Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dataset Observability #311

Merged
merged 35 commits into from
Jan 15, 2025
Merged

Dataset Observability #311

merged 35 commits into from
Jan 15, 2025

Conversation

yashashkumar
Copy link

@yashashkumar yashashkumar commented Jan 14, 2025
edited
Loading

  1. added default query time period to 7 days
  2. user can mention time using field query_time_period in days
  3. moved query services to service folder
  4. renamed files
  5. removed datasetId from param and added it as dataset_id

Sample response

{
    "id": "api.table.metrics",
    "ver": "v2",
    "ts": "2025-01-14T16:25:07+05:30",
    "params": {
        "status": "SUCCESS",
        "msgid": "4a7f14c3-d61e-4d4f-be78-181834eeff6d",
        "resmsgid": "8fd45785-5623-4f23-a089-4b2b5a1f3ef1"
    },
    "responseCode": "OK",
    "result": [
        {
            "category": "data_freshness",
            "status": "Healthy",
            "components": [
                {
                    "type": "average_time_difference_in_min",
                    "threshold": 5,
                    "value": 0,
                    "status": "Healthy"
                },
                {
                    "type": "freshness_query_time_in_min",
                    "threshold": 10,
                    "value": 0,
                    "status": "Healthy"
                }
            ]
        },
        {
            "category": "data_observability",
            "status": "Unhealthy",
            "components": [
                {
                    "type": "data_observability_health",
                    "status": "Unhealthy"
                },
                {
                    "type": "failure_percentage",
                    "value": 35.39823008849557
                },
                {
                    "type": "threshold_percentage",
                    "value": 5
                },
                {
                    "type": "importance_score",
                    "value": 0
                }
            ]
        },
        {
            "category": "data_volume",
            "components": [
                {
                    "type": "events_per_hour",
                    "value": 95
                },
                {
                    "type": "events_per_day",
                    "value": 765
                },
                {
                    "type": "events_per_n_day",
                    "value": 765
                },
                {
                    "type": "volume_percentage_by_hour",
                    "value": 0
                },
                {
                    "type": "volume_percentage_by_day",
                    "value": 14.17910447761194
                },
                {
                    "type": "volume_percentage_by_week",
                    "value": 0
                },
                {
                    "type": "growth_rate_percentage",
                    "value": 0
                }
            ]
        },
        {
            "category": "data_lineage",
            "components": [
                {
                    "type": "transformation_success",
                    "value": 765
                },
                {
                    "type": "dedup_success",
                    "value": 384
                },
                {
                    "type": "denormalization_success",
                    "value": 572
                },
                {
                    "type": "total_success",
                    "value": 1339
                },
                {
                    "type": "total_failed",
                    "value": 1034
                },
                {
                    "type": "transformation_failed",
                    "value": 1
                },
                {
                    "type": "dedup_failed",
                    "value": 574
                },
                {
                    "type": "denorm_failed",
                    "value": 193
                }
            ]
        },
        {
            "category": "connectors",
            "components": {
                "category": "connectors",
                "components": [
                    {
                        "id": "failed",
                        "type": "failed",
                        "value": 1608
                    },
                    {
                        "id": "api",
                        "type": "success",
                        "value": 765
                    }
                ]
            }
        },
        {
            "category": "data_quality",
            "components": [
                {
                    "type": "incidents_failed",
                    "value": 1034
                },
                {
                    "type": "incidents_success",
                    "value": 1339
                },
                {
                    "type": "total_incidents",
                    "value": 2373
                }
            ]
        }
    ]
}

@yashashkumar
#OBS-I352 : updated swagger doc
8d5fb8a
@yashashkumar
#OBS-I352 : updated swagger doc
4bdd81d
@yashashkumar
Merge remote-tracking branch 'origin/main' into hudi-fixes
cb293b4
@yashashkumar
#OBS-I352 : added connector register api
afff73b
@yashashkumar
#OBS-I352 : label capitalization
a20b32a
@yashashkumar
Merge remote-tracking branch 'origin/main' into hudi-fixes
7e8273d
@yashashkumar
feat: #OBS-I321: Added logic to data_freshness,data_observability,dat…
55f48df 
…a_volume and route and helper functions
@yashashkumar
feat: #OBS-I321: Added dayjs package
6986230
@yashashkumar
feat: #OBS-I321: Updated queries and request validation schema
0098317
@yashashkumar
feat: #OBS-I321: Added sections in controller
a6ef18b
@yashashkumar
feat: #OBS-I321: Added logics to fetch data
ac6d870
@yashashkumar
feat: #OBS-I321: Added route
5f23795
@yashashkumar
feat: #OBS-I321: Added config
59dbce7
@yashashkumar
feat: #OBS-I321: Added config
be0b49c
@yashashkumar
feat: #OBS-I321: Removed comments
b68fb44
@yashashkumar
feat: #OBS-I321 : added volume by days default value
c046cd8
@yashashkumar
feat: #OBS-I321 : added default to importance score
b40bf36
@yashashkumar
feat: #OBS-I321 : Renamed file names
9dd8bb3
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 15, 2025
View reviewed changes
api-service/src/routes/Router.ts

export const router = express.Router();

router.post("/data/in/:datasetId", setDataToRequestObject("api.data.in"), onRequest({ entity: Entity.Data_in }), telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(), dataIn);
router.post("/data/query/:datasetId", setDataToRequestObject("api.data.out"), onRequest({ entity: Entity.Data_out }), checkRBAC.handler(), dataOut);
router.post("/data/in/:dataset_id", setDataToRequestObject("api.data.in"), onRequest({ entity: Entity.Data_in }), telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(), dataIn);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 23 days ago

To fix the problem, we need to introduce rate limiting to the Express application. The best way to do this is by using the express-rate-limit package, which allows us to set a maximum number of requests that can be made to the server within a specified time window. We will apply this rate limiter to all routes to ensure that the application is protected from excessive requests.

  1. Install the express-rate-limit package.
  2. Import the express-rate-limit package in the Router.ts file.
  3. Set up a rate limiter with a reasonable configuration (e.g., 100 requests per 15 minutes).
  4. Apply the rate limiter to all routes using app.use(limiter).
Suggested changeset 2
api-service/src/routes/Router.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/src/routes/Router.ts b/api-service/src/routes/Router.ts
--- a/api-service/src/routes/Router.ts
+++ b/api-service/src/routes/Router.ts
@@ -35,2 +35,8 @@
 import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
+import rateLimit from "express-rate-limit";
+
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+});
 
@@ -67 +73,4 @@
 router.post("/dataset/metrics", setDataToRequestObject("api.dataset.metrics"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetMetrics);
+
+// Apply rate limiter to all routes
+router.use(limiter);
EOF
@@ -35,2 +35,8 @@
import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
import rateLimit from "express-rate-limit";

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

@@ -67 +73,4 @@
router.post("/dataset/metrics", setDataToRequestObject("api.dataset.metrics"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetMetrics);

// Apply rate limiter to all routes
router.use(limiter);
api-service/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/package.json b/api-service/package.json
--- a/api-service/package.json
+++ b/api-service/package.json
@@ -68,3 +68,4 @@
     "winston": "~2.4.3",
-    "winston-daily-rotate-file": "~3.2.1"
+    "winston-daily-rotate-file": "~3.2.1",
+    "express-rate-limit": "^7.5.0"
   },
EOF
@@ -68,3 +68,4 @@
"winston": "~2.4.3",
"winston-daily-rotate-file": "~3.2.1"
"winston-daily-rotate-file": "~3.2.1",
"express-rate-limit": "^7.5.0"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.5.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
api-service/src/routes/Router.ts
router.post("/data/in/:datasetId", setDataToRequestObject("api.data.in"), onRequest({ entity: Entity.Data_in }), telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(), dataIn);
router.post("/data/query/:datasetId", setDataToRequestObject("api.data.out"), onRequest({ entity: Entity.Data_out }), checkRBAC.handler(), dataOut);
router.post("/data/in/:dataset_id", setDataToRequestObject("api.data.in"), onRequest({ entity: Entity.Data_in }), telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(), dataIn);
router.post("/data/query/:dataset_id", setDataToRequestObject("api.data.out"), onRequest({ entity: Entity.Data_out }), checkRBAC.handler(), dataOut);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 23 days ago

To fix the problem, we need to introduce rate limiting to the route handler on line 40. The best way to do this is by using the express-rate-limit package, which allows us to easily set up rate limiting for our Express application. We will create a rate limiter with a specified window and maximum number of requests, and then apply this rate limiter to the relevant route.

  1. Install the express-rate-limit package if it is not already installed.
  2. Import the express-rate-limit package in the Router.ts file.
  3. Create a rate limiter with the desired configuration.
  4. Apply the rate limiter to the route handler on line 40.
Suggested changeset 2
api-service/src/routes/Router.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/src/routes/Router.ts b/api-service/src/routes/Router.ts
--- a/api-service/src/routes/Router.ts
+++ b/api-service/src/routes/Router.ts
@@ -35,2 +35,8 @@
 import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
+import rateLimit from "express-rate-limit";
+
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+});
 
@@ -39,3 +45,3 @@
 router.post("/data/in/:dataset_id", setDataToRequestObject("api.data.in"), onRequest({ entity: Entity.Data_in }), telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(), dataIn);
-router.post("/data/query/:dataset_id", setDataToRequestObject("api.data.out"), onRequest({ entity: Entity.Data_out }), checkRBAC.handler(), dataOut);
+router.post("/data/query/:dataset_id", limiter, setDataToRequestObject("api.data.out"), onRequest({ entity: Entity.Data_out }), checkRBAC.handler(), dataOut);
 router.post("/datasets/create", setDataToRequestObject("api.datasets.create"), onRequest({ entity: Entity.Management }),telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(),DatasetCreate)
EOF
@@ -35,2 +35,8 @@
import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
import rateLimit from "express-rate-limit";

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

@@ -39,3 +45,3 @@
router.post("/data/in/:dataset_id", setDataToRequestObject("api.data.in"), onRequest({ entity: Entity.Data_in }), telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(), dataIn);
router.post("/data/query/:dataset_id", setDataToRequestObject("api.data.out"), onRequest({ entity: Entity.Data_out }), checkRBAC.handler(), dataOut);
router.post("/data/query/:dataset_id", limiter, setDataToRequestObject("api.data.out"), onRequest({ entity: Entity.Data_out }), checkRBAC.handler(), dataOut);
router.post("/datasets/create", setDataToRequestObject("api.datasets.create"), onRequest({ entity: Entity.Management }),telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(),DatasetCreate)
api-service/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/package.json b/api-service/package.json
--- a/api-service/package.json
+++ b/api-service/package.json
@@ -68,3 +68,4 @@
     "winston": "~2.4.3",
-    "winston-daily-rotate-file": "~3.2.1"
+    "winston-daily-rotate-file": "~3.2.1",
+    "express-rate-limit": "^7.5.0"
   },
EOF
@@ -68,3 +68,4 @@
"winston": "~2.4.3",
"winston-daily-rotate-file": "~3.2.1"
"winston-daily-rotate-file": "~3.2.1",
"express-rate-limit": "^7.5.0"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.5.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
api-service/src/routes/Router.ts
router.post("/datasets/create", setDataToRequestObject("api.datasets.create"), onRequest({ entity: Entity.Management }),telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(),DatasetCreate)
router.patch("/datasets/update", setDataToRequestObject("api.datasets.update"), onRequest({ entity: Entity.Management }),telemetryAuditStart({action: telemetryActions.updateDataset, operationType: OperationType.UPDATE}), checkRBAC.handler(), DatasetUpdate)
router.get("/datasets/read/:dataset_id", setDataToRequestObject("api.datasets.read"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.readDataset, operationType: OperationType.GET}), checkRBAC.handler(), DatasetRead)
router.post("/datasets/list", setDataToRequestObject("api.datasets.list"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.listDatasets, operationType: OperationType.LIST}), checkRBAC.handler(), DatasetList)
router.get("/data/exhaust/:datasetId", setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
router.get("/data/exhaust/:dataset_id", setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 23 days ago

To fix the problem, we need to introduce a rate-limiting middleware to the Express application. The express-rate-limit package is a well-known library for this purpose. We will set up a rate limiter and apply it to the specific route handler that performs authorization.

  1. Install the express-rate-limit package.
  2. Import the express-rate-limit package in the file.
  3. Set up a rate limiter with appropriate configuration.
  4. Apply the rate limiter to the route handler that performs authorization.
Suggested changeset 2
api-service/src/routes/Router.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/src/routes/Router.ts b/api-service/src/routes/Router.ts
--- a/api-service/src/routes/Router.ts
+++ b/api-service/src/routes/Router.ts
@@ -35,2 +35,8 @@
 import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
+import rateLimit from "express-rate-limit";
+
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+});
 
@@ -44,3 +50,3 @@
 router.post("/datasets/list", setDataToRequestObject("api.datasets.list"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.listDatasets, operationType: OperationType.LIST}), checkRBAC.handler(), DatasetList)
-router.get("/data/exhaust/:dataset_id", setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
+router.get("/data/exhaust/:dataset_id", limiter, setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
 router.post("/template/create", setDataToRequestObject("api.query.template.create"), checkRBAC.handler(), createQueryTemplate);
EOF
@@ -35,2 +35,8 @@
import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
import rateLimit from "express-rate-limit";

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

@@ -44,3 +50,3 @@
router.post("/datasets/list", setDataToRequestObject("api.datasets.list"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.listDatasets, operationType: OperationType.LIST}), checkRBAC.handler(), DatasetList)
router.get("/data/exhaust/:dataset_id", setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
router.get("/data/exhaust/:dataset_id", limiter, setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
router.post("/template/create", setDataToRequestObject("api.query.template.create"), checkRBAC.handler(), createQueryTemplate);
api-service/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/package.json b/api-service/package.json
--- a/api-service/package.json
+++ b/api-service/package.json
@@ -68,3 +68,4 @@
     "winston": "~2.4.3",
-    "winston-daily-rotate-file": "~3.2.1"
+    "winston-daily-rotate-file": "~3.2.1",
+    "express-rate-limit": "^7.5.0"
   },
EOF
@@ -68,3 +68,4 @@
"winston": "~2.4.3",
"winston-daily-rotate-file": "~3.2.1"
"winston-daily-rotate-file": "~3.2.1",
"express-rate-limit": "^7.5.0"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.5.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
api-service/src/routes/Router.ts
router.post("/datasets/create", setDataToRequestObject("api.datasets.create"), onRequest({ entity: Entity.Management }),telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(),DatasetCreate)
router.patch("/datasets/update", setDataToRequestObject("api.datasets.update"), onRequest({ entity: Entity.Management }),telemetryAuditStart({action: telemetryActions.updateDataset, operationType: OperationType.UPDATE}), checkRBAC.handler(), DatasetUpdate)
router.get("/datasets/read/:dataset_id", setDataToRequestObject("api.datasets.read"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.readDataset, operationType: OperationType.GET}), checkRBAC.handler(), DatasetRead)
router.post("/datasets/list", setDataToRequestObject("api.datasets.list"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.listDatasets, operationType: OperationType.LIST}), checkRBAC.handler(), DatasetList)
router.get("/data/exhaust/:datasetId", setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
router.get("/data/exhaust/:dataset_id", setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 23 days ago

To fix the problem, we need to introduce rate limiting to the dataExhaust route handler. The best way to achieve this is by using the express-rate-limit middleware. This middleware allows us to set a maximum number of requests that can be made to the route within a specified time window. We will apply this middleware to the dataExhaust route to ensure it is protected against excessive requests.

  1. Install the express-rate-limit package if it is not already installed.
  2. Import the express-rate-limit package in the Router.ts file.
  3. Create a rate limiter with appropriate settings (e.g., maximum 100 requests per 15 minutes).
  4. Apply the rate limiter to the dataExhaust route.
Suggested changeset 2
api-service/src/routes/Router.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/src/routes/Router.ts b/api-service/src/routes/Router.ts
--- a/api-service/src/routes/Router.ts
+++ b/api-service/src/routes/Router.ts
@@ -35,2 +35,8 @@
 import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
+import rateLimit from "express-rate-limit";
+
+const dataExhaustLimiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+});
 
@@ -44,3 +50,3 @@
 router.post("/datasets/list", setDataToRequestObject("api.datasets.list"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.listDatasets, operationType: OperationType.LIST}), checkRBAC.handler(), DatasetList)
-router.get("/data/exhaust/:dataset_id", setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
+router.get("/data/exhaust/:dataset_id", dataExhaustLimiter, setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
 router.post("/template/create", setDataToRequestObject("api.query.template.create"), checkRBAC.handler(), createQueryTemplate);
EOF
@@ -35,2 +35,8 @@
import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
import rateLimit from "express-rate-limit";

const dataExhaustLimiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

@@ -44,3 +50,3 @@
router.post("/datasets/list", setDataToRequestObject("api.datasets.list"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.listDatasets, operationType: OperationType.LIST}), checkRBAC.handler(), DatasetList)
router.get("/data/exhaust/:dataset_id", setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
router.get("/data/exhaust/:dataset_id", dataExhaustLimiter, setDataToRequestObject("api.data.exhaust"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.datasetExhaust, operationType: OperationType.GET}), checkRBAC.handler(), dataExhaust);
router.post("/template/create", setDataToRequestObject("api.query.template.create"), checkRBAC.handler(), createQueryTemplate);
api-service/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/package.json b/api-service/package.json
--- a/api-service/package.json
+++ b/api-service/package.json
@@ -68,3 +68,4 @@
     "winston": "~2.4.3",
-    "winston-daily-rotate-file": "~3.2.1"
+    "winston-daily-rotate-file": "~3.2.1",
+    "express-rate-limit": "^7.5.0"
   },
EOF
@@ -68,3 +68,4 @@
"winston": "~2.4.3",
"winston-daily-rotate-file": "~3.2.1"
"winston-daily-rotate-file": "~3.2.1",
"express-rate-limit": "^7.5.0"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.5.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
api-service/src/routes/Router.ts
@@ -52,7 +53,7 @@
router.post("/files/generate-url", setDataToRequestObject("api.files.generate-url"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), GenerateSignedURL);
router.post("/datasets/status-transition", setDataToRequestObject("api.datasets.status-transition"), onRequest({ entity: Entity.Management }), telemetryAuditStart({action: telemetryActions.createTransformation, operationType: OperationType.CREATE}), checkRBAC.handler(), DatasetStatusTansition);
router.post("/datasets/health", setDataToRequestObject("api.dataset.health"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetHealth);
router.post("/datasets/reset/:datasetId", setDataToRequestObject("api.dataset.reset"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetReset);
router.post("/datasets/reset/:dataset_id", setDataToRequestObject("api.dataset.reset"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetReset);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 23 days ago

To fix the problem, we need to introduce rate limiting to the route handler on line 56. The best way to do this is by using the express-rate-limit package, which allows us to easily set up rate limiting for specific routes or the entire application.

  1. Install the express-rate-limit package.
  2. Import the express-rate-limit package in the Router.ts file.
  3. Set up a rate limiter with appropriate configuration (e.g., maximum number of requests per minute).
  4. Apply the rate limiter to the specific route handler on line 56.
Suggested changeset 2
api-service/src/routes/Router.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/src/routes/Router.ts b/api-service/src/routes/Router.ts
--- a/api-service/src/routes/Router.ts
+++ b/api-service/src/routes/Router.ts
@@ -35,2 +35,8 @@
 import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
+import rateLimit from "express-rate-limit";
+
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+});
 
@@ -55,3 +61,3 @@
 router.post("/datasets/health", setDataToRequestObject("api.dataset.health"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetHealth);
-router.post("/datasets/reset/:dataset_id", setDataToRequestObject("api.dataset.reset"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetReset);
+router.post("/datasets/reset/:dataset_id", limiter, setDataToRequestObject("api.dataset.reset"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetReset);
 router.post("/datasets/dataschema", setDataToRequestObject("api.datasets.dataschema"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), DataSchemaGenerator);
EOF
@@ -35,2 +35,8 @@
import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
import rateLimit from "express-rate-limit";

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

@@ -55,3 +61,3 @@
router.post("/datasets/health", setDataToRequestObject("api.dataset.health"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetHealth);
router.post("/datasets/reset/:dataset_id", setDataToRequestObject("api.dataset.reset"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetReset);
router.post("/datasets/reset/:dataset_id", limiter, setDataToRequestObject("api.dataset.reset"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetReset);
router.post("/datasets/dataschema", setDataToRequestObject("api.datasets.dataschema"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), DataSchemaGenerator);
api-service/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/package.json b/api-service/package.json
--- a/api-service/package.json
+++ b/api-service/package.json
@@ -68,3 +68,4 @@
     "winston": "~2.4.3",
-    "winston-daily-rotate-file": "~3.2.1"
+    "winston-daily-rotate-file": "~3.2.1",
+    "express-rate-limit": "^7.5.0"
   },
EOF
@@ -68,3 +68,4 @@
"winston": "~2.4.3",
"winston-daily-rotate-file": "~3.2.1"
"winston-daily-rotate-file": "~3.2.1",
"express-rate-limit": "^7.5.0"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.5.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
api-service/src/routes/Router.ts
router.post("/data/metrics", setDataToRequestObject("api.data.metrics"), onRequest({ entity: Entity.Data_out }), datasetMetrics)

router.post("/data/metrics", setDataToRequestObject("api.data.metrics"), onRequest({ entity: Entity.Data_out }), dataMetrics)
router.post("/dataset/metrics", setDataToRequestObject("api.dataset.metrics"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetMetrics);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix AI 23 days ago

To fix the problem, we need to introduce rate limiting to the Express application. The best way to do this is by using the express-rate-limit package, which allows us to set up rate limiting middleware easily. We will configure the rate limiter to allow a maximum of 100 requests per 15 minutes and apply it to the specific route handler that performs authorization.

  1. Install the express-rate-limit package.
  2. Import the express-rate-limit package in the Router.ts file.
  3. Configure the rate limiter with the desired settings.
  4. Apply the rate limiter to the specific route handler.
Suggested changeset 2
api-service/src/routes/Router.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/src/routes/Router.ts b/api-service/src/routes/Router.ts
--- a/api-service/src/routes/Router.ts
+++ b/api-service/src/routes/Router.ts
@@ -35,5 +35,5 @@
 import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
+import rateLimit from "express-rate-limit";
 
 export const router = express.Router();
-
 router.post("/data/in/:dataset_id", setDataToRequestObject("api.data.in"), onRequest({ entity: Entity.Data_in }), telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(), dataIn);
@@ -66,2 +66,7 @@
 router.post("/data/metrics", setDataToRequestObject("api.data.metrics"), onRequest({ entity: Entity.Data_out }), dataMetrics)
-router.post("/dataset/metrics", setDataToRequestObject("api.dataset.metrics"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetMetrics);
+const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // limit each IP to 100 requests per windowMs
+});
+
+router.post("/dataset/metrics", limiter, setDataToRequestObject("api.dataset.metrics"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetMetrics);
EOF
@@ -35,5 +35,5 @@
import datasetMetrics from "../controllers/DatasetMetrics/DatasetMetricsController";
import rateLimit from "express-rate-limit";

export const router = express.Router();

router.post("/data/in/:dataset_id", setDataToRequestObject("api.data.in"), onRequest({ entity: Entity.Data_in }), telemetryAuditStart({action: telemetryActions.createDataset, operationType: OperationType.CREATE}), checkRBAC.handler(), dataIn);
@@ -66,2 +66,7 @@
router.post("/data/metrics", setDataToRequestObject("api.data.metrics"), onRequest({ entity: Entity.Data_out }), dataMetrics)
router.post("/dataset/metrics", setDataToRequestObject("api.dataset.metrics"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetMetrics);
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

router.post("/dataset/metrics", limiter, setDataToRequestObject("api.dataset.metrics"), onRequest({ entity: Entity.Management }), checkRBAC.handler(), datasetMetrics);
api-service/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api-service/package.json b/api-service/package.json
--- a/api-service/package.json
+++ b/api-service/package.json
@@ -68,3 +68,4 @@
     "winston": "~2.4.3",
-    "winston-daily-rotate-file": "~3.2.1"
+    "winston-daily-rotate-file": "~3.2.1",
+    "express-rate-limit": "^7.5.0"
   },
EOF
@@ -68,3 +68,4 @@
"winston": "~2.4.3",
"winston-daily-rotate-file": "~3.2.1"
"winston-daily-rotate-file": "~3.2.1",
"express-rate-limit": "^7.5.0"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.5.0 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@HarishGangula HarishGangula force-pushed the main branch 2 times, most recently from cb0c60a to edff55d Compare January 15, 2025 07:42
HarishGangula
HarishGangula approved these changes Jan 15, 2025
View reviewed changes
api-service/src/metrics/prometheus/helpers.ts Outdated
@@ -58,7 +58,7 @@ const getMetricLabels = (req: any, res: Response) => {
const { statusCode = 200 } = res
const request_size = req.socket.bytesRead
const response_size = res.getHeader("content-length");
const dataset_id = _.get(req, ["body", "request", "dataset_id"]) || _.get(req, ["params", "dataset_id"]) || null
const dataset_id = _.get(req, ["body", "request", "datasetId"]) || _.get(req, ["params", "datasetId"]) || null
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fix the param in the urls

api-service/src/controllers/DatasetMetrics/queries.ts Outdated
@@ -0,0 +1,395 @@
import dayjs from "dayjs";

export const processingTimeQuery = (intervals: string, dataset: string) => ({
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

param should be datasetId across all the methods

api-service/src/controllers/DatasetMetrics/queries.ts Outdated
intervals: intervals,
granularity: {
type: "all",
timeZone: "Asia/Kolkata"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be read from config or dataset config, Needs discussion

api-service/src/controllers/DatasetMetrics/datasetMetricsHelper.ts Outdated
@@ -0,0 +1,238 @@
import axios from "axios";
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move this file to services folder and rename methods to get instead of handle

api-service/src/controllers/DatasetMetrics/DatasetMetricsController.ts Outdated
const { category, volume_by_days = 10 }: any = req.body.request;
const defaultThreshold = (typeof config?.data_observability?.default_freshness_threshold === 'number' ? config?.data_observability?.default_freshness_threshold : 5) * 60 * 1000; // 5 minutes in milliseconds
const dateFormat = 'YYYY-MM-DDTHH:mm:ss';
const startDate = '2000-01-01T00:00:00+05:30';
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The also needs discussion

@HarishGangula HarishGangula merged commit d55602b into main Jan 15, 2025
1 of 3 checks passed
@HarishGangula HarishGangula deleted the table-metrics branch January 15, 2025 09:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HarishGangula HarishGangula HarishGangula approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yashashkumar @HarishGangula