From e588d9829cac7d3ca00fb102560a0092e20487d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20So=C3=B3s?= Date: Thu, 18 Jan 2024 11:28:18 +0100 Subject: [PATCH] Rate limit rules for production config. (#7369) --- app/config/dartlang-pub.yaml | 84 +++++++++++++++++++++++-- app/test/shared/configuration_test.dart | 22 ++++++- 2 files changed, 99 insertions(+), 7 deletions(-) diff --git a/app/config/dartlang-pub.yaml b/app/config/dartlang-pub.yaml index ef7b9882cd..87432b6243 100644 --- a/app/config/dartlang-pub.yaml +++ b/app/config/dartlang-pub.yaml @@ -70,11 +70,83 @@ tools: rateLimits: - operation: package-published scope: package - burst: 10 - hourly: 120 - daily: 240 + burst: 3 + hourly: 6 + daily: 12 - operation: package-published scope: user - burst: 100 - hourly: 1000 - daily: 1250 + burst: 10 + hourly: 100 + daily: 200 + - operation: publisher-created + scope: user + daily: 8 + - operation: package-transferred + scope: package + burst: 2 + hourly: 5 + daily: 10 + - operation: package-transferred + scope: user + burst: 10 + hourly: 100 + daily: 200 + + # Updating options + - operation: package-options-updated + scope: package + burst: 5 + hourly: 10 + daily: 100 + - operation: package-options-updated + scope: user + burst: 20 + hourly: 100 + daily: 200 + - operation: package-publication-automation-updated + scope: package + burst: 5 + hourly: 10 + daily: 100 + - operation: package-publication-automation-updated + scope: user + burst: 20 + hourly: 100 + daily: 200 + - operation: package-version-options-updated + scope: package + burst: 5 + hourly: 10 + daily: 100 + - operation: package-version-options-updated + scope: user + burst: 20 + hourly: 100 + daily: 200 + - operation: publisher-updated + scope: user + burst: 20 + hourly: 100 + daily: 200 + + # Invites + - operation: publisher-contact-invited + scope: user + burst: 10 + hourly: 100 + daily: 200 + - operation: publisher-member-invited + scope: user + burst: 10 + hourly: 100 + daily: 200 + - operation: uploader-invited + scope: package + burst: 5 + hourly: 10 + daily: 48 + - operation: uploader-invited + scope: user + burst: 10 + hourly: 100 + daily: 200 diff --git a/app/test/shared/configuration_test.dart b/app/test/shared/configuration_test.dart index 4e515e930c..b8be027bfa 100644 --- a/app/test/shared/configuration_test.dart +++ b/app/test/shared/configuration_test.dart @@ -36,7 +36,7 @@ void main() { throwsA(isArgumentError)); }); - test('configuration files serialized', () async { + test('configuration files content', () async { final files = Directory('config') .listSync() .whereType() @@ -45,6 +45,7 @@ void main() { expect(files, hasLength(2)); for (final f in files) { + // serialization final fileContent = f.readAsStringSync(); final replacedContent = Configuration.replaceEnvVariables(fileContent, { 'GOOGLE_CLOUD_PROJECT': 'test', @@ -57,6 +58,25 @@ void main() { Configuration.fromJson(jsonContent as Map); final serialized = json.decode(json.encode(config.toJson())); expect(serialized, jsonContent); + + // rate limit rules + final modelFileContent = + await File('lib/audit/models.dart').readAsString(); + final rateLimits = config.rateLimits ?? []; + for (final limit in rateLimits) { + expect( + modelFileContent.contains("'${limit.operation}'"), + isTrue, + reason: limit.operation, + ); + } + // no duplicate rules + expect(rateLimits.map((e) => '${e.operation}/${e.scope}').toSet().length, + rateLimits.length); + // some rules for prod config + if (config.isProduction) { + expect(rateLimits, hasLength(greaterThan(10))); + } } }); }