IP based rate limiting with ash_graphql
I'm trying to implement ash_rate_limiter with ash_graphql. For all the resources I have that require an actor to access them, this is great, I can setup a key based on the user's ID or something just like in the ash_rate_limiter docs, and we're golden.
But, for endpoints such as a create user endpoint, I want to be able to rate limit by IP, since there's no actor in play yet.
I assume I need to find some way to wire up a plug that grabs the user's IP out of the conn and sets it somewhere in some context that gets passed through to the rate limiter config, but I'm a little unsure the best way to set this up with ash_graphql.
Solution:Jump to solution
We're actually adding a plug as part of https://github.com/team-alembic/ash_authentication/pull/1074 that stores the connection information in the shared context for later. Until that lands you can make a plug that does the same thing and add it to your graphql pipeline. From there it's a simple matter of modifying your
key function to take this into account.GitHub
feat: Audit Logging add-on. by jimsynz ยท Pull Request #1074 ยท tea...
This PR brings a wonderful new add-on to AshAuthentication - audit logging!
I know that doesn't sound very exciting, but I think it unlocks heaps of new and interesting use cases and featur...
4 Replies
Solution
We're actually adding a plug as part of https://github.com/team-alembic/ash_authentication/pull/1074 that stores the connection information in the shared context for later. Until that lands you can make a plug that does the same thing and add it to your graphql pipeline. From there it's a simple matter of modifying your
key function to take this into account.GitHub
feat: Audit Logging add-on. by jimsynz ยท Pull Request #1074 ยท tea...
This PR brings a wonderful new add-on to AshAuthentication - audit logging!
I know that doesn't sound very exciting, but I think it unlocks heaps of new and interesting use cases and featur...
Oh nice, thanks! This is exactly what I was looking for, just was struggling with the semantics a bit
OK I've done basically that, but it seems like ash_graphql doesn't actually pass along the context correctly ๐ค I've inspected my conn and everything and the IP is correctly in the conn.private.ash.context.remote_ip field, but by the time it makes it to my action, that context is no longer there. I've been poking around the ash_graphql source but haven't had much luck tracking down where exactly that context gets passed through from the conn to the action
I'm gonna actually spin this out into a separate support post, feels like a different thing
Ope actually, writing up the support post I found my issue ๐
it was a me problem. I was calling my plug after AshGraphql.Plug which is where the context gets set for the absinthe request lol.
doh. yeah, that seems like an easy mistake to make ๐