Conversation
|
There was a problem hiding this comment.
This was generated by o3 for the sake of trying this out over zoom, it might need to be improved if we decide to take this appraoch
There was a problem hiding this comment.
Looks amazing! Only thing (though can't get around it if we want to use attributes of the query in generating the key) is adding the work of having to parse the query into an AST for every request now - that might be surprisingly slow.
There was a problem hiding this comment.
True, that's a valid concern. It would be great to avoid this and generate a key that is easier to generate based on the query. I went ahead with this approach because I believe it's something already happening under the hood when we parse the query.
|
We tried this out on local Force and it doesn't play well with the prefetching since we trigger a bunch of queries to the same endpoint. The same thing applies also to Eigen where we also do prefetching (both can be disabled without much effort). Maybe the limit that I set was too little, maybe the id should be also part of the unique identifier 🤷 |
POC
Description:
After the incident today, we noticed that we have a rate limiting middleware that is not being used in MP. We enabled it shortly in staging, but it wasn't working fine although the limit was 60 requests per minute (we were doing a few hundreds of requests per minute).
The rate limiting kicks in by default based on the user ip. This PR adjusts it to be a combination of IP + queried interfaces. So the identifier will be something like
This could theoretically help us protect further our interfaces.
What comes next?
We need to try out what is a good rate limit here, we can try it out in staging first. We can set it as below:
Example of this in practice and how the identifier will look like
Screen.Recording.2025-05-23.at.17.15.16.mov