feat: introducing rate-limiting on queries, mutations and most of the REST endpoints (HBE-111) (#46)

* feat: rate-limiting guard added and configured in app module * feat: rate-limit annotation added in controllers and resolvers (query, mutation, not subscription) * docs: added comments
2023-03-21 17:15:50 +06:00
parent f78354a377
commit fa8ca0569d
18 changed files with 115 additions and 4 deletions
--- a/packages/hoppscotch-backend/src/team-environments/team-environments.resolver.ts
+++ b/packages/hoppscotch-backend/src/team-environments/team-environments.resolver.ts
@@ -1,8 +1,10 @@
 import { UseGuards } from '@nestjs/common';
 import { Resolver, Mutation, Args, Subscription, ID } from '@nestjs/graphql';
+import { SkipThrottle } from '@nestjs/throttler';
 import { pipe } from 'fp-ts/function';
 import * as TE from 'fp-ts/TaskEither';
 import { GqlAuthGuard } from 'src/guards/gql-auth.guard';
+import { GqlThrottlerGuard } from 'src/guards/gql-throttler.guard';
 import { PubSubService } from 'src/pubsub/pubsub.service';
 import { RequiresTeamRole } from 'src/team/decorators/requires-team-role.decorator';
 import { GqlTeamMemberGuard } from 'src/team/guards/gql-team-member.guard';
@@ -12,6 +14,7 @@ import { GqlTeamEnvTeamGuard } from './gql-team-env-team.guard';
 import { TeamEnvironment } from './team-environments.model';
 import { TeamEnvironmentsService } from './team-environments.service';

+@UseGuards(GqlThrottlerGuard)
@Resolver(() => 'TeamEnvironment')
 export class TeamEnvironmentsResolver {
  constructor(
@@ -144,6 +147,7 @@ export class TeamEnvironmentsResolver {
    description: 'Listen for Team Environment Updates',
    resolve: (value) => value,
  })
+  @SkipThrottle()
  @UseGuards(GqlAuthGuard, GqlTeamMemberGuard)
  @RequiresTeamRole(
    TeamMemberRole.OWNER,
@@ -165,6 +169,7 @@ export class TeamEnvironmentsResolver {
    description: 'Listen for Team Environment Creation Messages',
    resolve: (value) => value,
  })
+  @SkipThrottle()
  @UseGuards(GqlAuthGuard, GqlTeamMemberGuard)
  @RequiresTeamRole(
    TeamMemberRole.OWNER,
@@ -186,6 +191,7 @@ export class TeamEnvironmentsResolver {
    description: 'Listen for Team Environment Deletion Messages',
    resolve: (value) => value,
  })
+  @SkipThrottle()
  @UseGuards(GqlAuthGuard, GqlTeamMemberGuard)
  @RequiresTeamRole(
    TeamMemberRole.OWNER,