Skip to content

[Job Launcher][Server] Rate limiting #3446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 5, 2025
Merged

[Job Launcher][Server] Rate limiting #3446

merged 3 commits into from
Aug 5, 2025

Conversation

@flopez7
Copy link
Contributor

@flopez7 flopez7 commented Jul 3, 2025

Issue tracking

https://github.com/humanprotocol/Dummy-Reports-/issues/17

Context behind the change

Add throttling support and apply to forgot password endpoint

How has this been tested?

Deployed locally and called the endpoint several times untill I received the 429 error

Release plan

None

Potential risks; What to monitor; Rollback plan

Check if the limits are set correctly.

  • There is a global one with a maximum of 1000 requests per minute (not to block anything) required
  • There is a specific one for forgot-password with a maximum of 3 requests per minute.

@vercel
Copy link

vercel bot commented Jul 3, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
faucet-server ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 14, 2025 0:13am
human-app ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 14, 2025 0:13am
human-dashboard-frontend ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 14, 2025 0:13am
staking-dashboard ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 14, 2025 0:13am
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
faucet-frontend ⬜️ Ignored (Inspect) Visit Preview Jul 14, 2025 0:13am

@flopez7 flopez7 self-assigned this Jul 3, 2025
@flopez7 flopez7 requested review from Dzeranov and portuu3 July 3, 2025 12:17
Dzeranov
Dzeranov reviewed Jul 4, 2025
View reviewed changes
Copy link
Contributor

@Dzeranov Dzeranov left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@flopez7 looks good.
If I understand it correctly, ThrottlerGuard uses client's IP to track the number of requests, right?

But why can't we just protect our endpoints with hcaptcha guard? As far as I remember, on frontend we request users to solve captcha to send a request but it looks like we're not validating it.

@vercel vercel bot temporarily deployed to Preview – staking-dashboard July 10, 2025 16:40 Inactive
@vercel vercel bot temporarily deployed to Preview – human-app July 10, 2025 16:40 Inactive
@vercel vercel bot temporarily deployed to Preview – human-dashboard-frontend July 10, 2025 16:40 Inactive
@flopez7 flopez7 requested a review from Dzeranov July 10, 2025 16:41
@portuu3 portuu3 merged commit 7342605 into develop Aug 5, 2025
27 checks passed
@portuu3 portuu3 mentioned this pull request Aug 5, 2025
Merged
15 tasks
@dnechay dnechay deleted the feat/job-launcher/rate-limit branch September 5, 2025 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@portuu3 portuu3 portuu3 approved these changes

@Dzeranov Dzeranov Awaiting requested review from Dzeranov

Assignees

@flopez7 flopez7

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@flopez7 @Dzeranov @portuu3