increase rate limits

Merge pull request #1891 from Infisical/snyk-fix-d845d74692da524b59866cf430937d1d
[Snyk] Security upgrade mysql2 from 3.9.7 to 3.9.8
2025-07-22 13:29:55 +00:00 · 2024-06-03 13:55:59 -04:00 · 2024-06-03 00:23:25 -04:00 · 2024-06-03 00:10:03 -04:00 · 2024-06-03 01:39:17 +08:00 · 2024-06-01 21:46:03 +05:30
8 changed files with 45 additions and 18 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -51,7 +51,7 @@
        "libsodium-wrappers": "^0.7.13",
        "lodash.isequal": "^4.5.0",
        "ms": "^2.1.3",
-        "mysql2": "^3.9.7",
+        "mysql2": "^3.9.8",
        "nanoid": "^5.0.4",
        "nodemailer": "^6.9.9",
        "ora": "^7.0.1",
@@ -10290,9 +10290,10 @@
      }
    },
    "node_modules/mysql2": {
-      "version": "3.9.7",
-      "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.9.7.tgz",
-      "integrity": "sha512-KnJT8vYRcNAZv73uf9zpXqNbvBG7DJrs+1nACsjZP1HMJ1TgXEy8wnNilXAn/5i57JizXKtrUtwDB7HxT9DDpw==",
+      "version": "3.9.8",
+      "resolved": "https://registry.npmjs.org/mysql2/-/mysql2-3.9.8.tgz",
+      "integrity": "sha512-+5JKNjPuks1FNMoy9TYpl77f+5frbTklz7eb3XDwbpsERRLEeXiW2PDEkakYF50UuKU2qwfGnyXpKYvukv8mGA==",
+      "license": "MIT",
      "dependencies": {
        "denque": "^2.1.0",
        "generate-function": "^2.3.1",
--- a/backend/package.json
+++ b/backend/package.json
@@ -112,7 +112,7 @@
    "libsodium-wrappers": "^0.7.13",
    "lodash.isequal": "^4.5.0",
    "ms": "^2.1.3",
-    "mysql2": "^3.9.7",
+    "mysql2": "^3.9.8",
    "nanoid": "^5.0.4",
    "nodemailer": "^6.9.9",
    "ora": "^7.0.1",
--- a/backend/src/server/config/rateLimiter.ts
+++ b/backend/src/server/config/rateLimiter.ts
@@ -28,7 +28,7 @@ export const readLimit: RateLimitOptions = {
 // POST, PATCH, PUT, DELETE endpoints
 export const writeLimit: RateLimitOptions = {
  timeWindow: 60 * 1000,
-  max: 50,
+  max: 200, // (too low, FA having issues so increasing it - maidul)
  keyGenerator: (req) => req.realIp
 };

--- a/backend/src/services/integration-auth/integration-sync-secret.ts
+++ b/backend/src/services/integration-auth/integration-sync-secret.ts
@@ -27,6 +27,7 @@ import { z } from "zod";
 import { SecretType, TIntegrationAuths, TIntegrations, TSecrets } from "@app/db/schemas";
 import { request } from "@app/lib/config/request";
 import { BadRequestError } from "@app/lib/errors";
+import { logger } from "@app/lib/logger";
 import { TCreateManySecretsRawFn, TUpdateManySecretsRawFn } from "@app/services/secret/secret-types";

 import { TIntegrationDALFactory } from "../integration/integration-dal";
@@ -521,18 +522,42 @@ const syncSecretsAWSParameterStore = async ({
            .promise();
        }
        // case: secret exists in AWS parameter store
-      } else if (awsParameterStoreSecretsObj[key].Value !== secrets[key].value) {
-        // case: secret value doesn't match one in AWS parameter store
+      } else {
        // -> update secret
-        await ssm
-          .putParameter({
-            Name: `${integration.path}${key}`,
-            Type: "SecureString",
-            Value: secrets[key].value,
-            Overwrite: true
-            // Tags: metadata.secretAWSTag ? [{ Key: metadata.secretAWSTag.key, Value: metadata.secretAWSTag.value }] : []
-          })
-          .promise();
+        if (awsParameterStoreSecretsObj[key].Value !== secrets[key].value) {
+          await ssm
+            .putParameter({
+              Name: `${integration.path}${key}`,
+              Type: "SecureString",
+              Value: secrets[key].value,
+              Overwrite: true
+            })
+            .promise();
+        }
+
+        if (awsParameterStoreSecretsObj[key].Name) {
+          try {
+            await ssm
+              .addTagsToResource({
+                ResourceType: "Parameter",
+                ResourceId: awsParameterStoreSecretsObj[key].Name as string,
+                Tags: metadata.secretAWSTag
+                  ? metadata.secretAWSTag.map((tag: { key: string; value: string }) => ({
+                      Key: tag.key,
+                      Value: tag.value
+                    }))
+                  : []
+              })
+              .promise();
+          } catch (err) {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            if ((err as any).code === "AccessDeniedException") {
+              logger.error(
+                `AWS Parameter Store Error [integration=${integration.id}]: double check AWS account permissions (refer to the Infisical docs)`
+              );
+            }
+          }
+        }
      }

      await new Promise((resolve) => {
--- a/docs/integrations/cloud/aws-parameter-store.mdx
+++ b/docs/integrations/cloud/aws-parameter-store.mdx
@@ -28,6 +28,7 @@ Prerequisites:
          "Action": [
            "ssm:PutParameter",
            "ssm:DeleteParameter",
+            "ssm:GetParameters",
            "ssm:GetParametersByPath",
            "ssm:DeleteParameters",
            "ssm:AddTagsToResource", // if you need to add tags to secrets
--- a/docs/self-hosting/deployment-options/kubernetes-helm.mdx
+++ b/docs/self-hosting/deployment-options/kubernetes-helm.mdx
@@ -33,7 +33,7 @@ description: "Learn how to use Helm chart to install Infisical on your Kubernete
        pullPolicy: IfNotPresent
    ```
    <Warning>
-      Do you not use the latest docker image tag in production deployments as they can introduce unexpected changes
+      Do not use the latest docker image tag in production deployments as they can introduce unexpected changes
    </Warning>
  </Step>

--- a/frontend/public/images/loading/loading.gif
+++ b/frontend/public/images/loading/loading.gif
--- a/frontend/public/images/loading/loadingblack.gif
+++ b/frontend/public/images/loading/loadingblack.gif
Author	SHA1	Message	Date
Maidul Islam	eafa50747b	increase rate limits	2024-06-03 13:55:59 -04:00
Maidul Islam	77f794e1d0	Merge pull request #1891 from Infisical/snyk-fix-d845d74692da524b59866cf430937d1d [Snyk] Security upgrade mysql2 from 3.9.7 to 3.9.8	2024-06-03 00:23:25 -04:00
Maidul Islam	3b9afb8b5b	Merge pull request #1914 from Infisical/shubham/optimise-loading-gif chore: compress loader gifs	2024-06-03 00:10:03 -04:00
Sheen Capadngan	8bf763dd5a	Merge pull request #1903 from Infisical/feat/add-tags-to-existing-aws-params feat: added support for tagging existing aws params	2024-06-03 01:39:17 +08:00
ShubhamPalriwala	e93b465004	chore: compress loader gifs	2024-06-01 21:46:03 +05:30
Maidul Islam	000d87075b	Merge pull request #1913 from srevinsaju/patch-1	2024-06-01 09:45:21 -04:00
Srevin Saju	2291bdc036	docs: fix typo	2024-06-01 16:22:59 +03:00
Sheen Capadngan	d79d7ca5e8	feat: added support for tagging existing aws params	2024-05-30 21:40:09 +08:00
snyk-bot	f11c2d6b3e	fix: backend/package.json & backend/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MYSQL2-6861580	2024-05-29 00:10:15 +00:00