chore: udpate schema with rate-limiting functionality (#898)

cmd/config/example.go

@@ -106,6 +106,10 @@ func commandExample(cCtx *cli.Context) error { //nolint:funlen,maintidx
 				},
 				Autoscaler: nil,
 			},
+			RateLimit: &model.ConfigRateLimit{
+				Limit:    100,
+				Interval: "15m",
+			},
 		},
 		Functions: &model.ConfigFunctions{
 			Node: &model.ConfigFunctionsNode{
@@ -120,6 +124,10 @@ func commandExample(cCtx *cli.Context) error { //nolint:funlen,maintidx
 					},
 				},
 			},
+			RateLimit: &model.ConfigRateLimit{
+				Limit:    100,
+				Interval: "15m",
+			},
 		},
 		Auth: &model.ConfigAuth{
 			Version: ptr("0.25.0"),
@@ -314,6 +322,28 @@ func commandExample(cCtx *cli.Context) error { //nolint:funlen,maintidx
 				Enabled: ptr(true),
 				Issuer:  ptr("issuer"),
 			},
+			RateLimit: &model.ConfigAuthRateLimit{
+				Emails: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				Sms: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				BruteForce: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				Signups: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				Global: &model.ConfigRateLimit{
+					Limit:    100,
+					Interval: "15m",
+				},
+			},
 		},
 		Postgres: &model.ConfigPostgres{
 			Version: ptr("14-20230312-1"),
@@ -385,6 +415,10 @@ func commandExample(cCtx *cli.Context) error { //nolint:funlen,maintidx
 				Replicas:   ptr(uint8(1)),
 				Autoscaler: nil,
 			},
+			RateLimit: &model.ConfigRateLimit{
+				Limit:    100,
+				Interval: "15m",
+			},
 		},
 		Observability: &model.ConfigObservability{
 			Grafana: &model.ConfigGrafana{

cmd/config/validate_test.go

@@ -171,6 +171,28 @@ func expectedConfig() *model.ConfigConfig {
 				},
 			},
 			Totp: &model.ConfigAuthTotp{Enabled: ptr(false)},
+			RateLimit: &model.ConfigAuthRateLimit{
+				Emails: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "1h",
+				},
+				Sms: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "1h",
+				},
+				BruteForce: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				Signups: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				Global: &model.ConfigRateLimit{
+					Limit:    100,
+					Interval: "1m",
+				},
+			},
 		},
 		Postgres: &model.ConfigPostgres{Version: ptr("14.6-20230406-2")},
 		Provider: &model.ConfigProvider{},

dockercompose/auth.go

@@ -49,6 +49,9 @@ func auth( //nolint:funlen
 			Secure:   false,
 			Method:   "LOGIN",
 		},
+		false,
+		false,
+		"00000000-0000-0000-0000-000000000000",
 	)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get hasura env vars: %w", err)

dockercompose/auth_test.go

@@ -102,6 +102,18 @@ func expectedAuth() *Service {
 			"AUTH_PROVIDER_WORKOS_DEFAULT_CONNECTION":   "workosConnection",
 			"AUTH_PROVIDER_WORKOS_DEFAULT_ORGANIZATION": "workosOrganization",
 			"AUTH_PROVIDER_WORKOS_ENABLED":              "true",
+			"AUTH_RATE_LIMIT_BRUTE_FORCE_BURST":         "3",
+			"AUTH_RATE_LIMIT_BRUTE_FORCE_INTERVAL":      "5m",
+			"AUTH_RATE_LIMIT_EMAIL_BURST":               "3",
+			"AUTH_RATE_LIMIT_EMAIL_INTERVAL":            "5m",
+			"AUTH_RATE_LIMIT_EMAIL_IS_GLOBAL":           "true",
+			"AUTH_RATE_LIMIT_ENABLE":                    "true",
+			"AUTH_RATE_LIMIT_GLOBAL_BURST":              "33",
+			"AUTH_RATE_LIMIT_GLOBAL_INTERVAL":           "15m",
+			"AUTH_RATE_LIMIT_SIGNUPS_BURST":             "3",
+			"AUTH_RATE_LIMIT_SIGNUPS_INTERVAL":          "5m",
+			"AUTH_RATE_LIMIT_SMS_BURST":                 "3",
+			"AUTH_RATE_LIMIT_SMS_INTERVAL":              "5m",
 			"AUTH_REFRESH_TOKEN_EXPIRES_IN":             "99",
 			"AUTH_REQUIRE_ELEVATED_CLAIM":               "required",
 			"AUTH_SERVER_URL":                           "http://dev.auth.local.nhost.run:1336/v1",

dockercompose/main_test.go

@@ -37,6 +37,28 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx
 				Networking: nil,
 				Autoscaler: nil,
 			},
+			RateLimit: &model.ConfigAuthRateLimit{
+				Emails: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				Sms: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				BruteForce: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				Signups: &model.ConfigRateLimit{
+					Limit:    10,
+					Interval: "5m",
+				},
+				Global: &model.ConfigRateLimit{
+					Limit:    100,
+					Interval: "15m",
+				},
+			},
 			Method: &model.ConfigAuthMethod{
 				Anonymous: &model.ConfigAuthMethodAnonymous{
 					Enabled: ptr(true),
@@ -224,6 +246,7 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx
 			Node: &model.ConfigFunctionsNode{
 				Version: ptr(18),
 			},
+			RateLimit: nil,
 			Resources: &model.ConfigFunctionsResources{
 				Networking: &model.ConfigNetworking{
 					Ingresses: []*model.ConfigIngress{
@@ -235,6 +258,7 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx
 			},
 		},
 		Hasura: &model.ConfigHasura{
+			RateLimit: nil,
 			Resources: &model.ConfigResources{
 				Compute: &model.ConfigResourcesCompute{
 					Cpu:    1000,
@@ -315,6 +339,7 @@ func getConfig() *model.ConfigConfig { //nolint:maintidx
 			},
 		},
 		Storage: &model.ConfigStorage{
+			RateLimit: nil,
 			Resources: &model.ConfigResources{
 				Compute: &model.ConfigResourcesCompute{
 					Cpu:    500,

go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/google/uuid v1.6.0
 	github.com/hashicorp/go-getter v1.7.5
-	github.com/nhost/be v0.0.0-20240806070711-58ddcca3b692
+	github.com/nhost/be v0.0.0-20240820101832-63c0798e013b
 	github.com/pelletier/go-toml/v2 v2.2.2
 	github.com/rs/cors/wrapper/gin v0.0.0-20240515105523-1562b1715b35
 	github.com/sirupsen/logrus v1.9.3

go.sum

@@ -513,6 +513,8 @@ github.com/nhost/be v0.0.0-20240803071828-881aaa1f7511 h1:Qtm86sqEG50dZzz+7wtpCl
 github.com/nhost/be v0.0.0-20240803071828-881aaa1f7511/go.mod h1:iNulO8zDQ+jslaNRAm5NKY0W7sJeQ4INvQdS0AEN06w=
 github.com/nhost/be v0.0.0-20240806070711-58ddcca3b692 h1:KtBE/qk42z4WUIpYb0jMKZz1mQrcxdenHrpL2Gg89FI=
 github.com/nhost/be v0.0.0-20240806070711-58ddcca3b692/go.mod h1:iNulO8zDQ+jslaNRAm5NKY0W7sJeQ4INvQdS0AEN06w=
+github.com/nhost/be v0.0.0-20240820101832-63c0798e013b h1:ZCrX/vGfhnhx5HvjUJUbmKG+6+1yj0FLLbJ+5N1/FYo=
+github.com/nhost/be v0.0.0-20240820101832-63c0798e013b/go.mod h1:iNulO8zDQ+jslaNRAm5NKY0W7sJeQ4INvQdS0AEN06w=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
 github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=