synced/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2025-04-17 19:37:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

misc: addressed review comments

Browse Source
This commit is contained in:
Sheen Capadngan
2024-06-13 15:42:15 +08:00
parent e6ed1231cd
commit 9e24050f17
8 changed files with 287 additions and 273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/db/migrations/20240611151327_custom-rate-limits-for-self-hosting.ts
View File

@ -6,7 +6,7 @@ import { createOnUpdateTrigger, dropOnUpdateTrigger } from "../utils";
export async function up(knex: Knex): Promise<void> {
if (!(await knex.schema.hasTable(TableName.RateLimit))) {
await knex.schema.createTable(TableName.RateLimit, (t) => {
t.uuid("id", { primaryKey: true }).defaultTo(knex.fn.uuid());
t.uuid("id", { primaryKey: true }).defaultTo("00000000-0000-0000-0000-000000000000");
t.integer("readRateLimit").defaultTo(600).notNullable();
t.integer("writeRateLimit").defaultTo(200).notNullable();
t.integer("secretsRateLimit").defaultTo(60).notNullable();

7
backend/src/server/app.ts
View File

@ -17,6 +17,8 @@ import { Logger } from "pino";
import { TKeyStoreFactory } from "@app/keystore/keystore";
import { getConfig } from "@app/lib/config/env";
import { TQueueServiceFactory } from "@app/queue";
import { rateLimitDALFactory } from "@app/services/rate-limit/rate-limit-dal";
import { rateLimitServiceFactory } from "@app/services/rate-limit/rate-limit-service";
import { TSmtpService } from "@app/services/smtp/smtp-service";
import { globalRateLimiterCfg } from "./config/rateLimiter";
@ -69,8 +71,11 @@ export const main = async ({ db, smtp, logger, queue, keyStore }: TMain) => {
// Rate limiters and security headers
if (appCfg.isProductionMode) {
await server.register<FastifyRateLimitOptions>(ratelimiter, await globalRateLimiterCfg(db));
const rateLimitDAL = rateLimitDALFactory(db);
const rateLimits = await rateLimitServiceFactory({ rateLimitDAL }).getRateLimits();
await server.register<FastifyRateLimitOptions>(ratelimiter, globalRateLimiterCfg(rateLimits));
}
await server.register(helmet, { contentSecurityPolicy: false });
await server.register(maintenanceMode);

33
backend/src/server/config/rateLimiter.ts
View File

@ -1,10 +1,8 @@
import type { RateLimitOptions, RateLimitPluginOptions } from "@fastify/rate-limit";
import { Redis } from "ioredis";
import { Knex } from "knex";
import { TRateLimit } from "@app/db/schemas";
import { getConfig } from "@app/lib/config/env";
import { rateLimitDALFactory } from "@app/services/rate-limit/rate-limit-dal";
import { rateLimitServiceFactory } from "@app/services/rate-limit/rate-limit-service";
// GET endpoints
export const readLimit: RateLimitOptions = {
@ -63,31 +61,20 @@ export const publicEndpointLimit: RateLimitOptions = {
keyGenerator: (req) => req.realIp
};
async function fetchRateLimitsFromDb(db: Knex) {
try {
const rateLimitDAL = rateLimitDALFactory(db);
const rateLimits = await rateLimitServiceFactory({ rateLimitDAL }).getRateLimits();
readLimit.max = rateLimits.readRateLimit;
publicEndpointLimit.max = rateLimits.publicEndpointLimit;
writeLimit.max = rateLimits.writeRateLimit;
secretsLimit.max = rateLimits.secretsRateLimit;
authRateLimit.max = rateLimits.authRateLimit;
inviteUserRateLimit.max = rateLimits.inviteUserRateLimit;
mfaRateLimit.max = rateLimits.mfaRateLimit;
creationLimit.max = rateLimits.creationLimit;
} catch (error) {
console.error("Error fetching rate limits:", error);
}
}
export const globalRateLimiterCfg = async (db: Knex): Promise<RateLimitPluginOptions> => {
export const globalRateLimiterCfg = async (rateLimits: TRateLimit): Promise<RateLimitPluginOptions> => {
const appCfg = getConfig();
const redis = appCfg.isRedisConfigured
? new Redis(appCfg.REDIS_URL, { connectTimeout: 500, maxRetriesPerRequest: 1 })
: null;
await fetchRateLimitsFromDb(db);
readLimit.max = rateLimits.readRateLimit;
publicEndpointLimit.max = rateLimits.publicEndpointLimit;
writeLimit.max = rateLimits.writeRateLimit;
secretsLimit.max = rateLimits.secretsRateLimit;
authRateLimit.max = rateLimits.authRateLimit;
inviteUserRateLimit.max = rateLimits.inviteUserRateLimit;
mfaRateLimit.max = rateLimits.mfaRateLimit;
creationLimit.max = rateLimits.creationLimit;
return {
timeWindow: 60 * 1000,

13
backend/src/server/routes/v1/rate-limit-router.ts
View File

@ -39,10 +39,15 @@ export const registerRateLimitRouter = async (server: FastifyZodProvider) => {
},
schema: {
body: RateLimitSchema.omit({
id: true,
createdAt: true,
updatedAt: true
body: z.object({
readRateLimit: z.number().optional(),
writeRateLimit: z.number().optional(),
secretsRateLimit: z.number().optional(),
authRateLimit: z.number().optional(),
inviteUserRateLimit: z.number().optional(),
mfaRateLimit: z.number().optional(),
creationLimit: z.number().optional(),
publicEndpointLimit: z.number().optional()
}),
response: {
200: z.object({

25
backend/src/services/rate-limit/rate-limit-service.ts
View File

@ -10,34 +10,23 @@ type TRateLimitServiceFactoryDep = {
export type TRateLimitServiceFactory = ReturnType<typeof rateLimitServiceFactory>;
export const rateLimitServiceFactory = ({ rateLimitDAL }: TRateLimitServiceFactoryDep) => {
const initRateLimits = async (): Promise<TRateLimit> => {
const rateLimit = await rateLimitDAL.create({});
return rateLimit;
};
const getRateLimits = async (): Promise<TRateLimit> => {
let rateLimit = (await rateLimitDAL.find({}))[0];
if (!rateLimit) {
rateLimit = await initRateLimits();
}
return rateLimit;
return rateLimitDAL.findOne({ id: "00000000-0000-0000-0000-000000000000" });
};
const updateRateLimit = async (updates: TRateLimitUpdateDTO): Promise<TRateLimit> => {
const rateLimit = await rateLimitDAL.findOne({});
if (!rateLimit) throw new BadRequestError({ name: "Rate Limit Update", message: "Rate Limit does not exist yet" });
const rateLimit = await rateLimitDAL.findOne({
id: "00000000-0000-0000-0000-000000000000"
});
const updateData: Record<string, number> = {};
for (const [key, value] of Object.entries(updates)) {
updateData[key] = value;
if (!rateLimit) {
throw new BadRequestError({ name: "Rate Limit Update", message: "Rate Limit does not exist yet" });
}
const updatedRateLimit = await rateLimitDAL.updateById(rateLimit.id, updateData);
return updatedRateLimit;
return rateLimitDAL.updateById(rateLimit.id, updates);
};
return {
initRateLimits,
getRateLimits,
updateRateLimit
};

1
frontend/src/hooks/api/index.tsx
View File

@ -17,6 +17,7 @@ export * from "./keys";
export * from "./ldapConfig";
export * from "./organization";
export * from "./projectUserAdditionalPrivilege";
export * from "./rateLimit";
export * from "./roles";
export * from "./scim";
export * from "./secretApproval";

231
frontend/src/views/admin/DashboardPage/DashboardPage.tsx
View File

@ -22,7 +22,8 @@ import {
} from "@app/components/v2";
import { useOrganization, useServerConfig, useUser } from "@app/context";
import { useUpdateServerConfig } from "@app/hooks/api";
import { useGetRateLimit, useUpdateRateLimit } from "@app/hooks/api/rateLimit";
import { RateLimitPanel } from "./RateLimitPanel";
enum TabSections {
Settings = "settings",
@ -38,22 +39,13 @@ const formSchema = z.object({
signUpMode: z.nativeEnum(SignUpModes),
allowedSignUpDomain: z.string().optional().nullable(),
trustSamlEmails: z.boolean(),
trustLdapEmails: z.boolean(),
readRateLimit: z.number(),
writeRateLimit: z.number(),
secretsRateLimit: z.number(),
authRateLimit: z.number(),
inviteUserRateLimit: z.number(),
mfaRateLimit: z.number(),
creationLimit: z.number(),
publicEndpointLimit: z.number()
trustLdapEmails: z.boolean()
});
type TDashboardForm = z.infer<typeof formSchema>;
export const AdminDashboardPage = () => {
const router = useRouter();
const data = useServerConfig();
const { data: rateLimit } = useGetRateLimit();
const { config } = data;
const {
@ -68,15 +60,7 @@ export const AdminDashboardPage = () => {
signUpMode: config.allowSignUp ? SignUpModes.Anyone : SignUpModes.Disabled,
allowedSignUpDomain: config.allowedSignUpDomain,
trustSamlEmails: config.trustSamlEmails,
trustLdapEmails: config.trustLdapEmails,
readRateLimit: rateLimit?.readRateLimit ?? 600,
writeRateLimit: rateLimit?.writeRateLimit ?? 200,
secretsRateLimit: rateLimit?.secretsRateLimit ?? 60,
authRateLimit: rateLimit?.authRateLimit ?? 60,
inviteUserRateLimit: rateLimit?.inviteUserRateLimit ?? 30,
mfaRateLimit: rateLimit?.mfaRateLimit ?? 20,
creationLimit: rateLimit?.creationLimit ?? 30,
publicEndpointLimit: rateLimit?.publicEndpointLimit ?? 30
trustLdapEmails: config.trustLdapEmails
}
});
@ -85,7 +69,6 @@ export const AdminDashboardPage = () => {
const { user, isLoading: isUserLoading } = useUser();
const { orgs } = useOrganization();
const { mutateAsync: updateServerConfig } = useUpdateServerConfig();
const { mutateAsync: updateRateLimit } = useUpdateRateLimit();
const isNotAllowed = !user?.superAdmin;
@ -122,42 +105,6 @@ export const AdminDashboardPage = () => {
}
};
const onRateLimitFormSubmit = async (formData: TDashboardForm) => {
try {
const {
readRateLimit,
writeRateLimit,
secretsRateLimit,
authRateLimit,
inviteUserRateLimit,
mfaRateLimit,
creationLimit,
publicEndpointLimit
} = formData;
await updateRateLimit({
readRateLimit,
writeRateLimit,
secretsRateLimit,
authRateLimit,
inviteUserRateLimit,
mfaRateLimit,
creationLimit,
publicEndpointLimit
});
createNotification({
text: "Successfully changed rate limits. Please restart your server",
type: "success"
});
} catch (e) {
console.error(e);
createNotification({
type: "error",
text: "Failed to update rate limiting setting."
});
}
};
return (
<div className="container mx-auto max-w-7xl px-4 pb-12 text-white dark:[color-scheme:dark]">
<div className="mx-auto mb-6 w-full max-w-7xl pt-6">
@ -292,175 +239,7 @@ export const AdminDashboardPage = () => {
</form>
</TabPanel>
<TabPanel value={TabSections.RateLimit}>
<form
className="mb-6 rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4"
onSubmit={handleSubmit(onRateLimitFormSubmit)}
>
<div className="mb-8 flex flex-col justify-start">
<div className="mb-4 text-xl font-semibold text-mineshaft-100">
Set Rate Limits for your Infisical Instance
</div>
<Controller
control={control}
name="readRateLimit"
defaultValue={300}
render={({ field, fieldState: { error } }) => (
<FormControl
label="Read Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="writeRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Write Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="secretsRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Secrets allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="authRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Auth Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="inviteUserRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Invite User Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="mfaRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Multi Factor Auth Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="creationLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Creation Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="publicEndpointLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Public Endpoints Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
</div>
<Button
type="submit"
isLoading={isSubmitting}
isDisabled={isSubmitting || !isDirty}
>
Save
</Button>
</form>
<RateLimitPanel />
</TabPanel>
</Tabs>
</div>

248
frontend/src/views/admin/DashboardPage/RateLimitPanel.tsx Normal file
View File

@ -0,0 +1,248 @@
import { Controller, useForm } from "react-hook-form";
import { zodResolver } from "@hookform/resolvers/zod";
import { z } from "zod";
import { createNotification } from "@app/components/notifications";
import { Button, FormControl, Input } from "@app/components/v2";
import { useGetRateLimit, useUpdateRateLimit } from "@app/hooks/api";
const formSchema = z.object({
readRateLimit: z.number(),
writeRateLimit: z.number(),
secretsRateLimit: z.number(),
authRateLimit: z.number(),
inviteUserRateLimit: z.number(),
mfaRateLimit: z.number(),
creationLimit: z.number(),
publicEndpointLimit: z.number()
});
type TRateLimitForm = z.infer<typeof formSchema>;
export const RateLimitPanel = () => {
const { data: rateLimit } = useGetRateLimit();
const { mutateAsync: updateRateLimit } = useUpdateRateLimit();
const {
control,
handleSubmit,
formState: { isSubmitting, isDirty }
} = useForm<TRateLimitForm>({
resolver: zodResolver(formSchema),
values: {
// eslint-disable-next-line
readRateLimit: rateLimit?.readRateLimit ?? 600,
writeRateLimit: rateLimit?.writeRateLimit ?? 200,
secretsRateLimit: rateLimit?.secretsRateLimit ?? 60,
authRateLimit: rateLimit?.authRateLimit ?? 60,
inviteUserRateLimit: rateLimit?.inviteUserRateLimit ?? 30,
mfaRateLimit: rateLimit?.mfaRateLimit ?? 20,
creationLimit: rateLimit?.creationLimit ?? 30,
publicEndpointLimit: rateLimit?.publicEndpointLimit ?? 30
}
});
const onRateLimitFormSubmit = async (formData: TRateLimitForm) => {
try {
const {
readRateLimit,
writeRateLimit,
secretsRateLimit,
authRateLimit,
inviteUserRateLimit,
mfaRateLimit,
creationLimit,
publicEndpointLimit
} = formData;
await updateRateLimit({
readRateLimit,
writeRateLimit,
secretsRateLimit,
authRateLimit,
inviteUserRateLimit,
mfaRateLimit,
creationLimit,
publicEndpointLimit
});
createNotification({
text: "Successfully changed rate limits. Please restart your server",
type: "success"
});
} catch (e) {
console.error(e);
createNotification({
type: "error",
text: "Failed to update rate limiting setting."
});
}
};
return (
<form
className="mb-6 rounded-lg border border-mineshaft-600 bg-mineshaft-900 p-4"
onSubmit={handleSubmit(onRateLimitFormSubmit)}
>
<div className="mb-8 flex flex-col justify-start">
<div className="mb-4 text-xl font-semibold text-mineshaft-100">
Set Rate Limits for your Infisical Instance
</div>
<Controller
control={control}
name="readRateLimit"
defaultValue={300}
render={({ field, fieldState: { error } }) => (
<FormControl
label="Read Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="writeRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Write Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="secretsRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Secret Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="authRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Auth Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="inviteUserRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Invite User Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="mfaRateLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Multi Factor Auth Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="creationLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Creation Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
<Controller
control={control}
defaultValue={300}
name="publicEndpointLimit"
render={({ field, fieldState: { error } }) => (
<FormControl
label="Public Endpoints Requests allowed per minute"
className="w-72"
isError={Boolean(error)}
errorText={error?.message}
>
<Input
{...field}
value={field.value || ""}
onChange={(e) => field.onChange(Number(e.target.value))}
/>
</FormControl>
)}
/>
</div>
<Button type="submit" isLoading={isSubmitting} isDisabled={isSubmitting || !isDirty}>
Save
</Button>
</form>
);
};