-
Notifications
You must be signed in to change notification settings - Fork 263
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add: Feature flag service backend integration #2266
base: develop
Are you sure you want to change the base?
Conversation
const { SUPERUSER } = require("../constants/roles"); | ||
import { validateUpdateFeatureFlag, validateCreateFeatureFlag } from '../middlewares/validators/featureFlag'; | ||
|
||
router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
authorization
This route handler performs
authorization
This route handler performs
authorization
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we should introduce rate limiting to the routes in the routes/featureFlag.ts
file. The best way to do this is by using the express-rate-limit
package, which allows us to easily set up rate limiting for our Express routes.
- Install the
express-rate-limit
package. - Import the
express-rate-limit
package in theroutes/featureFlag.ts
file. - Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).
- Apply the rate limiter to the routes that need protection.
-
Copy modified line R8 -
Copy modified lines R10-R17
@@ -7,6 +7,12 @@ | ||
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag'; | ||
import rateLimit from 'express-rate-limit'; | ||
|
||
router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags); | ||
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById); | ||
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag); | ||
const limiter = rateLimit({ | ||
windowMs: 15 * 60 * 1000, // 15 minutes | ||
max: 100, // max 100 requests per windowMs | ||
}); | ||
|
||
router.get("/getAllFeatureFlags", authenticate, limiter, getAllFeatureFlags); | ||
router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById); | ||
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, limiter, createFeatureFlag); | ||
|
-
Copy modified lines R44-R45
@@ -43,3 +43,4 @@ | ||
"rate-limiter-flexible": "5.0.3", | ||
"winston": "3.13.0" | ||
"winston": "3.13.0", | ||
"express-rate-limit": "^7.4.1" | ||
}, |
Package | Version | Security advisories |
express-rate-limit (npm) | 7.4.1 | None |
import { validateUpdateFeatureFlag, validateCreateFeatureFlag } from '../middlewares/validators/featureFlag'; | ||
|
||
router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags); | ||
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
authorization
This route handler performs
authorization
This route handler performs
authorization
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we need to introduce rate limiting to the route handler in question. The best way to do this is by using the express-rate-limit
package, which provides a simple and effective way to limit the number of requests a client can make to the server within a specified time window.
- Install the
express-rate-limit
package. - Import the
express-rate-limit
package in theroutes/featureFlag.ts
file. - Set up a rate limiter with appropriate configuration (e.g., maximum of 100 requests per 15 minutes).
- Apply the rate limiter to the route handler on line 10.
-
Copy modified lines R8-R13 -
Copy modified line R16
@@ -7,5 +7,11 @@ | ||
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag'; | ||
import rateLimit from 'express-rate-limit'; | ||
|
||
const limiter = rateLimit({ | ||
windowMs: 15 * 60 * 1000, // 15 minutes | ||
max: 100, // limit each IP to 100 requests per windowMs | ||
}); | ||
|
||
router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags); | ||
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById); | ||
router.get("/getFeatureFlag/:flagId", authenticate, limiter, getFeatureFlagById); | ||
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag); |
-
Copy modified lines R44-R45
@@ -43,3 +43,4 @@ | ||
"rate-limiter-flexible": "5.0.3", | ||
"winston": "3.13.0" | ||
"winston": "3.13.0", | ||
"express-rate-limit": "^7.4.1" | ||
}, |
Package | Version | Security advisories |
express-rate-limit (npm) | 7.4.1 | None |
|
||
router.get("/getAllFeatureFlags", authenticate, getAllFeatureFlags); | ||
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById); | ||
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
authorization
This route handler performs
authorization
This route handler performs
authorization
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the problem, we need to introduce rate limiting to the route handler to prevent potential denial-of-service attacks. The best way to do this is by using the express-rate-limit
package, which allows us to set up rate limiting middleware easily.
We will:
- Install the
express-rate-limit
package. - Import the package in the
routes/featureFlag.ts
file. - Set up a rate limiter with appropriate configuration.
- Apply the rate limiter to the route handler.
-
Copy modified lines R8-R13 -
Copy modified line R17
@@ -7,2 +7,8 @@ | ||
import { validateCreateFeatureFlag } from '../middlewares/validators/featureFlag'; | ||
import rateLimit from 'express-rate-limit'; | ||
|
||
const limiter = rateLimit({ | ||
windowMs: 15 * 60 * 1000, // 15 minutes | ||
max: 100, // limit each IP to 100 requests per windowMs | ||
}); | ||
|
||
@@ -10,3 +16,3 @@ | ||
router.get("/getFeatureFlag/:flagId", authenticate, getFeatureFlagById); | ||
router.post('/createFeatureFlag', authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag); | ||
router.post('/createFeatureFlag', limiter, authenticate, authorizeRoles([SUPERUSER]), validateCreateFeatureFlag, createFeatureFlag); | ||
|
-
Copy modified lines R44-R45
@@ -43,3 +43,4 @@ | ||
"rate-limiter-flexible": "5.0.3", | ||
"winston": "3.13.0" | ||
"winston": "3.13.0", | ||
"express-rate-limit": "^7.4.1" | ||
}, |
Package | Version | Security advisories |
express-rate-limit (npm) | 7.4.1 | None |
const response = await fetch(`${FEATURE_FLAG_BASE_URL}/feature-flags/${flagId}`, { | ||
method: "GET", | ||
headers: defaultHeaders, | ||
}); |
Check failure
Code scanning / CodeQL
Server-side request forgery Critical
Date: 27/11/2024
Developer Name: @MehulKChaudhari
Description
This PR will add APIs to interact with feature-flag-service
Documentation Updated?
Under Feature Flag
Database Changes
Breaking Changes
Development Tested?
Test Coverage
Additional Notes
We will need to set env variables for staging and prod.