Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: add ip based limiter #1622

Merged
merged 3 commits into from
Jun 17, 2024
Merged

fix: add ip based limiter #1622

merged 3 commits into from
Jun 17, 2024

Conversation

kangmingtay
Copy link
Member

@kangmingtay kangmingtay commented Jun 14, 2024

What kind of change does this PR introduce?

  • Adds ip-based rate limiting on all endpoints that send OTPs either through email or phone with the config GOTRUE_RATE_LIMIT_OTP
  • IP-based rate limiting should always come before the shared limiter, so as to prevent the quota of the shared limiter from being consumed too quickly by the same ip-address

@kangmingtay kangmingtay requested a review from a team as a code owner June 14, 2024 06:59
@coveralls
Copy link

coveralls commented Jun 14, 2024

Pull Request Test Coverage Report for Build 9511998039

Details

  • 41 of 45 (91.11%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.08%) to 57.693%

Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/api/api.go 41 45 91.11%
Totals Coverage Status
Change from base Build 9487645421: 0.08%
Covered Lines: 8692
Relevant Lines: 15066

💛 - Coveralls

@coveralls
Copy link

coveralls commented Jun 14, 2024

Pull Request Test Coverage Report for Build 9513757674

Details

  • 41 of 45 (91.11%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.08%) to 57.693%

Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/api/api.go 41 45 91.11%
Totals Coverage Status
Change from base Build 9487645421: 0.08%
Covered Lines: 8692
Relevant Lines: 15066

💛 - Coveralls

Copy link
Contributor

@J0 J0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, thanks!

internal/api/api.go Show resolved Hide resolved
internal/api/api.go Show resolved Hide resolved
@kangmingtay kangmingtay merged commit 06464c0 into master Jun 17, 2024
2 checks passed
@kangmingtay kangmingtay deleted the km/add-ip-based-limits branch June 17, 2024 09:02
J0 pushed a commit that referenced this pull request Jun 20, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.154.1](v2.154.0...v2.154.1)
(2024-06-17)


### Bug Fixes

* add ip based limiter
([#1622](#1622))
([06464c0](06464c0))
* admin user update should update is_anonymous field
([#1623](#1623))
([f5c6fcd](f5c6fcd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
uxodb pushed a commit to uxodb/auth that referenced this pull request Nov 13, 2024
## What kind of change does this PR introduce?
* Adds ip-based rate limiting on all endpoints that send OTPs either
through email or phone with the config `GOTRUE_RATE_LIMIT_OTP`
* IP-based rate limiting should always come before the shared limiter,
so as to prevent the quota of the shared limiter from being consumed too
quickly by the same ip-address
uxodb pushed a commit to uxodb/auth that referenced this pull request Nov 13, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.154.1](supabase/auth@v2.154.0...v2.154.1)
(2024-06-17)


### Bug Fixes

* add ip based limiter
([supabase#1622](supabase#1622))
([06464c0](supabase@06464c0))
* admin user update should update is_anonymous field
([supabase#1623](supabase#1623))
([f5c6fcd](supabase@f5c6fcd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 13, 2024
## What kind of change does this PR introduce?
* Adds ip-based rate limiting on all endpoints that send OTPs either
through email or phone with the config `GOTRUE_RATE_LIMIT_OTP`
* IP-based rate limiting should always come before the shared limiter,
so as to prevent the quota of the shared limiter from being consumed too
quickly by the same ip-address
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 13, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.154.1](supabase/auth@v2.154.0...v2.154.1)
(2024-06-17)


### Bug Fixes

* add ip based limiter
([supabase#1622](supabase#1622))
([06464c0](supabase@06464c0))
* admin user update should update is_anonymous field
([supabase#1623](supabase#1623))
([f5c6fcd](supabase@f5c6fcd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 15, 2024
## What kind of change does this PR introduce?
* Adds ip-based rate limiting on all endpoints that send OTPs either
through email or phone with the config `GOTRUE_RATE_LIMIT_OTP`
* IP-based rate limiting should always come before the shared limiter,
so as to prevent the quota of the shared limiter from being consumed too
quickly by the same ip-address
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 15, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.154.1](supabase/auth@v2.154.0...v2.154.1)
(2024-06-17)


### Bug Fixes

* add ip based limiter
([supabase#1622](supabase#1622))
([06464c0](supabase@06464c0))
* admin user update should update is_anonymous field
([supabase#1623](supabase#1623))
([f5c6fcd](supabase@f5c6fcd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants