-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
user stat table with rate limit #10
Conversation
🤖 OpenAI Thank you for letting me participate in the code review. High-level summary: This pull request adds rate limit and user stat table functionality to the backend, as well as an admin tab to the frontend. It also includes changes to improve authentication and authorization, such as checking for admin access and adding a role parameter to token generation. Additionally, it removes commented-out code and replaces
Tips:
|
🤖 OpenAI Reviewing existing code in: web/src/views/chat/components/Session/SessionConfig.vue The existing code in this file looks correct. No issues found. |
check if super user for /admin routes |
|
check if the user prefix with /admin, then only superuser can access it. |
test: role user, visit /admin, get error 'not auth', role admin, can access the admin, set limit. make server request then out of limit. |
@@ -3,6 +3,7 @@ package main | |||
import ( | |||
"context" | |||
"errors" | |||
"fmt" | |||
"net/http" | |||
"strconv" | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤖 OpenAI
No changes are made in this patch. Therefore, I don't have any comments on this patch.
// It does however have a bad impact in SEO. If that's a concern for you, use the HTML5 history mode. | ||
|
||
// this is crazy, router in frontend is a nightmare | ||
|
||
export const router = createRouter({ | ||
history: createWebHashHistory(), | ||
routes, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤖 OpenAI
This patch adds some comments to the file. The comments explain that the createWebHashHistory()
function is used for the router, and that it uses a hash character before the actual URL. The comments also mention that this has a bad impact on SEO, and suggest using HTML5 history mode if that's a concern.
The comment "this is crazy, router in frontend is a nightmare" seems like a personal opinion and should be removed.
Overall, the comments are helpful and provide useful information about the router implementation. However, the comment about the router being a nightmare may not be appropriate for a code review.
return | ||
} | ||
} | ||
if messageCount > int64(maxRate) { | ||
http.Error(w, "Too Many Requests", http.StatusTooManyRequests) | ||
return | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤖 OpenAI
This patch adds a call to GetRateLimit
to retrieve the rate limit for the user and checks if the request exceeds the rate limit.
However, there are a few issues with the code:
-
The error message returned by
http.Error
should not include the word "error". It should simply state what went wrong, e.g. "Could not get message count." or "Could not get rate limit." -
The error handling for
GetRateLimit
is incorrect. IfGetRateLimit
returns an error that is notsql.ErrNoRows
, the middleware should return a 500 Internal Server Error response. However, the current implementation only checks if the error issql.ErrNoRows
. If it is any other error, the middleware will continue processing the request and may cause unexpected behavior. -
The comparison between
messageCount
andmaxRate
should be done using>=
instead of>
. This is because ifmessageCount
is equal tomaxRate
, the request should still be rejected.
Please let me know if you have any questions or need further clarification on these issues.
I suggest the following changes:
@@ -22,12 +25,18 @@ func RateLimitByUserID(q *sqlc_queries.Queries) func(http.Handler) http.Handler
}
messageCount, err := q.GetChatMessagesCount(r.Context(), int32(userIDInt))
if err != nil {
- http.Error(w, "Error: Could not get message count.", http.StatusInternalServerError)
+ http.Error(w, "Could not get message count.", http.StatusInternalServerError)
return
}
+ maxRate, err := q.GetRateLimit(r.Context(), int32(userIDInt))
+ if err != nil {
+ if errors.Is(err, sql.ErrNoRows) {
+ maxRate = 100
+ } else {
+ http.Error(w, "Could not get rate limit.", http.StatusInternalServerError)
+ return
+ }
+ }
// Check if the request exceeds the rate limit.
- if messageCount > 100 {
+ if messageCount >= int64(maxRate) {
http.Error(w, "Too Many Requests", http.StatusTooManyRequests)
return
}
This code sets maxRate
to 100 if GetRateLimit
returns sql.ErrNoRows
, which means that the user has not set a custom rate limit. It also returns a 500 Internal Server Error response if GetRateLimit
returns any other error. Finally, it uses >=
instead of >
to compare messageCount
and maxRate
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@openai generate a patch
🤖 OpenAI Reviewing existing code in: README.md This file seems to be a README file and does not contain any code. Therefore, there is no need for code review. |
Summary by OpenAI
Release Notes:
This pull request adds rate limit and user stat table functionality to the backend, as well as an admin tab to the frontend. It also includes changes to improve authentication and authorization, such as checking for admin access and adding a role parameter to token generation. Additionally, it removes commented-out code and replaces
lodash
withlodash-es
.User Story:
As an administrator, I want to be able to view user statistics and set rate limits for users, so that I can manage user activity on the platform more effectively.