IP based rate limiting with ash_graphql
I'm trying to implement ash_rate_limiter with ash_graphql. For all the resources I have that require an actor to access them, this is great, I can setup a key based on the user's ID or something just like in the ash_rate_limiter docs, and we're golden.
But, for endpoints such as a create user endpoint, I want to be able to rate limit by IP, since there's no actor in play yet.
I assume I need to find some way to wire up a plug that grabs the user's IP out of the conn and sets it somewhere in some context that gets passed through to the rate limiter config, but I'm a little unsure the best way to set this up with ash_graphql.
But, for endpoints such as a create user endpoint, I want to be able to rate limit by IP, since there's no actor in play yet.
I assume I need to find some way to wire up a plug that grabs the user's IP out of the conn and sets it somewhere in some context that gets passed through to the rate limiter config, but I'm a little unsure the best way to set this up with ash_graphql.
Solution
We're actually adding a plug as part of https://github.com/team-alembic/ash_authentication/pull/1074 that stores the connection information in the shared context for later. Until that lands you can make a plug that does the same thing and add it to your graphql pipeline. From there it's a simple matter of modifying your
keyGitHub
This PR brings a wonderful new add-on to AshAuthentication - audit logging!
I know that doesn't sound very exciting, but I think it unlocks heaps of new and interesting use cases and featur...
I know that doesn't sound very exciting, but I think it unlocks heaps of new and interesting use cases and featur...
The Elixir backend framework for unparalleled productivity. Declarative tools that let you stop wasting time. Use with Phoenix LiveView or build APIs in minutes for your front-end of choice.
2,193Members
Resources
Similar Threads
Was this page helpful?
