appview/oauth: set x-ratelimit-bypass for pds xrpc requests

Monorepo for Tangled

We're hitting 429s due to high load. This allows the appview to bypass
otherwise normal rate limits on the PDS.

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

authored by

Anirudh Oppiliappan and committed by

Seongmin Lee 2 days ago 2e78be8f dff589df

+16 -7

3 changed files

expand all

unified split

appview

config

config.go

oauth

handler.go

state

state.go

appview/config/config.go

··· 17 17 AppviewName string `env:"APPVIEW_Name, default=Tangled"` 18 18 Dev bool `env:"DEV, default=false"` 19 19 DisallowedNicknamesFile string `env:"DISALLOWED_NICKNAMES_FILE"` 20 + RateLimitBypass string `env:"PDS_RATE_LIMIT_BYPASS"` 20 21 21 22 // temporarily, to add users to default knot and spindle 22 23 AppPassword string `env:"APP_PASSWORD"`

+14 -6

appview/oauth/handler.go

··· 130 130 } 131 131 132 132 l.Debug("adding to default spindle") 133 - session, err := CreateAppPasswordSession(o.IdResolver, o.Config.Core.AppPassword, consts.TangledDid) 133 + session, err := CreateAppPasswordSession(o.IdResolver, o.Config.Core.AppPassword, consts.TangledDid, o.Config.Core.RateLimitBypass) 134 134 if err != nil { 135 135 l.Error("failed to create session", "err", err) 136 136 return ··· 169 169 } 170 170 171 171 l.Debug("adding to default knot") 172 - session, err := CreateAppPasswordSession(o.IdResolver, o.Config.Core.AppPassword, consts.TangledDid) 172 + session, err := CreateAppPasswordSession(o.IdResolver, o.Config.Core.AppPassword, consts.TangledDid, o.Config.Core.RateLimitBypass) 173 173 if err != nil { 174 174 l.Error("failed to create session", "err", err) 175 175 return ··· 244 244 245 245 // create a AppPasswordSession using apppasswords 246 246 type AppPasswordSession struct { 247 - AccessJwt string `json:"accessJwt"` 248 - PdsEndpoint string 249 - Did string 247 + AccessJwt string `json:"accessJwt"` 248 + PdsEndpoint string 249 + Did string 250 + RateLimitBypass string 250 251 } 251 252 252 - func CreateAppPasswordSession(res *idresolver.Resolver, appPassword, did string) (*AppPasswordSession, error) { 253 + func CreateAppPasswordSession(res *idresolver.Resolver, appPassword, did, rateLimitBypass string) (*AppPasswordSession, error) { 253 254 if appPassword == "" { 254 255 return nil, fmt.Errorf("no app password configured") 255 256 } ··· 279 280 return nil, fmt.Errorf("failed to create session request: %v", err) 280 281 } 281 282 sessionReq.Header.Set("Content-Type", "application/json") 283 + if rateLimitBypass != "" { 284 + sessionReq.Header.Set("x-ratelimit-bypass", rateLimitBypass) 285 + } 282 286 283 287 client := &http.Client{Timeout: 30 * time.Second} 284 288 sessionResp, err := client.Do(sessionReq) ··· 298 302 299 303 session.PdsEndpoint = pdsEndpoint 300 304 session.Did = did 305 + session.RateLimitBypass = rateLimitBypass 301 306 302 307 return &session, nil 303 308 } ··· 328 333 329 334 req.Header.Set("Content-Type", "application/json") 330 335 req.Header.Set("Authorization", "Bearer "+s.AccessJwt) 336 + if s.RateLimitBypass != "" { 337 + req.Header.Set("x-ratelimit-bypass", s.RateLimitBypass) 338 + } 331 339 332 340 client := &http.Client{Timeout: 30 * time.Second} 333 341 resp, err := client.Do(req)

+1 -1

appview/state/state.go

··· 622 622 return 623 623 } 624 624 625 - session, err := oauth.CreateAppPasswordSession(res, config.Core.AppPassword, consts.TangledDid) 625 + session, err := oauth.CreateAppPasswordSession(res, config.Core.AppPassword, consts.TangledDid, config.Core.RateLimitBypass) 626 626 if err != nil { 627 627 logger.Error("failed to create appassword session... skipping fetch", "err", err) 628 628 return