IP based rate limiting with ash_graphql
I'm trying to implement ash_rate_limiter with ash_graphql. For all the resources I have that require an actor to access them, this is great, I can setup a key based on the user's ID or something just like in the ash_rate_limiter docs, and we're golden.
But, for endpoints such as a create user endpoint, I want to be able to rate limit by IP, since there's no actor in play yet.
I assume I need to find some way to wire up a plug that grabs the user's IP out of the conn and sets it somewhere in some context that gets passed through to the rate limiter config, but I'm a little unsure the best way to set this up with ash_graphql.
But, for endpoints such as a create user endpoint, I want to be able to rate limit by IP, since there's no actor in play yet.
I assume I need to find some way to wire up a plug that grabs the user's IP out of the conn and sets it somewhere in some context that gets passed through to the rate limiter config, but I'm a little unsure the best way to set this up with ash_graphql.
Solution
We're actually adding a plug as part of https://github.com/team-alembic/ash_authentication/pull/1074 that stores the connection information in the shared context for later. Until that lands you can make a plug that does the same thing and add it to your graphql pipeline. From there it's a simple matter of modifying your
key function to take this into account.GitHub
This PR brings a wonderful new add-on to AshAuthentication - audit logging!
I know that doesn't sound very exciting, but I think it unlocks heaps of new and interesting use cases and featur...
I know that doesn't sound very exciting, but I think it unlocks heaps of new and interesting use cases and featur...
