Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a Rate Limiter #207

Open
2 tasks
nhatnghiho opened this issue Mar 14, 2023 · 0 comments
Open
2 tasks

Implement a Rate Limiter #207

nhatnghiho opened this issue Mar 14, 2023 · 0 comments
Labels
task Task issue for a current or past sprint

Comments

@nhatnghiho
Copy link
Contributor

Description

We want to rate limit our cloud function(s) to hedge operation cost and avoid DOS attacks. For this ticket, we'll experiment this with /fetchFriendSchedules.

Acceptance Criteria

  • /fetchFriendSchedules is rate limited.
  • Throttled requests return an error and that error is displayed on the UI.

Other Note

  • There are many rate-limiting strategies but we want to use one that can handle fluctuating traffic (so leaky bucket might not be the best choice)
  • We can throttle requests based on some operation identifier (e.g., throttle per endpoint, per IP address, per user, etc.). Take that into consideration when designing this rate limiter.
@nhatnghiho nhatnghiho added the task Task issue for a current or past sprint label Mar 14, 2023
@nhatnghiho nhatnghiho changed the title Implement Rate Limiting Implement a Rate Limiter Mar 14, 2023
@samarth52 samarth52 mentioned this issue Apr 1, 2023
Merged
2 tasks
samarth52 added a commit that referenced this issue Oct 20, 2023
@samarth52 @nathangong @nhatnghiho
Implement a Rate Limiter (#216)
ef99fd6 
### Summary

Resolves #207 

Sibling PR: gt-scheduler/firebase-conf#4

We want to be able to rate limit the `/fetchFriendSchedules` firebase
cloud function endpoint to prevent DOS attacks and increased server
costs. I implemented a client-side Leaky Bucket solution using a request
count stored in the local storage. The counts are updated based on the
last request time when a new request is made. The rate limiter does not
restrict the background calls to the endpoint that syncs any change to
friend schedules. Each second, the request count increases by 1 and is
capped at 10.

Note: This rate limiter does not sync request count across devices due
to the usage of local storage. To do so, we might have to use an extra
collection which might increase costs.

### Checklist

- [x]  /fetchFriendSchedules is rate limited.
- [x] Throttled requests return an error and that error is displayed on
the UI.


### How to Test
- Change the rate limiter capacity and interval in
`src\data\hooks\useRawFriendScheduleDataFromFirebaseFunction.ts` to
something that can be reached by normal page reloads

---------

Co-authored-by: nathangong <[email protected]>
Co-authored-by: Nghi Ho <[email protected]>
Co-authored-by: Hailey Ho <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
task Task issue for a current or past sprint
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nhatnghiho