Merge branch 'develop' into f_565_fix_create_trace_with_repetitive_title

config/default.json

@@ -179,6 +179,20 @@
   "enableSentryMonitoring": false,
   "sentryDsn": "",
   "segmentApiKey": "",
+  "rateLimit": {
+    "disable": false,
+    "ttlSeconds": 60,
+    "threshold": 60,
+    "getTtlSeconds":60,
+    "getThreshold":200,
+    "createProjectTtlSeconds":86400,
+    "createProjectThreshold":10,
+    "createDonationTtlSeconds":3600,
+    "createDonationThreshold":300,
+    "createAuthenticationTtlSeconds":60,
+    "createAuthenticationThreshold":10
+  },
+
   "givethIoUrl": "https://serve.giveth.io/graphql",
   "givethIoProjectsReviewerAddress": "0x90F8bf6A479f320ead074411a4B0e7944Ea8c9C1"
 }

config/test.json

@@ -84,7 +84,6 @@
     {
       "name": "ANT",
       "address": "0xe78A0F7E598Cc8b0Bb87894B0F60dD2a88d6a8Ab",
-      "foreignAddress": "0x8F086f895deBc23473dfe507dd4BF35D6184552c",
       "foreignAddress": "0x7283b97f7546ba8eff68167cab2da526e7d7f88a",
       "symbol": "ANT",
       "coingeckoId": "aragon",
@@ -187,6 +186,9 @@
   "dappMailerUrl": "https://fake.dappmailer.giveth.io",
   "dappMailerSecret": "fakeSecret",
   "enablePayoutEmail": true,
+  "rateLimit": {
+    "disable": true
+  },
   "givethIoProjectsReviewerAddress": "0xd00cc82a132f421bA6414D196BC830Db95e2e7Dd",
   "mockGivethIo": true
 }

docker-compose-develop.yml

@@ -13,6 +13,7 @@ services:
     environment:
       - logDir=/usr/src/app/logs
       - NODE_ENV=develop
+      - LOG_LEVEL=info
     volumes:
     # You should have a develop.json file in the config folder
       - type: bind

docker-compose-production.yml

@@ -13,6 +13,7 @@ services:
     environment:
       - logDir=/usr/src/app/logs
       - NODE_ENV=production
+      - LOG_LEVEL=info
     volumes:
       # You should have a production.json file in the config folder
       - type: bind

package.json

@@ -83,6 +83,7 @@
     "graphql": "^15.5.1",
     "graphql-request": "^3.5.0",
     "helmet": "^3.8.1",
+    "ioredis": "^4.27.7",
     "ipfs-api": "^24.0.0",
     "is-ipfs": "^0.4.2",
     "json2csv": "^4.5.4",
@@ -104,6 +105,7 @@
     "multer": "^1.3.0",
     "nyc": "^15.1.0",
     "passport-strategy": "^1.0.0",
+    "rate-limiter-flexible": "^2.2.4",
     "request-promise": "^4.2.2",
     "sanitize-html": "^2.4.0",
     "semaphore": "^1.1.0",

src/app.hooks.js

@@ -1,10 +1,19 @@
 // Application hooks that run for every service
 const auth = require('@feathersjs/authentication');
+const config = require('config');
 const { discard } = require('feathers-hooks-common');
 const { NotAuthenticated } = require('@feathersjs/errors');
+const { DonationStatus } = require('./models/donations.model');
 const { isRequestInternal } = require('./utils/feathersUtils');
 const { responseLoggerHook, startMonitoring } = require('./hooks/logger');
+const { rateLimit } = require('./utils/rateLimit');
 
+const {
+  getTtlSeconds,
+  getThreshold,
+  threshold: rateLimitThreshold,
+  ttlSeconds: rateLimitTtlSeconds,
+} = config.rateLimit;
 const authenticate = () => context => {
   // No need to authenticate internal calls
   if (isRequestInternal(context)) return context;
@@ -22,7 +31,8 @@ const authenticate = () => context => {
   if (
     context.params.provider === 'socketio' &&
     context.path === 'donations' &&
-    context.method === 'create'
+    context.method === 'create' &&
+    context.data.status === DonationStatus.PENDING
   ) {
     // for creating donations it's not needed to be authenticated, anonymous users can donate
     return context;
@@ -48,12 +58,41 @@ const convertVerifiedToBoolean = () => context => {
 module.exports = {
   before: {
     all: [startMonitoring()],
-    find: [convertVerifiedToBoolean()],
-    get: [],
+    find: [
+      convertVerifiedToBoolean(),
+      rateLimit({
+        threshold: getThreshold,
+        ttl: getTtlSeconds,
+      }),
+    ],
+    get: [
+      rateLimit({
+        threshold: getThreshold,
+        ttl: getTtlSeconds,
+      }),
+    ],
     create: [authenticate()],
-    update: [authenticate()],
-    patch: [authenticate()],
-    remove: [authenticate()],
+    update: [
+      authenticate(),
+      rateLimit({
+        threshold: rateLimitThreshold,
+        ttl: rateLimitTtlSeconds,
+      }),
+    ],
+    patch: [
+      authenticate(),
+      rateLimit({
+        threshold: rateLimitThreshold,
+        ttl: rateLimitTtlSeconds,
+      }),
+    ],
+    remove: [
+      authenticate(),
+      rateLimit({
+        threshold: rateLimitThreshold,
+        ttl: rateLimitTtlSeconds,
+      }),
+    ],
   },
 
   after: {

src/authentication.js

@@ -1,7 +1,9 @@
 const { JWTStrategy } = require('@feathersjs/authentication');
 const { expressOauth } = require('@feathersjs/authentication-oauth');
+const config = require('config');
 const { MyAuthenticationService } = require('./authenticationService');
 const { Web3Strategy } = require('./Web3Strategy');
+const { rateLimit } = require('./utils/rateLimit');
 
 module.exports = app => {
   const authentication = new MyAuthenticationService(app);
@@ -43,5 +45,17 @@ module.exports = app => {
   };
 
   app.use('/authentication', authentication);
+  const hooks = {
+    before: {
+      create: [
+        rateLimit({
+          threshold: config.rateLimit.createAuthenticationThreshold,
+          ttl: config.rateLimit.createAuthenticationTtlSeconds,
+        }),
+      ],
+    },
+  };
+  app.service('authentication').hooks(hooks);
+
   app.configure(expressOauth());
 };

src/hooks/logger.js

@@ -14,7 +14,9 @@ const startMonitoring = () => context => {
     !config.enableSentryMonitoring ||
     isRequestInternal(context) ||
     // internal calls that use the external context doesnt have headers
-    !context.params.headers
+    !context.params.headers ||
+    // for requests that use _populate it will fill after first call
+    context.params._populate
   )
     return context;
   const transaction = Sentry.startTransaction({

src/services/analytics/analytics.hooks.js

@@ -0,0 +1,14 @@
+const config = require('config');
+
+const { rateLimit } = require('../../utils/rateLimit');
+
+module.exports = {
+  before: {
+    create: [
+      rateLimit({
+        threshold: config.rateLimit.threshold,
+        ttl: config.rateLimit.ttlSeconds,
+      }),
+    ],
+  },
+};

src/services/analytics/analytics.service.js

@@ -1,4 +1,5 @@
 const { sendAnalytics } = require('../../utils/analyticsUtils');
+const hooks = require('./analytics.hooks');
 
 module.exports = function analytics() {
   const app = this;
@@ -8,5 +9,40 @@ module.exports = function analytics() {
       return result;
     },
   };
+
+  analyticsService.docs = {
+    operations: {
+      update: false,
+      patch: false,
+      remove: false,
+      find: false,
+      create: {
+        description:
+          'This is for sending analytics event, Brave block analytics, so the gievth-dapp send analytic event by feathers-giveth in this case',
+      },
+    },
+    definition: {
+      type: 'object',
+      properties: {
+        properties: {
+          type: 'object',
+        },
+        userId: {
+          type: 'string',
+        },
+        event: {
+          type: 'string',
+        },
+        anonymousId: {
+          type: 'string',
+        },
+        reportType: {
+          type: 'string',
+          enum: ['track', 'page'],
+        },
+      },
+    },
+  };
   app.use('/analytics', analyticsService);
+  app.service('analytics').hooks(hooks);
 };

src/services/campaigns/campaigns.hooks.js

@@ -1,6 +1,8 @@
 const commons = require('feathers-hooks-common');
 const errors = require('@feathersjs/errors');
+const config = require('config');
 
+const { rateLimit } = require('../../utils/rateLimit');
 const sanitizeAddress = require('../../hooks/sanitizeAddress');
 const setAddress = require('../../hooks/setAddress');
 const sanitizeHtml = require('../../hooks/sanitizeHtml');
@@ -127,6 +129,12 @@ module.exports = {
       checkCampaignOwner(),
       sanitizeHtml('description'),
       createModelSlug('campaigns'),
+
+      // We dont count failed requests so I put it in last before hook
+      rateLimit({
+        threshold: config.rateLimit.createProjectThreshold,
+        ttl: config.rateLimit.createProjectTtlSeconds,
+      }),
     ],
     update: [commons.disallow()],
     patch: [

src/services/communities/communities.hooks.js

@@ -1,6 +1,9 @@
 const commons = require('feathers-hooks-common');
 const errors = require('@feathersjs/errors');
 const { restrictToOwner } = require('feathers-authentication-hooks');
+const config = require('config');
+
+const { rateLimit } = require('../../utils/rateLimit');
 const sanitizeAddress = require('../../hooks/sanitizeAddress');
 const setAddress = require('../../hooks/setAddress');
 const sanitizeHtml = require('../../hooks/sanitizeHtml');
@@ -101,6 +104,12 @@ module.exports = {
       sanitizeAddress('ownerAddress', { required: true, validate: true }),
       sanitizeHtml('description'),
       createModelSlug('communities'),
+
+      // We dont count failed requests so I put it in last before hook
+      rateLimit({
+        threshold: config.rateLimit.createProjectThreshold,
+        ttl: config.rateLimit.createProjectTtlSeconds,
+      }),
     ],
     update: [commons.disallow()],
     patch: [

src/services/conversations/conversations.hooks.js

@@ -3,6 +3,9 @@ const commons = require('feathers-hooks-common');
 const { disallow } = require('feathers-hooks-common');
 const errors = require('@feathersjs/errors');
 const { getItems } = require('feathers-hooks-common');
+const config = require('config');
+
+const { rateLimit } = require('../../utils/rateLimit');
 const sanitizeAddress = require('../../hooks/sanitizeAddress');
 const sanitizeHtml = require('../../hooks/sanitizeHtml');
 const resolveFiles = require('../../hooks/resolveFiles');
@@ -183,7 +186,16 @@ module.exports = {
     all: [],
     find: [sanitizeAddress(['ownerAddress'])],
     get: [],
-    create: [restrictAndSetOwner(), checkMessageContext(), sanitizeHtml('message')],
+    create: [
+      restrictAndSetOwner(),
+      checkMessageContext(),
+      sanitizeHtml('message'),
+      // We dont count failed requests so I put it in last before hook
+      rateLimit({
+        threshold: config.rateLimit.threshold,
+        ttl: config.rateLimit.ttlSeconds,
+      }),
+    ],
     update: [disallow()],
     patch: [onlyInternal()],
     remove: [disallow()],

src/services/conversionRates/conversionRates.hooks.js

@@ -1,5 +1,7 @@
 const { disallow } = require('feathers-hooks-common');
+const config = require('config');
 
+const { rateLimit } = require('../../utils/rateLimit');
 const onlyInternal = require('../../hooks/onlyInternal');
 const {
   getConversionRates,
@@ -39,7 +41,12 @@ const findConversionRates = () => async context => {
 module.exports = {
   before: {
     all: [],
-    find: [],
+    find: [
+      rateLimit({
+        threshold: config.rateLimit.threshold,
+        ttl: config.rateLimit.ttlSeconds,
+      }),
+    ],
     get: [disallow()],
     create: [onlyInternal()],
     update: [disallow()],