feat: configurable email and sms rate limiting #1800
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds two new configuration values for rate limiting the sending of emails and sms messages: - GOTRUE_RATE_LIMIT_EMAIL_SENT - GOTRUE_RATE_LIMIT_SMS_SENT It is implemented with a simple rate limiter that resets a counter at a regular interval. The first intervals start time is set when the counter is initialized. It will be reset when the server is restarted, but preserved when the config is reloaded. Syntax examples: 1.5 # Allow 1.5 events over 1 hour (legacy format) 100 # Allow 100 events over 1 hour (1h is default) 100/1h # Allow 100 events over 1 hour (explicit duration) 100/24h # Allow 100 events over 24 hours 100/72h # Allow 100 events over 72 hours (use hours for days) 10/30m # Allow 10 events over 30 minutes 3/10s # Allow 3 events over 10 seconds Syntax in ABNF to express the format as value: value = count / rate count = 1*DIGIT ["." 1*DIGIT] rate = 1*DIGIT "/" ival ival = ival-sec / ival-min / ival-hr ival-sec = 1*DIGIT "s" ival-min = 1*DIGIT "s" ival-hr = 1*DIGIT "h" Co-authored-by: Stojan Dimitrovski <[email protected]>
hf
approved these changes
Oct 11, 2024
J0
reviewed
Oct 11, 2024
J0
reviewed
Oct 11, 2024
J0
reviewed
Oct 11, 2024
J0
approved these changes
Oct 11, 2024
Pull Request Test Coverage Report for Build 11292135273Details
💛 - Coveralls |
cstockton
pushed a commit
that referenced
this pull request
Oct 15, 2024
🤖 I have created a release *beep* *boop* --- ## [2.163.0](v2.162.2...v2.163.0) (2024-10-15) ### Features * add mail header support via `GOTRUE_SMTP_HEADERS` with `$messageType` ([#1804](#1804)) ([99d6a13](99d6a13)) * add MFA for WebAuthn ([#1775](#1775)) ([8cc2f0e](8cc2f0e)) * configurable email and sms rate limiting ([#1800](#1800)) ([5e94047](5e94047)) * mailer logging ([#1805](#1805)) ([9354b83](9354b83)) * preserve rate limiters in memory across configuration reloads ([#1792](#1792)) ([0a3968b](0a3968b)) ### Bug Fixes * add twilio verify support on mfa ([#1714](#1714)) ([aeb5d8f](aeb5d8f)) * email header setting no longer misleading ([#1802](#1802)) ([3af03be](3af03be)) * enforce authorized address checks on send email only ([#1806](#1806)) ([c0c5b23](c0c5b23)) * fix `getExcludedColumns` slice allocation ([#1788](#1788)) ([7f006b6](7f006b6)) * Fix reqPath for bypass check for verify EP ([#1789](#1789)) ([646dc66](646dc66)) * inline mailme package for easy development ([#1803](#1803)) ([fa6f729](fa6f729)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
hf
pushed a commit
that referenced
this pull request
Oct 22, 2024
## What kind of change does this PR introduce? * #1800 introduced a bug which applied the rate limiting setting even if `AUTOCONFIRM` was enabled. Although this is unintended, it is a breaking change so we need to give users time to update their rate limit settings before applying it ## What is the current behavior? Please link any relevant issues here. ## What is the new behavior? Feel free to include screenshots if it includes visual changes. ## Additional context Add any other context or screenshots.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds two new configuration values for rate limiting the sending of emails and sms messages:
It is implemented with a simple rate limiter that resets a counter at a regular interval. The first intervals start time is set when the counter is initialized. It will be reset when the server is restarted, but preserved when the config is reloaded.
Syntax examples:
Syntax in ABNF to express the format as value:
This change was a continuation of #1746 adapted to support the recent preservation of rate limiters across server reloads.