Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable3.5] fix(appointments): Rate limit config creation and booking #5683

Merged
merged 1 commit into from
Jan 10, 2024
Merged

[stable3.5] fix(appointments): Rate limit config creation and booking #5683

merged 1 commit into from
Jan 10, 2024

Conversation

ChristophWurst
Copy link
Member

Manual backport of #5680.

NcNotecard doesn't exist for nc/vue 5 so I simplified the HTML.

@ChristophWurst ChristophWurst added the 3. to review Waiting for reviews label Jan 10, 2024
@ChristophWurst ChristophWurst self-assigned this Jan 10, 2024
@ChristophWurst
fix(appointments): Rate limit config creation and booking
f60459f 
Abusing the appointment config endpoint can lead to additional server
load. Sending bulks of booking requests can lead to mass notifications
and emails and server load, too.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
@ChristophWurst ChristophWurst force-pushed the fix/appointments/rate-limit-config-creation-stable3.5 branch from dd0f551 to f60459f Compare January 10, 2024 15:15
@codecov Codecov
Copy link

codecov bot commented Jan 10, 2024

Codecov Report

Attention: 8 lines in your changes are missing coverage. Please review.

Comparison is base (6ec2e4b) 20.29% compared to head (f60459f) 20.32%.
Report is 5 commits behind head on stable3.5.

Files Patch % Lines
src/views/Appointments/Booking.vue 0.00% 5 Missing ⚠️
src/components/AppointmentConfigModal.vue 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@              Coverage Diff              @@
##           stable3.5    #5683      +/-   ##
=============================================
+ Coverage      20.29%   20.32%   +0.02%     
=============================================
  Files            186      186              
  Lines           6342     6353      +11     
  Branches        1032     1037       +5     
=============================================
+ Hits            1287     1291       +4     
- Misses          5055     5062       +7
Flag Coverage Δ
javascript 20.32% <33.33%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@st3iny st3iny changed the title fix(appointments): Rate limit config creation and booking [stable3.5] fix(appointments): Rate limit config creation and booking Jan 10, 2024
st3iny
st3iny approved these changes Jan 10, 2024
View reviewed changes
Copy link
Member

@st3iny st3iny left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested creating a new config and booked it and it still works. I also tested the rate limit for the booking endpoint via curl and it blocked me with 429 after some tries.

@ChristophWurst ChristophWurst merged commit e7613e1 into stable3.5 Jan 10, 2024
24 checks passed
@ChristophWurst ChristophWurst deleted the fix/appointments/rate-limit-config-creation-stable3.5 branch January 10, 2024 15:40
@st3iny st3iny added this to the v3.5.8 milestone Jan 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@st3iny st3iny st3iny approved these changes

@hamza221 hamza221 hamza221 approved these changes

@JohannesGGE JohannesGGE Awaiting requested review from JohannesGGE

Assignees

@ChristophWurst ChristophWurst

Labels
3. to review Waiting for reviews
Projects
None yet
Milestone
v3.5.8
Development

Successfully merging this pull request may close these issues.
3 participants
@ChristophWurst @st3iny @hamza221