com/NeonGeckoCom/neon-hana/tree/0.0.1a3)
(2024-01-22)

[Full
Changelog](0.0.1a2...0.0.1a3)

**Merged pull requests:**

- Add `assist` route for HTTP requests
[\#3](#3)
([NeonDaniel](https://github.com/NeonDaniel))

## [0.0.1a2](https://github.com/NeonGeckoCom/neon-hana/tree/0.0.1a2)
(2024-01-19)

[Full
Changelog](885ec6e...0.0.1a2)

**Merged pull requests:**

- Fix path errors in test build automation
[\#2](#2)
([NeonDaniel](https://github.com/NeonDaniel))
- Initial Implementation
[\#1](#1)
([NeonDaniel](https://github.com/NeonDaniel))



\* *This Changelog was automatically generated by
[github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants