6202719f47
## Description This PR adds rate limiting on connection creations. Connections with datasources are created in following situations: - Whenever a query is executed, we create connection to datasource - Whenever datasource structure is fetched - Whenever trigger API is called in case of generate CRUD In all above cases, if connection is successful, its context is saved in cache, but when the connection is unsuccessful, connection context is not saved in cache and connection creation is initiated every time. In such case, we need to apply rate limiting on connection creation, so that no brute force attacks can happen. The code in this PR is written with the assumption that every time connection creation fails, each plugin throws an error, whenever we get this error, we consume token from bucket, if we exhaust this bucket, we block this IP for next 5 minutes. This error is thrown in following plugins: - Postgres - Oracle - Redshift - MsSQL Other plugins like MySQL, SMTP, Elastic Search, ArangoDB, Redis, No such error is thrown, which can be caught and rate limiting applied, hence creating a different task to handle for these plugins. check #28259 Junit test cases will be covered in #27742 #### PR fixes following issue(s) Fixes #27738 , #27740 > if no issue exists, please create an issue and ask the maintainers about this first > > #### Media > A video or a GIF is preferred. when using Loom, don’t embed because it looks like it’s a GIF. instead, just link to the video > > #### Type of change - New feature (non-breaking change which adds functionality) > > > ## Testing > #### How Has This Been Tested? > Please describe the tests that you ran to verify your changes. Also list any relevant details for your test configuration. > Delete anything that is not relevant - [x] Manual - [ ] JUnit - [ ] Jest - [ ] Cypress > > #### Test Plan > Add Testsmith test cases links that relate to this PR > > #### Issues raised during DP testing > Link issues raised during DP testing for better visiblity and tracking (copy link from comments dropped on this PR) > > > ## Checklist: #### Dev activity - [x] My code follows the style guidelines of this project - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [ ] I have made corresponding changes to the documentation - [x] My changes generate no new warnings - [ ] I have added tests that prove my fix is effective or that my feature works - [ ] New and existing unit tests pass locally with my changes - [ ] PR is being merged under a feature flag #### QA activity: - [ ] [Speedbreak features](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#speedbreakers-) have been covered - [ ] Test plan covers all impacted features and [areas of interest](https://github.com/appsmithorg/TestSmith/wiki/Guidelines-for-test-plans#areas-of-interest-) - [ ] Test plan has been peer reviewed by project stakeholders and other QA members - [ ] Manually tested functionality on DP - [ ] We had an implementation alignment call with stakeholders post QA Round 2 - [ ] Cypress test cases have been added and approved by SDET/manual QA - [ ] Added `Test Plan Approved` label after Cypress tests were reviewed - [ ] Added `Test Plan Approved` label after JUnit tests were reviewed --------- Co-authored-by: “sneha122” <“sneha@appsmith.com”> |
||
|---|---|---|
| .. | ||
| .run | ||
| appsmith-git | ||
| appsmith-interfaces | ||
| appsmith-plugins | ||
| appsmith-server | ||
| envs | ||
| mongo-seed | ||
| reactive-caching | ||
| scripts | ||
| .gitignore | ||
| build.sh | ||
| buildpack-run.sh | ||
| docker-compose.yml | ||
| pom.xml | ||
| Procfile | ||
| README.md | ||
| system.properties | ||
Appsmith Server
This is the server-side repository for the Appsmith framework.
For details on setting up your development machine, please refer to this Setup Guide.