Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add: Feature flag service backend integration #2266

Open
wants to merge 8 commits into
base: develop
Choose a base branch
from

Conversation

MehulKChaudhari
Copy link
Member

@MehulKChaudhari MehulKChaudhari commented Nov 25, 2024

Date: 27/11/2024

Developer Name: @MehulKChaudhari


Description

This PR will add APIs to interact with feature-flag-service

Documentation Updated?

  • Yes
  • No

Under Feature Flag

  • Yes
  • No

Database Changes

  • Yes
  • No

Breaking Changes

  • Yes
  • No

Development Tested?

  • Yes
  • No

Test Coverage

image

Additional Notes

We will need to set env variables for staging and prod.

baseUrl: "FEATURE_FLAG_SERVICE_BASE_URL",
apiKey: "FEATURE_FLAG_SERVICE_API_KEY",

const { SUPERUSER } = require("../constants/roles");
import { validateUpdateFeatureFlag, validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
, but is not rate-limited.
This route handler performs
authorization
, but is not rate-limited.
This route handler performs
authorization
, but is not rate-limited.

Copilot Autofix AI about 1 month ago

To fix the problem, we should introduce rate limiting to the routes in the routes/featureFlag.ts file. The best way to do this is by using the express-rate-limit package, which allows us to easily set up rate limiting for our Express routes.

  1. Install the express-rate-limit package.
  2. Import the express-rate-limit package in the routes/featureFlag.ts file.
  3. Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).
  4. Apply the rate limiter to the routes that need protection.
Suggested changeset 2
routes/featureFlag.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/routes/featureFlag.ts b/routes/featureFlag.ts
--- a/routes/featureFlag.ts
+++ b/routes/featureFlag.ts
@@ -7,6 +7,12 @@
 import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
+import rateLimit from 'express-rate-limit';
 
-router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
-router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
-router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // max 100 requests per windowMs
+});
+
+router.get("/getAllFeatureFlags", authenticate, limiter, getAllFeatureFlags);
+router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById);
+router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, limiter, createFeatureFlag);
 
EOF
@@ -7,6 +7,12 @@
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
import rateLimit from 'express-rate-limit';

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // max 100 requests per windowMs
});

router.get("/getAllFeatureFlags", authenticate, limiter, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, limiter, createFeatureFlag);

package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -43,3 +43,4 @@
     "rate-limiter-flexible": "5.0.3",
-    "winston": "3.13.0"
+    "winston": "3.13.0",
+    "express-rate-limit": "^7.4.1"
   },
EOF
@@ -43,3 +43,4 @@
"rate-limiter-flexible": "5.0.3",
"winston": "3.13.0"
"winston": "3.13.0",
"express-rate-limit": "^7.4.1"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.4.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
import { validateUpdateFeatureFlag, validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
, but is not rate-limited.
This route handler performs
authorization
, but is not rate-limited.
This route handler performs
authorization
, but is not rate-limited.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to introduce rate limiting to the route handler in question. The best way to do this is by using the express-rate-limit package, which provides a simple and effective way to limit the number of requests a client can make to the server within a specified time window.

  1. Install the express-rate-limit package.
  2. Import the express-rate-limit package in the routes/featureFlag.ts file.
  3. Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).
  4. Apply the rate limiter to the route handler on line 10.
Suggested changeset 2
routes/featureFlag.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/routes/featureFlag.ts b/routes/featureFlag.ts
--- a/routes/featureFlag.ts
+++ b/routes/featureFlag.ts
@@ -7,5 +7,11 @@
 import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
+import rateLimit from 'express-rate-limit';
+
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+});
 
 router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
-router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
+router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById);
 router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
EOF
@@ -7,5 +7,11 @@
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -43,3 +43,4 @@
     "rate-limiter-flexible": "5.0.3",
-    "winston": "3.13.0"
+    "winston": "3.13.0",
+    "express-rate-limit": "^7.4.1"
   },
EOF
@@ -43,3 +43,4 @@
"rate-limiter-flexible": "5.0.3",
"winston": "3.13.0"
"winston": "3.13.0",
"express-rate-limit": "^7.4.1"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.4.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options

router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags);
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
, but is not rate-limited.
This route handler performs
authorization
, but is not rate-limited.
This route handler performs
authorization
, but is not rate-limited.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to introduce rate limiting to the route handler to prevent potential denial-of-service attacks. The best way to do this is by using the express-rate-limit package, which allows us to set up rate limiting middleware easily.

We will:

  1. Install the express-rate-limit package.
  2. Import the package in the routes/featureFlag.ts file.
  3. Set up a rate limiter with appropriate configuration.
  4. Apply the rate limiter to the route handler.
Suggested changeset 2
routes/featureFlag.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/routes/featureFlag.ts b/routes/featureFlag.ts
--- a/routes/featureFlag.ts
+++ b/routes/featureFlag.ts
@@ -7,2 +7,8 @@
 import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
+import rateLimit from 'express-rate-limit';
+
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // limit each IP to 100 requests per windowMs
+});
 
@@ -10,3 +16,3 @@
 router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
-router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
+router.post('/createFeatureFlag', limiter, authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
 
EOF
@@ -7,2 +7,8 @@
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag';
import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
});

@@ -10,3 +16,3 @@
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById);
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);
router.post('/createFeatureFlag', limiter, authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag);

package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/package.json b/package.json
--- a/package.json
+++ b/package.json
@@ -43,3 +43,4 @@
     "rate-limiter-flexible": "5.0.3",
-    "winston": "3.13.0"
+    "winston": "3.13.0",
+    "express-rate-limit": "^7.4.1"
   },
EOF
@@ -43,3 +43,4 @@
"rate-limiter-flexible": "5.0.3",
"winston": "3.13.0"
"winston": "3.13.0",
"express-rate-limit": "^7.4.1"
},
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 7.4.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
routes/featureFlag.ts Fixed Show fixed Hide fixed
services/featureFlagService.ts Fixed Show fixed Hide fixed
services/featureFlagService.ts Fixed Show fixed Hide fixed
Comment on lines +60 to +63
const response = await fetch(`${FEATURE_FLAG_BASE_URL}/feature-flags/${flagId}`, {
method: "GET",
headers: defaultHeaders,
});

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
of this request depends on a
user-provided value
.
@MehulKChaudhari MehulKChaudhari marked this pull request as ready for review November 27, 2024 10:00
@MehulKChaudhari MehulKChaudhari changed the title Feature flag backend integration Add: Feature flag service backend integration Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant