feat(examples/firebase-auth-firestore): avoid auth rate limiting#3417
Merged
kentcdodds merged 1 commit intoremix-run:mainfrom Jun 8, 2022
Merged
feat(examples/firebase-auth-firestore): avoid auth rate limiting#3417kentcdodds merged 1 commit intoremix-run:mainfrom
kentcdodds merged 1 commit intoremix-run:mainfrom
Conversation
2 tasks
penx
commented
Jun 8, 2022
|
|
||
| const handleSubmit = useCallback( | ||
| async (event: React.FormEvent<HTMLFormElement>) => { | ||
| event.preventDefault(); |
Contributor
Author
There was a problem hiding this comment.
this line is my main issue with this approach, as if something fails after this point it will not fall back to the form post + server side auth
Member
There was a problem hiding this comment.
Honestly, I'm fine with this. The same issue would exist when using a Remix <Form /> which does event.preventDefault() as well.
penx
force-pushed
the
firebase-avoid-rate-limiting
branch
from
fc16fac to
77f8a4a
Compare
Use the Firebase Auth REST API client side to avoid rate limiting. Previously discussed at: - https://twitter.com/1fiws/status/1521426483037839362 - https://discord.com/channels/770287896669978684/777863722592501780/963845752986161162 The best official source I can find is the following, though specific rates for login per IP address are not mentioned: - https://firebase.google.com/docs/auth/limits
penx
force-pushed
the
firebase-avoid-rate-limiting
branch
from
77f8a4a to
0211adf
Compare
penx
changed the title
kentcdodds
approved these changes
Jun 8, 2022
Member
kentcdodds
left a comment
kentcdodds
left a comment
There was a problem hiding this comment.
This is much better than I was expecting.
Would still drastically simplify things if we could work out the rate-limiting issue for the server-side stuff.
Thanks so much for investing so heavily in this example.
Member
|
I'm ready to merge this once you mark it as not a draft. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Use the Firebase Auth REST API client side to avoid rate limiting.
This:
Reservations have already been made at #3362 (comment), and I have no objection to this being closed if it's not wanted, however if server side auth is rate limited to 150 requests/IP address/hour (which I understand to be the case based on reports here and here but have not tested) then the current example would not be suitable for many production applications. I am opening this as draft to discuss issues with and alternatives to this approach.
This is in draft:
The best official source I can find is the following. Though specific rates for login per IP address are not mentioned, I think it may fall under "Verification requests":
Closes: Discussion at:
f