TTC
Theo's Typesafe Cult14mo ago
rustclan

TRPC ratelimiting endpoints (race conditions)

I am currently having some problems with a race condition in my TRPC nextJS api. Essentially what is happening is I have a enforceGuildPermissions method, which basically checks if the user who is making the request has permission to get the data for that guild. The data is stored in my Redis cache for 3 seconds. This works okay sometimes, but other times because there is 3-4 different trpc requests running for a single page which are guild, role and channel. It causes the last request (channel) to get rate limited by the discord API because they are all running concurrently, this means it doesn't give my caching code chance to update it before the next one runs. middleware route procedure: 
const enforceGuildPermissions = enforceUserLoggedIn.unstable_pipe(
  async ({ ctx, next, rawInput }) => {
    const guildId: unknown = (rawInput as { guildId?: unknown })?.guildId;
    if (!guildId) throw new TRPCError({ code: 'BAD_REQUEST' });

    const webUser = await cache.webUsers.get(ctx.session.user.id);
    let guilds = webUser?.guilds;
    if (!guilds) {
      guilds = await getUserGuilds(ctx.session)
    }

    if (!guilds) throw new TRPCError({ code: 'UNAUTHORIZED' });
    
    // if the user is not in the guild return unauth
    const foundGuild = guilds.find((guild) => guild.id === guildId);
    if (!foundGuild) throw new TRPCError({ code: 'UNAUTHORIZED' });

    return next({
      ctx: {
        session: { ...ctx.session, user: ctx.session.user },
      },
    });
  }
);

export const guildProcedure = t.procedure.use(enforceGuildPermissions);
const enforceGuildPermissions = enforceUserLoggedIn.unstable_pipe(
  async ({ ctx, next, rawInput }) => {
    const guildId: unknown = (rawInput as { guildId?: unknown })?.guildId;
    if (!guildId) throw new TRPCError({ code: 'BAD_REQUEST' });

    const webUser = await cache.webUsers.get(ctx.session.user.id);
    let guilds = webUser?.guilds;
    if (!guilds) {
      guilds = await getUserGuilds(ctx.session)
    }

    if (!guilds) throw new TRPCError({ code: 'UNAUTHORIZED' });
    
    // if the user is not in the guild return unauth
    const foundGuild = guilds.find((guild) => guild.id === guildId);
    if (!foundGuild) throw new TRPCError({ code: 'UNAUTHORIZED' });

    return next({
      ctx: {
        session: { ...ctx.session, user: ctx.session.user },
      },
    });
  }
);

export const guildProcedure = t.procedure.use(enforceGuildPermissions);
1 Reply
rustclan
rustclan14mo ago
function which needs to be ratelimited (using the redis cache) 
export const getUserGuilds = async (
  session: Session
): Promise<CachedUserGuild[] | null> => {
  if (!session.user.accessToken || !session.user.id) return null;

  const webUser = await cache.webUsers.get(session.user.id);
  if (webUser) return webUser.guilds;

  const response = await fetch(discord...)
  const guilds = await response.json();
  if (!response.ok || guilds.length <= 0) return null;
  
  // add guilds to cache
  await cache.webUsers.create(session.user.id, guilds);

  return guilds;
};
export const getUserGuilds = async (
  session: Session
): Promise<CachedUserGuild[] | null> => {
  if (!session.user.accessToken || !session.user.id) return null;

  const webUser = await cache.webUsers.get(session.user.id);
  if (webUser) return webUser.guilds;

  const response = await fetch(discord...)
  const guilds = await response.json();
  if (!response.ok || guilds.length <= 0) return null;
  
  // add guilds to cache
  await cache.webUsers.create(session.user.id, guilds);

  return guilds;
};
A big band aid fix would be to just add an artificial wait: 
    if (!guilds) {
      await new Promise((resolve) => setTimeout(resolve, 1000));
      webUser = await cache.webUsers.get(ctx.session.user.id);
      guilds = webUser?.guilds;
      if (!guilds) {
        throw new TRPCError({ code: 'UNAUTHORIZED' });
      }
    }
    if (!guilds) {
      await new Promise((resolve) => setTimeout(resolve, 1000));
      webUser = await cache.webUsers.get(ctx.session.user.id);
      guilds = webUser?.guilds;
      if (!guilds) {
        throw new TRPCError({ code: 'UNAUTHORIZED' });
      }
    }
But obviously this is not very elegant.. bump
Want results from more Discord servers?
Add your server
More Posts
Help to deploy my TRPC proj from a monorepo (turborepo) at VercelI'm trying to learn monorepo with TRPC, both are new for me and Im kind struggling to deploy it becawhy do i keep getting errors like errors like this on t3 turbo when trying to install packagesI keep getting errors when trying to install packages, im on apps/expo right now ```error An unexpeHow do I skip build step by files changes?I want to prevent build step triggered on Vercel evetime I update files like Readme or .vscode I trHow do I coerce this function to accept multiple types then conditionally change the output?Using traditional overloading approach doesn't seem to work as expected. Union types on parameters dUsing Custom Fonts Imported From NPM in The App RouterHello! I am attempting to use the `cal-sans` font with the app router. Before, importing it in theprisma type error on union type stored as jsonI am trying to convert my Cloud Firestore project to supabase due to some issues I have had with tra