[public-api] add rate limiting in server #18953
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
akosyakov
commented
Oct 18, 2023
akosyakov
commented
Oct 19, 2023
akosyakov
force-pushed
the
ak/public_api_rate_limit
branch
6 times, most recently
from
19553fa to
debe4bc
Compare
akosyakov
force-pushed
the
ak/public_api_rate_limit
branch
from
debe4bc to
198ac2c
Compare
svenefftinge
approved these changes
Oct 19, 2023
|
/unhold |
akosyakov
added a commit
that referenced
this pull request
Oct 19, 2023
This reverts commit 01f100b.
roboquat
pushed a commit
that referenced
this pull request
Oct 19, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds rate limiting to Public API in Server:
RateLimiteddecorator but can be overridden with config map during operations.Summary generated by Copilot
🤖 Generated by Copilot at 51fe912
This pull request refactors the server component to use JWT cookies for authentication and authorization, and implements rate limiting for the gRPC API using Redis and memory. It also migrates the
public-api-workspaces-getcommand to use the gRPC API and updates theWorkspaceServiceAPIclass to use the userId from the context.Related Issue(s)
Fixes EXP-766
How to test
The preview env has gRPC api enabled from the dashboard plus rate limit is configured for getWorkspace as 1 call per a minute via a configmap.
Open a dev tool, and start a workspace, in dev tools filter to getWorkspace calls. You should see 429 error codes, investigate headers (
Retry-After+X-Ratelimit-*) for additional info about rate limiting. If you reload the page you should see that eventually it is successful.Documentation
Preview status
Gitpod was successfully deployed to your preview environment.
Build Options
Build
Run the build with werft instead of GHA
Run Leeway with
--dont-testPublish
Installer
Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
If enabled this will build
install/previewIf enabled this will create the environment on GCE infra
Valid options are
all,workspace,webapp,ide,jetbrains,vscode,ssh. If enabled,with-previewandwith-large-vmwill be enabled./hold