fix(server): skip throttle for currentUser (#6700)

2026-02-12 12:28:42 +00:00 · 2024-04-25 09:45:30 +00:00
parent 6237bf18ab
commit 3297486e31
5 changed files with 45 additions and 21 deletions
--- a/packages/backend/server/src/core/auth/resolver.ts
+++ b/packages/backend/server/src/core/auth/resolver.ts
@@ -12,7 +12,7 @@ import {
 } from '@nestjs/graphql';
 import type { Request, Response } from 'express';

-import { Config, Throttle } from '../../fundamentals';
+import { Config, SkipThrottle, Throttle } from '../../fundamentals';
 import { UserService } from '../user';
 import { UserType } from '../user/types';
 import { validators } from '../utils/validators';
@@ -33,12 +33,6 @@ export class ClientTokenType {
  sessionToken?: string;
 }

-/**
- * Auth resolver
- * Token rate limit: 20 req/m
- * Sign up/in rate limit: 10 req/m
- * Other rate limit: 5 req/m
- */
@Throttle('strict')
@Resolver(() => UserType)
 export class AuthResolver {
@@ -49,6 +43,7 @@ export class AuthResolver {
    private readonly token: TokenService
  ) {}

+  @SkipThrottle()
  @Public()
  @Query(() => UserType, {
    name: 'currentUser',
--- a/packages/backend/server/src/fundamentals/index.ts
+++ b/packages/backend/server/src/fundamentals/index.ts
@@ -27,7 +27,7 @@ export {
 export type { PrismaTransaction } from './prisma';
 export * from './storage';
 export { type StorageProvider, StorageProviderFactory } from './storage';
-export { CloudThrottlerGuard, Throttle } from './throttler';
+export { CloudThrottlerGuard, SkipThrottle, Throttle } from './throttler';
 export {
  getRequestFromHost,
  getRequestResponseFromContext,
--- a/packages/backend/server/src/fundamentals/throttler/decorators.ts
+++ b/packages/backend/server/src/fundamentals/throttler/decorators.ts
@@ -1,7 +1,7 @@
 import { applyDecorators, SetMetadata } from '@nestjs/common';
 import { SkipThrottle, Throttle as RawThrottle } from '@nestjs/throttler';

-export type Throttlers = 'default' | 'strict';
+export type Throttlers = 'default' | 'strict' | 'authenticated';
 export const THROTTLER_PROTECTED = 'affine_throttler:protected';

 /**
@@ -10,8 +10,9 @@ export const THROTTLER_PROTECTED = 'affine_throttler:protected';
 * If a Controller or Query do not protected behind a Throttler,
 * it will never be rate limited.
 *
- * - Ease: 120 calls within 60 seconds
- * - Strict: 10 calls within 60 seconds
+ * - default: 120 calls within 60 seconds
+ * - strict: 10 calls within 60 seconds
+ * - authenticated: no rate limit for authenticated users, apply [default] throttler for unauthenticated users
 *
 * @example
 *
--- a/packages/backend/server/src/fundamentals/throttler/index.ts
+++ b/packages/backend/server/src/fundamentals/throttler/index.ts
@@ -166,10 +166,12 @@ export class CloudThrottlerGuard extends ThrottlerGuard {
  }

  getSpecifiedThrottler(context: ExecutionContext) {
-    return this.reflector.getAllAndOverride<Throttlers | undefined>(
+    const throttler = this.reflector.getAllAndOverride<Throttlers | undefined>(
      THROTTLER_PROTECTED,
      [context.getHandler(), context.getClass()]
    );
+
+    return throttler === 'authenticated' ? undefined : throttler;
  }
 }