Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update RateLimiter.cfc, fix for CONTENTBOX-1512 #608

Merged
merged 3 commits into from
Jun 26, 2024
Merged

Update RateLimiter.cfc, fix for CONTENTBOX-1512 #608

merged 3 commits into from
Jun 26, 2024

Conversation

GunnarLieb
Copy link
Contributor

Description

RateLimiter stores request data in variables scope. Entries are never purged, if site gets many request, can lead to memory/performance issues

This fix is not tested (mentioned to Luis), since we are on older version

Jira Issues

CONTENTBOX-1512

Type of change

Please delete options that are not relevant.

  • Bug Fix
  • Improvement
  • New Feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Checklist

  • My code follows the style guidelines of this project cfformat
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

lmajano
lmajano reviewed Jun 26, 2024
View reviewed changes
modules/contentbox/models/security/RateLimiter.cfc
// the limiter data
variables.limitData = {};
}
property name = "cachebox" inject = "Cachebox";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use the cfformater please, so it uses the formatting rules.

lmajano
lmajano requested changes Jun 26, 2024
View reviewed changes
modules/contentbox/models/security/RateLimiter.cfc Outdated

lock name="cb-ratelimiter-#hash( realIP )#" type="readonly" throwontimeout="true" timeout="5" {
var targetData = variables.limitData[ realIP ];
var targetData = cache.get( cacheKey );
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

best to use the getOrSet() for these type of situations.https://s3.amazonaws.com/apidocs.ortussolutions.com/cachebox/7.4.0/cachebox/system/cache/AbstractCacheBoxProvider.html#getOrSet()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like this? But how to handle, if cache key doesn't exist return default value (no further execution!

		var targetData = cache.getOrSet( cacheKey, function(){
				return { attempts = 0, lastAttempt = now() }
		} );

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What this does is pretty much what you did manually. If the cacheKey exists, it returns the value of the cache. If it doesn't, it will seed it with the return value of the supplier function.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, got it, but in case value is created I don't want to execute further code. Original code did this:
if( isNull( targetData ) ){ cache.set( cacheKey, { attempts = 1, lastAttempt = now() }); return this; }

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh ok. Well, you would say

if( targetData.attempts == 1 ){
  return this;

The usage of getOrSet() is preferred as it does internal locking

Copy link
Contributor Author

@GunnarLieb GunnarLieb Jun 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I get the locking mechanism, to make it working I have to write something like this.
`var targetData = cache.getOrSet( cacheKey, function(){
return { attempts = 0, lastAttempt = now() }
} );

	// on first visit no further processing
	if( targetData.attempts == 0 ){
		targetData.attempts++;
		cache.set( cacheKey, targetData );
		return this;
	}`

@lmajano
Copy link
Contributor

lmajano commented Jun 26, 2024

Small changes and it's ready to roll!

@lmajano lmajano merged commit a8314cc into Ortus-Solutions:development Jun 26, 2024
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lmajano lmajano lmajano requested changes

Assignees

@GunnarLieb GunnarLieb

Labels
Needs Changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@GunnarLieb @lmajano