Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/2-features/pr-3202
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
`conversations/join` endpoint rate limited per IP address
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose this introduces the conversations/join endpoint in the public API. The rate limit is secondary. Can you reformulate and move this to API changes subfolder?

2 changes: 1 addition & 1 deletion charts/nginz/templates/conf/_nginx.conf.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ http {
{{- if ($location.unlimited_requests_endpoint) }}
# Note that this endpoint has no rate limit per user for authenticated requests
{{- else }}
limit_req zone=reqs_per_user burst=20 nodelay;
limit_req zone=reqs_per_user burst=20 nodelay;
{{- end }}
{{- end }}

Expand Down
5 changes: 5 additions & 0 deletions charts/nginz/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -444,6 +444,11 @@ nginx_conf:
- all
doc: true
oauth_scope: conversations_code
- path: /conversations/join
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do I understand correctly that this is an authenticated-endpoint-only?

I don't have enough context here to actually approve this PR. The rate limit bit is fine; but this adds a new public endpoint which I don't know exactly how it works what it does and how product wise it's supposed to be used.

But the existing guest links use /conversations/code (not /join). So shouldn't this modify the existing API's rate limiting and not introduce this new endpoint? Do client teams switch over to this other endpoint? Where was this implemented to start with?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do I understand correctly that this is an authenticated-endpoint-only?

I don't have enough context here to actually approve this PR. The rate limit bit is fine; but this adds a new public endpoint which I don't know exactly how it works what it does and how product wise it's supposed to be used.

But the existing guest links use /conversations/code (not /join). So shouldn't this modify the existing API's rate limiting and not introduce this new endpoint? Do client teams switch over to this other endpoint? Where was this implemented to start with?

This PR does not introduce a new endpoint. It was already there before and did match the following directive:

    - path: /conversations
      envs:
      - all

I just created a new entry, so that the configuration is only applied to the path /conversations/join.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see. Okay. That's fine. Thanks for the context.

envs:
- all
specific_user_rate_limit: reqs_per_addr
specific_user_rate_limit_burst: "10"
- path: /conversations
envs:
- all
Expand Down