Merge pull request #9102 from appwrite/feat-create-function-abuse-fix

Feat: createFunction abuse labels
2026-05-22 08:28:42 +00:00 · 2024-12-13 01:10:34 +04:00 · 2024-12-13 01:10:34 +04:00 · 9c2b78e612
commit 9c2b78e612
parent a148b624b0 905b4938a4
4 changed files with 40 additions and 7 deletions
--- a/.env
+++ b/.env
@ -109,3 +109,4 @@ _APP_MESSAGE_EMAIL_TEST_DSN=
 _APP_MESSAGE_PUSH_TEST_DSN=
 _APP_WEBHOOK_MAX_FAILED_ATTEMPTS=10
 _APP_PROJECT_REGIONS=default
+_APP_FUNCTIONS_CREATION_ABUSE_LIMIT=5000
--- a/app/controllers/api/functions.php
+++ b/app/controllers/api/functions.php
@ -23,6 +23,8 @@ use Appwrite\Utopia\Response;
 use Appwrite\Utopia\Response\Model\Rule;
 use Executor\Executor;
 use MaxMind\Db\Reader;
+use Utopia\Abuse\Abuse;
+use Utopia\Abuse\Adapters\Database\TimeLimit;
 use Utopia\App;
 use Utopia\CLI\Console;
 use Utopia\Config\Config;
@ -187,6 +189,35 @@ App::post('/v1/functions')
    ->action(function (string $functionId, string $name, string $runtime, array $execute, array $events, string $schedule, int $timeout, bool $enabled, bool $logging, string $entrypoint, string $commands, array $scopes, string $installationId, string $providerRepositoryId, string $providerBranch, bool $providerSilentMode, string $providerRootDirectory, string $templateRepository, string $templateOwner, string $templateRootDirectory, string $templateVersion, string $specification, Request $request, Response $response, Database $dbForProject, Document $project, Document $user, Event $queueForEvents, Build $queueForBuilds, Database $dbForPlatform, GitHub $github) use ($redeployVcs) {
        $functionId = ($functionId == 'unique()') ? ID::unique() : $functionId;

+        // Temporary abuse check
+        $abuseCheck = function () use ($project, $dbForProject, $response) {
+            $abuseKey = "projectId:{projectId},url:{url}";
+            $abuseLimit = App::getEnv('_APP_FUNCTIONS_CREATION_ABUSE_LIMIT', 50);
+            $abuseTime = 86400; // 1 day
+
+            $timeLimit = new TimeLimit($abuseKey, $abuseLimit, $abuseTime, $dbForProject);
+            $timeLimit
+                ->setParam('{projectId}', $project->getId())
+                ->setParam('{url}', '/v1/functions');
+
+            $abuse = new Abuse($timeLimit);
+            $remaining = $timeLimit->remaining();
+            $limit = $timeLimit->limit();
+            $time = (new \DateTime($timeLimit->time()))->getTimestamp() + $abuseTime;
+
+            $response
+                ->addHeader('X-RateLimit-Limit', $limit)
+                ->addHeader('X-RateLimit-Remaining', $remaining)
+                ->addHeader('X-RateLimit-Reset', $time);
+
+            $enabled = System::getEnv('_APP_OPTIONS_ABUSE', 'enabled') !== 'disabled';
+            if ($enabled && $abuse->check()) {
+                throw new Exception(Exception::GENERAL_RATE_LIMIT_EXCEEDED);
+            }
+        };
+
+        $abuseCheck();
+
        $allowList = \array_filter(\explode(',', System::getEnv('_APP_FUNCTIONS_RUNTIMES', '')));

        if (!empty($allowList) && !\in_array($runtime, $allowList)) {
--- a/composer.lock
+++ b/composer.lock
@ -3136,16 +3136,16 @@
        },
        {
            "name": "utopia-php/abuse",
-            "version": "0.43.1",
+            "version": "0.43.2",
            "source": {
                "type": "git",
                "url": "https://github.com/utopia-php/abuse.git",
-                "reference": "e404c21e8dcf6a310bc83cf1d74e716b105598fa"
+                "reference": "374536b86d8d39066960a7da161d444a099bbc56"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/utopia-php/abuse/zipball/e404c21e8dcf6a310bc83cf1d74e716b105598fa",
-                "reference": "e404c21e8dcf6a310bc83cf1d74e716b105598fa",
+                "url": "https://api.github.com/repos/utopia-php/abuse/zipball/374536b86d8d39066960a7da161d444a099bbc56",
+                "reference": "374536b86d8d39066960a7da161d444a099bbc56",
                "shasum": ""
            },
            "require": {
@ -3153,7 +3153,7 @@
                "ext-pdo": "*",
                "ext-redis": "*",
                "php": ">=8.0",
-                "utopia-php/database": "0.53.*"
+                "utopia-php/database": "0.53.200"
            },
            "require-dev": {
                "laravel/pint": "1.5.*",
@ -3181,9 +3181,9 @@
            ],
            "support": {
                "issues": "https://github.com/utopia-php/abuse/issues",
-                "source": "https://github.com/utopia-php/abuse/tree/0.43.1"
+                "source": "https://github.com/utopia-php/abuse/tree/0.43.2"
            },
-            "time": "2024-10-23T04:29:12+00:00"
+            "time": "2024-12-12T19:43:24+00:00"
        },
        {
            "name": "utopia-php/analytics",
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -195,6 +195,7 @@ services:
      - _APP_DATABASE_SHARED_TABLES
      - _APP_DATABASE_SHARED_TABLES_V1
      - _APP_DATABASE_SHARED_NAMESPACE
+      - _APP_FUNCTIONS_CREATION_ABUSE_LIMIT

  appwrite-console:
    <<: *x-logging