liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: graphql rate limiting directive

Browse Source
This commit is contained in:
Nick
2019-02-15 16:36:13 -05:00
parent 2b54f6591b
commit 040f840807
5 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+1
View File
@@ -10,6 +10,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Added Page Delete functionality - Added Page Delete functionality
- Dev locale .yml files in `server/locales` are now loaded - Dev locale .yml files in `server/locales` are now loaded
- Added SQLite dependencies in Docker image - Added SQLite dependencies in Docker image
- Added rate limiting to login mutations
### Fixed ### Fixed
- Fixed root admin refresh token fail - Fixed root admin refresh token fail
package.json
+1
View File
@@ -68,6 +68,7 @@
"getos": "3.1.1", "getos": "3.1.1",
"graphql": "14.1.1", "graphql": "14.1.1",
"graphql-list-fields": "2.0.2", "graphql-list-fields": "2.0.2",
"graphql-rate-limit-directive": "0.1.0",
"graphql-subscriptions": "1.0.0", "graphql-subscriptions": "1.0.0",
"graphql-tools": "4.0.4", "graphql-tools": "4.0.4",
"highlight.js": "9.14.2", "highlight.js": "9.14.2",
server/graph/index.js
+8 -2
View File
@@ -6,6 +6,7 @@ const autoload = require('auto-load')
const PubSub = require('graphql-subscriptions').PubSub const PubSub = require('graphql-subscriptions').PubSub
const { LEVEL, MESSAGE } = require('triple-beam') const { LEVEL, MESSAGE } = require('triple-beam')
const Transport = require('winston-transport') const Transport = require('winston-transport')
const { createRateLimitTypeDef, createRateLimitDirective } = require('graphql-rate-limit-directive')
/* global WIKI */ /* global WIKI */
@@ -17,7 +18,7 @@ WIKI.GQLEmitter = new PubSub()
// Schemas // Schemas
let typeDefs = [] let typeDefs = [createRateLimitTypeDef()]
let schemas = fs.readdirSync(path.join(WIKI.SERVERPATH, 'graph/schemas')) let schemas = fs.readdirSync(path.join(WIKI.SERVERPATH, 'graph/schemas'))
schemas.forEach(schema => { schemas.forEach(schema => {
typeDefs.push(fs.readFileSync(path.join(WIKI.SERVERPATH, `graph/schemas/${schema}`), 'utf8')) typeDefs.push(fs.readFileSync(path.join(WIKI.SERVERPATH, `graph/schemas/${schema}`), 'utf8'))
@@ -33,7 +34,12 @@ resolversObj.forEach(resolver => {
// Directives // Directives
let schemaDirectives = autoload(path.join(WIKI.SERVERPATH, 'graph/directives')) let schemaDirectives = {
...autoload(path.join(WIKI.SERVERPATH, 'graph/directives')),
rateLimit: createRateLimitDirective({
keyGenerator: (directiveArgs, source, args, context, info) => `${context.req.ip}:${info.parentType}.${info.fieldName}`
})
}
// Live Trail Logger (admin) // Live Trail Logger (admin)
server/graph/schemas/authentication.graphql
+2 -2
View File
@@ -29,12 +29,12 @@ type AuthenticationMutation {
username: String! username: String!
password: String! password: String!
strategy: String! strategy: String!
): AuthenticationLoginResponse ): AuthenticationLoginResponse @rateLimit(limit: 5, duration: 60)
loginTFA( loginTFA(
loginToken: String! loginToken: String!
securityCode: String! securityCode: String!
): DefaultResponse ): DefaultResponse @rateLimit(limit: 5, duration: 60)
register( register(
email: String! email: String!
yarn.lock
BIN
View File
Binary file not shown.