From 1d80281ef712efec47de013e968486385815c9f6 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Mon, 11 Jan 2021 23:52:05 +0200 Subject: [PATCH 1/7] Disable ratelimits --- app/controllers/shared/api.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index d64c46a2cd..4dc69b7850 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -1,5 +1,7 @@ check() && App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') { + $isPreviliggedUser = Auth::isPreviliggedUser(Authorization::$roles); + $isAppUser = Auth::isAppUser(Authorization::$roles); + + if (($abuse->check() // Route is rate-limited + && App::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled') // Abuse is not diabled + && (!$isAppUser && !$isPreviliggedUser)) // User is not an admin or API key + { throw new Exception('Too many requests', 429); } }, ['utopia', 'request', 'response', 'project', 'user', 'register'], 'api'); \ No newline at end of file From 5b0343276eb9b071db1be9a14b65571bff4a6709 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Tue, 12 Jan 2021 00:20:29 +0200 Subject: [PATCH 2/7] Removed server abuse limits --- app/controllers/api/users.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 9b124e0a90..76e20aad98 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -418,7 +418,6 @@ App::delete('/v1/users/:userId/sessions/:sessionId') ->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_NONE) - ->label('abuse-limit', 100) ->param('userId', '', new UID(), 'User unique ID.') ->param('sessionId', null, new UID(), 'User unique session ID.') ->inject('response') @@ -465,7 +464,6 @@ App::delete('/v1/users/:userId/sessions') ->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_NONE) - ->label('abuse-limit', 100) ->param('userId', '', new UID(), 'User unique ID.') ->inject('response') ->inject('projectDB') @@ -509,7 +507,6 @@ App::delete('/v1/users/:userId') ->label('sdk.response.code', Response::STATUS_CODE_NOCONTENT) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_NONE) - ->label('abuse-limit', 100) ->param('userId', '', function () {return new UID();}, 'User unique ID.') ->inject('response') ->inject('projectDB') From ac8410d22b9b9b9d40b03484a45f39fa3779a09d Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Tue, 12 Jan 2021 00:21:56 +0200 Subject: [PATCH 3/7] Added functions execution abuse limit --- app/controllers/api/functions.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index 1a21dfb02c..35a807f949 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -629,6 +629,8 @@ App::post('/v1/functions/:functionId/executions') ->label('sdk.response.code', Response::STATUS_CODE_CREATED) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_EXECUTION) + ->label('abuse-limit', 60) + ->label('abuse-time', 60) ->param('functionId', '', new UID(), 'Function unique ID.') // ->param('async', 1, new Range(0, 1), 'Execute code asynchronously. Pass 1 for true, 0 for false. Default value is 1.', true) ->inject('response') From 86d43a32ef97655bd75141d87ec6b53c09acd3d8 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Tue, 12 Jan 2021 00:22:20 +0200 Subject: [PATCH 4/7] Added sleep time to execution test --- tests/e2e/Services/Functions/FunctionsCustomServerTest.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php index 21539ace52..52d7e86445 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php @@ -530,6 +530,8 @@ class FunctionsCustomServerTest extends Scope ], ]; + sleep(20); + foreach ($envs as $key => $env) { $language = $env['language'] ?? ''; $version = $env['version'] ?? ''; From 798c902e0727b2bae0c23835c5acc85d4468b83d Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Tue, 12 Jan 2021 00:45:01 +0200 Subject: [PATCH 5/7] Changed sleep time --- tests/e2e/Services/Functions/FunctionsCustomServerTest.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php index 52d7e86445..342568c2e5 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php @@ -530,8 +530,6 @@ class FunctionsCustomServerTest extends Scope ], ]; - sleep(20); - foreach ($envs as $key => $env) { $language = $env['language'] ?? ''; $version = $env['version'] ?? ''; @@ -593,7 +591,7 @@ class FunctionsCustomServerTest extends Scope $executionId = $execution['body']['$id'] ?? ''; $this->assertEquals(201, $execution['headers']['status-code']); - sleep(20); + sleep(30); $executions = $this->client->call(Client::METHOD_GET, '/functions/'.$functionId.'/executions', array_merge([ 'content-type' => 'application/json', From 3c3a2258289b22b09e0a9bfb5ec66ea02e2e6a4a Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Tue, 12 Jan 2021 01:03:00 +0200 Subject: [PATCH 6/7] Debug failure --- tests/e2e/Services/Functions/FunctionsCustomServerTest.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php index 342568c2e5..0af53ae0d9 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php @@ -601,6 +601,11 @@ class FunctionsCustomServerTest extends Scope if($executions['body']['executions'][0]['status'] !== 'completed') { var_dump($env); var_dump($executions['body']['executions'][0]); + $stdout = ''; + $stderr = ''; + Console::execute('docker logs appwrite-worker-functions', '', $stdout, $stderr); + var_dump($stdout); + var_dump($stderr); } $this->assertEquals($executions['headers']['status-code'], 200); From 71e64e65bbe7d99bc88f1030e4e40fa5547a9bd3 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Tue, 12 Jan 2021 01:46:12 +0200 Subject: [PATCH 7/7] Added long sleep --- tests/e2e/Services/Functions/FunctionsCustomServerTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php index 0af53ae0d9..377d728e11 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php @@ -455,6 +455,7 @@ class FunctionsCustomServerTest extends Scope public function testENVS():array { + sleep(120); /** * Test for SUCCESS */