iotex-core icon indicating copy to clipboard operation
iotex-core copied to clipboard
verified publisher icon iotexproject

[api] Add ratelimit for websocket API

Open millken opened this issue 1 year ago • 3 comments

Description

This PR introduces a rate limit for the websocket API to control the maximum number of messages a client can send per second. This is to ensure the stability and performance of the API by preventing any potential abuse or overload.

api:
  ...
  websocketMaxRateMessages: 5 #the maximum number of messages per second per client

Fixes #(issue)

Type of change

Please delete options that are not relevant.

  • [] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [] Code refactor or improvement
  • [] Breaking change (fix or feature that would cause a new or changed behavior of existing functionality)
  • [] This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • [x] make test
  • [] fullsync
  • [] Other test (please specify)

Test Configuration:

  • Firmware version:
  • Hardware:
  • Toolchain:
  • SDK:

Checklist:

  • [] My code follows the style guidelines of this project
  • [] I have performed a self-review of my code
  • [] I have commented my code, particularly in hard-to-understand areas
  • [] I have made corresponding changes to the documentation
  • [] My changes generate no new warnings
  • [] I have added tests that prove my fix is effective or that my feature works
  • [] New and existing unit tests pass locally with my changes
  • [] Any dependent changes have been merged and published in downstream modules

millken avatar Dec 21 '23 12:12 millken

Codecov Report

Attention: Patch coverage is 66.66667% with 3 lines in your changes are missing coverage. Please review.

Project coverage is 76.19%. Comparing base (d716bb9) to head (f7cecb5). Report is 26 commits behind head on master.

:exclamation: Current head f7cecb5 differs from pull request most recent head ebe7716. Consider uploading reports for the commit ebe7716 to get more accurate results

Files Patch % Lines
api/websocket.go 57.14% 3 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4031      +/-   ##
==========================================
- Coverage   76.51%   76.19%   -0.32%     
==========================================
  Files         340      332       -8     
  Lines       29273    28330     -943     
==========================================
- Hits        22397    21587     -810     
+ Misses       5761     5643     -118     
+ Partials     1115     1100      -15

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Dec 21 '23 12:12 codecov[bot]

Can rate limit be implemented in gateway?

No, because the websocket is a long connection, the gateway cannot ratelimit requests inside the connection.

millken avatar Dec 22 '23 00:12 millken

Quality Gate Failed Quality Gate failed

Failed conditions

6.6% Duplication on New Code (required ≤ 3%)

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Jan 05 '24 06:01 sonarqubecloud[bot]

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Apr 15 '24 05:04 sonarqubecloud[bot]