[COMMENTING-26] Add control over the number of comment a user can create per second Created: 03/Jun/20  Updated: 20/May/21  Resolved: 20/May/21

Status: Closed
Project: Commenting
Component/s: None
Affects Version/s: 1.0
Fix Version/s: 1.1.1

Type: Improvement Priority: Neutral
Reporter: Adrien Manzoni Assignee: Riste Drangovski
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[X]  Architecture Decision Record (ADR)
Date of First Response:
Epic Link: Core

 Description   

API rate 

Add a module configuration item apiRate which control the number of comments that can be create by all users per second.

 

User API rate

Add another module configuration item userApiRate which control the number of comments that can be create by a specific user per second.
In the case of an authenticated user, we will use the user id to identify the user.
In the case of an anonymous user, we will use the request IP address (if available), otherwise the JSESSIONID cookie.

 

Error

When one of the limit (API rate or User API rate) is reached, the server returns a 429 HTTP error code. The error message should state whether the API rate was exceeded or if the user API rate was exceeded.

 

As it's complex to apply limitation on anonymous access (IP spoofing, ...), the API rate will act a safe guard to make sure that the underlying API service does not get overloaded.

 

 



 Comments   
Comment by Riste Drangovski [ 12/Apr/21 ]

@tmiyar
https://git.magnolia-cms.com/projects/INCUBATOR/repos/magnolia-throttling-filter/browse

Comment by Teresa Miyar [ 16/Apr/21 ]

rdrangovski we need to add the dependency to the commenting module and make sure the setup tasks put it in the right place.

Generated at Mon Feb 12 00:01:26 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.