Page MenuHomePhabricator
Create Task
Maniphest T258824

Performance review of OAuthRateLimiter
Closed, ResolvedPublic
Actions

Description

Description

We are developing an API Portal/Gateway. The work is described by the API Gateway initiative.

As part of this project, we plan to use the OAuthRateLimiter extension to add rate limiter information to the OAuth token.

The extension holds a single database table with a mapping from OAuth client ID to the rate limit tier. The rate limits for different tiers are statically configured in mediawiki-config. The tiers are assigned to the clients via a maintenance script. Dynamic tiers and UI for tier management might be implemented later if needed.

The ratelimit claims for the client is supplied to the OAuth extension via a new hook. The OAuth extension adds the claims to the access token JWT as private claims, which is then used by the envoy API Gateway to supply to the ratelimit service.

Currently, the code depends on the fork of the oauth2-server library, which includes a single pull request which adds support for private claims. We're working with upstream to get the pull request accepted in the upstream library, and the need for the fork will eventually disappear.

Preview environment

(Insert one or more links to where the feature can be tested, e.g. on Beta Cluster.)

TODO

Which code to review

This task is a placeholder. I will update the description when the extension is ready for review.

Related Objects
Search...

Event Timeline

Clarakosi created this task.Jul 24 2020, 7:05 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 24 2020, 7:05 PM
Clarakosi renamed this task from Performance review of <Insert name of feature/service> to Performance review of OAuthRatelimiter.Jul 24 2020, 7:05 PM
Clarakosi added a parent task: T257607: Develop OAuthRateLimiter extension.Jul 24 2020, 7:08 PM
Reedy renamed this task from Performance review of OAuthRatelimiter to Performance review of OAuthRateLimiter.Jul 26 2020, 9:22 PM
Reedy updated the task description. (Show Details)
Clarakosi moved this task from Backlog to Blocked on the Platform Team Workboards (Green) board.Jul 28 2020, 6:55 PM
WDoranWMF added a project: Platform Team Sprints Board (Sprint 0).Jul 31 2020, 12:17 PM
Naike edited projects, added: Platform Team Sprints Board (Sprint 1); removed: Platform Team Sprints Board (Sprint 0).Aug 7 2020, 10:34 AM
Naike subscribed.Aug 10 2020, 5:55 AM

@Clarakosi - should someone on the security team be assigned to this ticket?

Aklapper added a comment.Aug 10 2020, 6:46 AM

Hi, this is about a performance review. For security reviews, see Application Security Reviews instead - thanks.

Gilles claimed this task.Aug 10 2020, 10:04 AM
Gilles moved this task from Inbox, needs triage to Doing (old) on the Performance-Team board.
Gilles closed this task as Resolved.Aug 10 2020, 10:17 AM

I've reviewed the patch, there is no performance concern with this new extension.

Naike moved this task from Blocked to Done on the Platform Team Workboards (Green) board.Aug 14 2020, 2:48 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits