appview/oauth: set x-ratelimit-bypass for pds xrpc requests

Monorepo for Tangled

We're hitting 429s due to high load. This allows the appview to bypass
otherwise normal rate limits on the PDS.

Signed-off-by: Anirudh Oppiliappan <anirudh@tangled.org>

authored by

Anirudh Oppiliappan and committed by

Seongmin Lee 2 days ago 2e78be8f dff589df

+16 -7

3 changed files

expand all

unified split

appview

config

config.go

oauth

handler.go

state

state.go

appview/config/config.go

··· 17 AppviewName string `env:"APPVIEW_Name, default=Tangled"` 18 Dev bool `env:"DEV, default=false"` 19 DisallowedNicknamesFile string `env:"DISALLOWED_NICKNAMES_FILE"` 20 21 // temporarily, to add users to default knot and spindle 22 AppPassword string `env:"APP_PASSWORD"`

··· 17 AppviewName string `env:"APPVIEW_Name, default=Tangled"` 18 Dev bool `env:"DEV, default=false"` 19 DisallowedNicknamesFile string `env:"DISALLOWED_NICKNAMES_FILE"` 20 + RateLimitBypass string `env:"PDS_RATE_LIMIT_BYPASS"` 21 22 // temporarily, to add users to default knot and spindle 23 AppPassword string `env:"APP_PASSWORD"`

+14 -6

appview/oauth/handler.go

··· 130 } 131 132 l.Debug("adding to default spindle") 133 - session, err := CreateAppPasswordSession(o.IdResolver, o.Config.Core.AppPassword, consts.TangledDid) 134 if err != nil { 135 l.Error("failed to create session", "err", err) 136 return ··· 169 } 170 171 l.Debug("adding to default knot") 172 - session, err := CreateAppPasswordSession(o.IdResolver, o.Config.Core.AppPassword, consts.TangledDid) 173 if err != nil { 174 l.Error("failed to create session", "err", err) 175 return ··· 244 245 // create a AppPasswordSession using apppasswords 246 type AppPasswordSession struct { 247 - AccessJwt string `json:"accessJwt"` 248 - PdsEndpoint string 249 - Did string 250 } 251 252 - func CreateAppPasswordSession(res *idresolver.Resolver, appPassword, did string) (*AppPasswordSession, error) { 253 if appPassword == "" { 254 return nil, fmt.Errorf("no app password configured") 255 } ··· 279 return nil, fmt.Errorf("failed to create session request: %v", err) 280 } 281 sessionReq.Header.Set("Content-Type", "application/json") 282 283 client := &http.Client{Timeout: 30 * time.Second} 284 sessionResp, err := client.Do(sessionReq) ··· 298 299 session.PdsEndpoint = pdsEndpoint 300 session.Did = did 301 302 return &session, nil 303 } ··· 328 329 req.Header.Set("Content-Type", "application/json") 330 req.Header.Set("Authorization", "Bearer "+s.AccessJwt) 331 332 client := &http.Client{Timeout: 30 * time.Second} 333 resp, err := client.Do(req)

··· 130 } 131 132 l.Debug("adding to default spindle") 133 + session, err := CreateAppPasswordSession(o.IdResolver, o.Config.Core.AppPassword, consts.TangledDid, o.Config.Core.RateLimitBypass) 134 if err != nil { 135 l.Error("failed to create session", "err", err) 136 return ··· 169 } 170 171 l.Debug("adding to default knot") 172 + session, err := CreateAppPasswordSession(o.IdResolver, o.Config.Core.AppPassword, consts.TangledDid, o.Config.Core.RateLimitBypass) 173 if err != nil { 174 l.Error("failed to create session", "err", err) 175 return ··· 244 245 // create a AppPasswordSession using apppasswords 246 type AppPasswordSession struct { 247 + AccessJwt string `json:"accessJwt"` 248 + PdsEndpoint string 249 + Did string 250 + RateLimitBypass string 251 } 252 253 + func CreateAppPasswordSession(res *idresolver.Resolver, appPassword, did, rateLimitBypass string) (*AppPasswordSession, error) { 254 if appPassword == "" { 255 return nil, fmt.Errorf("no app password configured") 256 } ··· 280 return nil, fmt.Errorf("failed to create session request: %v", err) 281 } 282 sessionReq.Header.Set("Content-Type", "application/json") 283 + if rateLimitBypass != "" { 284 + sessionReq.Header.Set("x-ratelimit-bypass", rateLimitBypass) 285 + } 286 287 client := &http.Client{Timeout: 30 * time.Second} 288 sessionResp, err := client.Do(sessionReq) ··· 302 303 session.PdsEndpoint = pdsEndpoint 304 session.Did = did 305 + session.RateLimitBypass = rateLimitBypass 306 307 return &session, nil 308 } ··· 333 334 req.Header.Set("Content-Type", "application/json") 335 req.Header.Set("Authorization", "Bearer "+s.AccessJwt) 336 + if s.RateLimitBypass != "" { 337 + req.Header.Set("x-ratelimit-bypass", s.RateLimitBypass) 338 + } 339 340 client := &http.Client{Timeout: 30 * time.Second} 341 resp, err := client.Do(req)

+1 -1

appview/state/state.go

··· 622 return 623 } 624 625 - session, err := oauth.CreateAppPasswordSession(res, config.Core.AppPassword, consts.TangledDid) 626 if err != nil { 627 logger.Error("failed to create appassword session... skipping fetch", "err", err) 628 return

··· 622 return 623 } 624 625 + session, err := oauth.CreateAppPasswordSession(res, config.Core.AppPassword, consts.TangledDid, config.Core.RateLimitBypass) 626 if err != nil { 627 logger.Error("failed to create appassword session... skipping fetch", "err", err) 628 return