feat: Recoverable keys feature for the dashboard

apps/agent/integration/identities/identities_ratelimits_accuracy_test.go

@@ -32,7 +32,11 @@ func TestIdentitiesRatelimitAccuracy(t *testing.T) {
 		unkey.WithSecurity(rootKey),
 	)
 
+<<<<<<< HEAD
 	for _, nKeys := range []int{1, 3, 10, 1000} {
+=======
+	for _, nKeys := range []int{1} { //, 3, 10, 1000} {
+>>>>>>> 7ffdbc4f (fix: cf cache ratelimits (#2112))
 		t.Run(fmt.Sprintf("with %d keys", nKeys), func(t *testing.T) {
 
 			for _, tc := range []struct {
@@ -133,7 +137,11 @@ func TestIdentitiesRatelimitAccuracy(t *testing.T) {
 					// ---------------------------------------------------------------------------
 
 					exactLimit := int(inferenceLimit.Limit) * int(tc.testDuration/(time.Duration(inferenceLimit.Duration)*time.Millisecond))
+<<<<<<< HEAD
 					upperLimit := int(2.5 * float64(exactLimit))
+=======
+					upperLimit := int(1.2 * float64(exactLimit))
+>>>>>>> 7ffdbc4f (fix: cf cache ratelimits (#2112))
 					lowerLimit := exactLimit
 					if total < lowerLimit {
 						lowerLimit = total

apps/agent/integration/keys/ratelimits_test.go

@@ -109,7 +109,11 @@ func TestDefaultRatelimitAccuracy(t *testing.T) {
 			// ---------------------------------------------------------------------------
 
 			exactLimit := int(ratelimit.Limit) * int(tc.testDuration/(time.Duration(*ratelimit.Duration)*time.Millisecond))
+<<<<<<< HEAD
 			upperLimit := int(2.5 * float64(exactLimit))
+=======
+			upperLimit := int(1.2 * float64(exactLimit))
+>>>>>>> 7ffdbc4f (fix: cf cache ratelimits (#2112))
 			lowerLimit := exactLimit
 			if total < lowerLimit {
 				lowerLimit = total

apps/api/src/pkg/middleware/metrics.ts

@@ -8,8 +8,11 @@ export function metrics(): MiddlewareHandler<HonoEnv> {
   return async (c, next) => {
     const { metrics, analytics, logger } = c.get("services");
 
+<<<<<<< HEAD
     let requestBody = await c.req.raw.clone().text();
     requestBody = requestBody.replaceAll(/"key":\s*"[a-zA-Z0-9_]+"/g, '"key": "<REDACTED>"');
+=======
+>>>>>>> 7ffdbc4f (fix: cf cache ratelimits (#2112))
     const start = performance.now();
     const m = {
       isolateId: c.get("isolateId"),

apps/api/src/pkg/ratelimit/client.ts

@@ -15,13 +15,13 @@ import {
 export class AgentRatelimiter implements RateLimiter {
   private readonly logger: Logger;
   private readonly metrics: Metrics;
-  private readonly cache: Map<string, { reset: number; current: number }>;
+  private readonly cache: Map<string, { reset: number; current: number; blocked: boolean }>;
   private readonly agent: Agent;
   constructor(opts: {
     agent: { url: string; token: string };
     logger: Logger;
     metrics: Metrics;
-    cache: Map<string, { reset: number; current: number }>;
+    cache: Map<string, { reset: number; current: number; blocked: boolean }>;
   }) {
     this.logger = opts.logger;
     this.metrics = opts.metrics;
@@ -36,7 +36,11 @@ export class AgentRatelimiter implements RateLimiter {
     return [req.identifier, window, req.shard].join("::");
   }
 
+<<<<<<< HEAD
   private setCacheMax(id: string, current: number, reset: number) {
+=======
+  private setCache(id: string, current: number, reset: number, blocked: boolean) {
+>>>>>>> 7ffdbc4f (fix: cf cache ratelimits (#2112))
     const maxEntries = 10_000;
     this.metrics.emit({
       metric: "metric.cache.size",
@@ -55,11 +59,15 @@ export class AgentRatelimiter implements RateLimiter {
         }
       }
     }
+<<<<<<< HEAD
     const cached = this.cache.get(id) ?? { reset: 0, current: 0 };
     if (current > cached.current) {
       this.cache.set(id, { reset, current });
       return current;
     }
+=======
+    this.cache.set(id, { reset, current, blocked });
+>>>>>>> 7ffdbc4f (fix: cf cache ratelimits (#2112))
   }
 
   public async limit(
@@ -127,8 +135,8 @@ export class AgentRatelimiter implements RateLimiter {
      * This might not happen too often, but in extreme cases the cache should hit and we can skip
      * the request to the durable object entirely, which speeds everything up and is cheaper for us
      */
-    const cached = this.cache.get(id) ?? { current: 0, reset: 0 };
-    if (cached.current >= req.limit) {
+    const cached = this.cache.get(id) ?? { current: 0, reset: 0, blocked: false };
+    if (cached.blocked) {
       return Ok({
         pass: false,
         current: cached.current,
@@ -165,7 +173,7 @@ export class AgentRatelimiter implements RateLimiter {
     if (sync) {
       const res = await p;
       if (res.val) {
-        this.setCacheMax(id, res.val.current, res.val.reset);
+        this.setCache(id, res.val.current, res.val.reset, !res.val.pass);
       }
       return res;
     }
@@ -176,7 +184,7 @@ export class AgentRatelimiter implements RateLimiter {
           this.logger.error(res.err.message);
           return;
         }
-        this.setCacheMax(id, res.val.current, res.val.reset);
+        this.setCache(id, res.val.current, res.val.reset, !res.val.pass);
 
         this.metrics.emit({
           workspaceId: req.workspaceId,
@@ -199,7 +207,7 @@ export class AgentRatelimiter implements RateLimiter {
       });
     }
     cached.current += cost;
-    this.setCacheMax(id, cached.current, reset);
+    this.setCache(id, cached.current, reset, false);
 
     return Ok({
       pass: true,

apps/api/src/routes/legacy_keys_verifyKey.ts

@@ -48,8 +48,7 @@ A key could be invalid for a number of reasons, for example if it has expired, h
               example: true,
             }),
             name: z.string().optional().openapi({
-              description:
-                "The name of the key, give keys a name to easily identifiy their purpose",
+              description: "The name of the key, give keys a name to easily identify their purpose",
               example: "Customer X",
             }),
             ownerId: z.string().optional().openapi({

apps/api/src/routes/v1_ratelimit_limit.accuracy.test.ts

@@ -96,7 +96,11 @@ for (const { limit, duration, rps, seconds } of testCases) {
     }, 0);
 
     const exactLimit = Math.min(results.length, (limit / (duration / 1000)) * seconds);
+<<<<<<< HEAD
     const upperLimit = Math.round(exactLimit * 2.5);
+=======
+    const upperLimit = Math.round(exactLimit * 1.5);
+>>>>>>> 7ffdbc4f (fix: cf cache ratelimits (#2112))
     const lowerLimit = Math.round(exactLimit * 0.95);
     console.info({ name, passed, exactLimit, upperLimit, lowerLimit });
     t.expect(passed).toBeGreaterThanOrEqual(lowerLimit);

apps/dashboard/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @unkey/web
 
+## 0.1.36
+
+### Patch Changes
+
+- @unkey/ratelimit@0.4.5
+
 ## 0.1.35
 
 ### Patch Changes

apps/dashboard/app/(app)/apis/[apiId]/keys/[keyAuthId]/keys.tsx

@@ -98,7 +98,7 @@ export const Keys: React.FC<Props> = async ({ keyAuthId, apiId }) => {
                 <Link
                   href={`/apis/${apiId}/keys/${k.keyAuthId}/${k.id}`}
                   key={k.id}
-                  className="grid items-center grid-cols-12 px-4 py-2 duration-250 hover:bg-background-subtle "
+                  className="grid items-center sm:grid-cols-12 px-4 py-2 duration-250 hover:bg-background-subtle gap-2"
                 >
                   <div className="flex flex-col items-start col-span-6 ">
                     <span className="text-sm text-content">{k.name}</span>