feat: introducing rate-limiting on queries, mutations and most of the REST endpoints (HBE-111) (#46)

* feat: rate-limiting guard added and configured in app module * feat: rate-limit annotation added in controllers and resolvers (query, mutation, not subscription) * docs: added comments
2023-03-21 17:15:50 +06:00
parent f78354a377
commit fa8ca0569d
18 changed files with 115 additions and 4 deletions
--- a/packages/hoppscotch-backend/src/team/team.resolver.ts
+++ b/packages/hoppscotch-backend/src/team/team.resolver.ts
@@ -11,7 +11,6 @@ import {
  ID,
 } from '@nestjs/graphql';
 import { TeamService } from './team.service';
-import { User } from '../user/user.model';
 import { GqlAuthGuard } from '../guards/gql-auth.guard';
 import { GqlUser } from '../decorators/gql-user.decorator';
 import { UseGuards } from '@nestjs/common';
@@ -21,7 +20,10 @@ import { PubSubService } from '../pubsub/pubsub.service';
 import * as E from 'fp-ts/Either';
 import { throwErr } from 'src/utils';
 import { AuthUser } from 'src/types/AuthUser';
+import { GqlThrottlerGuard } from 'src/guards/gql-throttler.guard';
+import { SkipThrottle } from '@nestjs/throttler';

+@UseGuards(GqlThrottlerGuard)
@Resolver(() => Team)
 export class TeamResolver {
  constructor(
@@ -271,6 +273,7 @@ export class TeamResolver {
    TeamMemberRole.EDITOR,
    TeamMemberRole.VIEWER,
  )
+  @SkipThrottle()
  @UseGuards(GqlAuthGuard, GqlTeamMemberGuard)
  teamMemberAdded(
    @Args({
@@ -293,6 +296,7 @@ export class TeamResolver {
    TeamMemberRole.EDITOR,
    TeamMemberRole.VIEWER,
  )
+  @SkipThrottle()
  @UseGuards(GqlAuthGuard, GqlTeamMemberGuard)
  teamMemberUpdated(
    @Args({
@@ -315,6 +319,7 @@ export class TeamResolver {
    TeamMemberRole.EDITOR,
    TeamMemberRole.VIEWER,
  )
+  @SkipThrottle()
  @UseGuards(GqlAuthGuard, GqlTeamMemberGuard)
  teamMemberRemoved(
    @Args({