Merge pull request #195 from bigcapitalhq/api-rate-env-vars

fix: expose the rate limit to the env variables

.env.example

@@ -47,3 +47,6 @@ AGENDASH_AUTH_PASSWORD=123123
 SIGNUP_DISABLED=false
 SIGNUP_ALLOWED_DOMAINS=
 SIGNUP_ALLOWED_EMAILS=
+
+# API rate limit (points,duration,block duration).
+API_RATE_LIMIT=120,60,600

packages/server/src/config/index.ts

@@ -1,9 +1,12 @@
 import dotenv from 'dotenv';
 import path from 'path';
+import { toInteger } from 'lodash';
 import { castCommaListEnvVarToArray, parseBoolean } from '@/utils';
 
 dotenv.config();
 
+const API_RATE_LIMIT = process.env.API_RATE_LIMIT?.split(',') || [];
+
 module.exports = {
   /**
    * Your favorite port
@@ -97,7 +100,7 @@ module.exports = {
   jwtSecret: process.env.JWT_SECRET,
 
   /**
-   * 
+   *
    */
   resetPasswordSeconds: 600,
 
@@ -130,9 +133,9 @@ module.exports = {
       blockDuration: 60 * 15,
     },
     requests: {
-      points: 60,
-      duration: 60,
-      blockDuration: 60 * 10,
+      points: API_RATE_LIMIT[0] ? toInteger(API_RATE_LIMIT[0]) : 120,
+      duration: API_RATE_LIMIT[1] ? toInteger(API_RATE_LIMIT[1]) : 60,
+      blockDuration: API_RATE_LIMIT[2] ? toInteger(API_RATE_LIMIT[2]) : 60 * 10,
     },
   },
 

packages/webapp/src/containers/GlobalErrors/GlobalErrors.tsx

@@ -9,6 +9,7 @@ import { compose } from '@/utils';
 
 let toastKeySessionExpired;
 let toastKeySomethingWrong;
+let toastTooManyRequests;
 
 function GlobalErrors({
   // #withGlobalErrors
@@ -41,6 +42,18 @@ function GlobalErrors({
       toastKeySomethingWrong,
     );
   }
+  if (globalErrors.too_many_requests) {
+    toastTooManyRequests = AppToaster.show(
+      {
+        message: intl.get('global_error.too_many_requests'),
+        intent: Intent.DANGER,
+        onDismiss: () => {
+          globalErrorsSet({ too_many_requests: false });
+        },
+      },
+      toastTooManyRequests,
+    );
+  }
   if (globalErrors.access_denied) {
     toastKeySomethingWrong = AppToaster.show(
       {

packages/webapp/src/hooks/useRequest.tsx

@@ -60,6 +60,9 @@ export default function useApiRequest() {
         if (status === 403) {
           setGlobalErrors({ access_denied: true });
         }
+        if (status === 429) {
+          setGlobalErrors({ too_many_requests: true });
+        }
         if (status === 400) {
           const lockedError = data.errors.find(
             (error) => error.type === 'TRANSACTIONS_DATE_LOCKED',

packages/webapp/src/lang/en/index.json

@@ -2292,5 +2292,6 @@
   "sidebar.projects": "Projects",
   "sidebar.new_project": "New Project",
   "sidebar.new_time_entry": "New Time Entry",
-  "sidebar.project_profitability_summary": "Project Profitability Summary"
+  "sidebar.project_profitability_summary": "Project Profitability Summary",
+  "global_error.too_many_requests": "Too many requests"
 }

packages/webapp/src/style/components/BigcapitalLoading.scss

@@ -1,10 +1,12 @@
+@import '@/style/variables.scss';
+
 .bigcapital-loading {
   height: 100%;
   width: 100%;
   position: fixed;
   display: flex;
   background: #fff;
-  z-index: 999999;
+  z-index: $zindex-dashboard-splash-screen;
 
   .center {
     width: auto;
@@ -18,4 +20,4 @@
     opacity: 0.85;
     display: none;
   }
-}
+}

packages/webapp/src/style/variables.scss

@@ -45,3 +45,7 @@ $form-check-input-checked-color: #fff;
 $form-check-input-checked-bg-color: $blue1;
 $form-check-input-checked-bg-image: url("data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x='0px' y='0px' viewBox='0 0 16 16' enable-background='new 0 0 16 16' xml:space='preserve'><g id='small_tick_1_'><g><path fill='#{$form-check-input-checked-color}' fill-rule='evenodd' clip-rule='evenodd' d='M12,5c-0.28,0-0.53,0.11-0.71,0.29L7,9.59L4.71,7.29C4.53,7.11,4.28,7,4,7C3.45,7,3,7.45,3,8c0,0.28,0.11,0.53,0.29,0.71l3,3C6.47,11.89,6.72,12,7,12s0.53-0.11,0.71-0.29l5-5C12.89,6.53,13,6.28,13,6C13,5.45,12.55,5,12,5z'/></g></g></svg>") !default;
 $form-check-input-indeterminate-bg-image: url("data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' x='0px' y='0px' viewBox='0 0 16 16' enable-background='new 0 0 16 16' xml:space='preserve'><g id='small_tick_1_'><g><path fill='#{$form-check-input-checked-color}' fill-rule='evenodd' clip-rule='evenodd' d='M11,7H5C4.45,7,4,7.45,4,8c0,0.55,0.45,1,1,1h6c0.55,0,1-0.45,1-1C12,7.45,11.55,7,11,7z'/></g></g></svg>") !default;
+
+// z-indexs
+$zindex-dashboard-splash-screen: 39;
+$zindex-toast: 40;