feat(publish-quota): per user publishArticle quota

db/migrations/20240531164251_alter_user_add_publish_rate.js

@@ -0,0 +1,13 @@
+const table = 'user'
+
+exports.up = async (knex) => {
+  await knex.schema.table(table, (t) => {
+    t.jsonb('publish_rate')
+  })
+}
+
+exports.down = async (knex) => {
+  await knex.schema.table(table, (t) => {
+    t.dropColumn('publish_rate')
+  })
+}

schema.graphql

@@ -253,6 +253,9 @@ type Mutation {
   """Update state of a user, used in OSS."""
   updateUserRole(input: UpdateUserRoleInput!): User!
 
+  """Update allowed publish rate of a user, used in OSS."""
+  updateUserPublishRate(input: UpdateUserPublishRateInput!): User!
+
   """Update referralCode of a user, used in OSS."""
   updateUserExtra(input: UpdateUserExtraInput!): User!
 
@@ -2879,6 +2882,12 @@ input UpdateUserRoleInput {
   role: UserRole!
 }
 
+input UpdateUserPublishRateInput {
+  id: ID!
+  limit: Int!
+  period: Int!
+}
+
 input UpdateUserExtraInput {
   id: ID!
   referralCode: String

src/common/enums/user.ts

@@ -1,3 +1,5 @@
+import { isProd } from 'common/environment'
+
 export const USER_STATE = {
   frozen: 'frozen',
   active: 'active',
@@ -16,3 +18,6 @@ export const AUTHOR_TYPE = {
   default: 'default',
   trendy: 'trendy',
 } as const
+
+export const PUBLISH_ARTICLE_RATE_LIMIT = isProd ? 1 : 1000
+export const PUBLISH_ARTICLE_RATE_PERIOD = 720 // for 12 minutes;

src/common/utils/index.ts

@@ -25,6 +25,7 @@ export * from './genDisplayName'
 export * from './counter'
 export * from './verify'
 export * from './nanoid'
+export * from './rateLimit'
 
 /**
  * Make a valid user name based on a given email address. It removes all special characters including _.

src/common/utils/rateLimit.ts

@@ -0,0 +1,64 @@
+import type { Redis } from 'ioredis'
+
+import { CACHE_PREFIX } from 'common/enums'
+import { genCacheKey } from 'connectors'
+
+export const checkOperationLimit = async ({
+  user,
+  operation,
+  limit,
+  period,
+  redis,
+}: {
+  user: string
+  operation: string
+  limit: number
+  period: number
+  redis: Redis
+}) => {
+  const cacheKey = genCacheKey({
+    id: user,
+    field: operation,
+    prefix: CACHE_PREFIX.OPERATION_LOG,
+  })
+
+  const operationLog = await redis.lrange(cacheKey, 0, -1)
+
+  // timestamp in seconds
+  const current = Math.floor(Date.now() / 1000)
+
+  // no record
+  if (!operationLog) {
+    // create
+    redis.lpush(cacheKey, current).then(() => {
+      redis.expire(cacheKey, period)
+    })
+
+    // pass
+    return true
+  }
+
+  // count times within period
+  const cutoff = current - period
+  let times = 0
+  for (const timestamp of operationLog) {
+    if (parseInt(timestamp, 10) >= cutoff) {
+      times += 1
+    } else {
+      break
+    }
+  }
+
+  // over limit
+  if (times >= limit) {
+    return false
+  }
+
+  // add, trim, update expiration
+  redis.lpush(cacheKey, current)
+  redis.ltrim(cacheKey, 0, times)
+  redis.expire(cacheKey, period)
+
+  // pass
+  return true
+}

src/definitions/schema.d.ts

@@ -1736,6 +1736,8 @@ export type GQLMutation = {
   updateUserExtra: GQLUser
   /** Update user information. */
   updateUserInfo: GQLUser
+  /** Update allowed publish rate of a user, used in OSS. */
+  updateUserPublishRate: GQLUser
   /** Update state of a user, used in OSS. */
   updateUserRole: GQLUser
   /** Update state of a user, used in OSS. */
@@ -2108,6 +2110,10 @@ export type GQLMutationUpdateUserInfoArgs = {
   input: GQLUpdateUserInfoInput
 }
 
+export type GQLMutationUpdateUserPublishRateArgs = {
+  input: GQLUpdateUserPublishRateInput
+}
+
 export type GQLMutationUpdateUserRoleArgs = {
   input: GQLUpdateUserRoleInput
 }
@@ -3468,6 +3474,12 @@ export type GQLUpdateUserInfoInput = {
   userName?: InputMaybe<Scalars['String']['input']>
 }
 
+export type GQLUpdateUserPublishRateInput = {
+  id: Scalars['ID']['input']
+  limit: Scalars['Int']['input']
+  period: Scalars['Int']['input']
+}
+
 export type GQLUpdateUserRoleInput = {
   id: Scalars['ID']['input']
   role: GQLUserRole
@@ -4658,6 +4670,7 @@ export type GQLResolversTypes = ResolversObject<{
   UpdateTagSettingType: GQLUpdateTagSettingType
   UpdateUserExtraInput: GQLUpdateUserExtraInput
   UpdateUserInfoInput: GQLUpdateUserInfoInput
+  UpdateUserPublishRateInput: GQLUpdateUserPublishRateInput
   UpdateUserRoleInput: GQLUpdateUserRoleInput
   UpdateUserStateInput: GQLUpdateUserStateInput
   Upload: ResolverTypeWrapper<Scalars['Upload']['output']>
@@ -5098,6 +5111,7 @@ export type GQLResolversParentTypes = ResolversObject<{
   UpdateTagSettingInput: GQLUpdateTagSettingInput
   UpdateUserExtraInput: GQLUpdateUserExtraInput
   UpdateUserInfoInput: GQLUpdateUserInfoInput
+  UpdateUserPublishRateInput: GQLUpdateUserPublishRateInput
   UpdateUserRoleInput: GQLUpdateUserRoleInput
   UpdateUserStateInput: GQLUpdateUserStateInput
   Upload: Scalars['Upload']['output']
@@ -7322,6 +7336,12 @@ export type GQLMutationResolvers<
     ContextType,
     RequireFields<GQLMutationUpdateUserInfoArgs, 'input'>
   >
+  updateUserPublishRate?: Resolver<
+    GQLResolversTypes['User'],
+    ParentType,
+    ContextType,
+    RequireFields<GQLMutationUpdateUserPublishRateArgs, 'input'>
+  >
   updateUserRole?: Resolver<
     GQLResolversTypes['User'],
     ParentType,

src/definitions/user.d.ts

@@ -30,6 +30,7 @@ interface UserBase {
   currency: 'HKD' | 'TWD' | 'USD' | null
   profileCover?: string
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  publishRate: any | null // jsonb saved here
   extra: any | null // jsonb saved here
   remark: string | null
   createdAt: Date

src/mutations/article/publishArticle.ts

@@ -1,13 +1,19 @@
 import type { GQLMutationResolvers } from 'definitions'
 
-import { PUBLISH_STATE, USER_STATE } from 'common/enums'
 import {
+  PUBLISH_ARTICLE_RATE_LIMIT,
+  PUBLISH_ARTICLE_RATE_PERIOD,
+  PUBLISH_STATE,
+  USER_STATE,
+} from 'common/enums'
+import {
+  ActionLimitExceededError,
   DraftNotFoundError,
   ForbiddenByStateError,
   ForbiddenError,
   UserInputError,
 } from 'common/errors'
-import { fromGlobalId } from 'common/utils'
+import { checkOperationLimit, fromGlobalId } from 'common/utils'
 
 const resolver: GQLMutationResolvers['publishArticle'] = async (
   _,
@@ -18,6 +24,7 @@ const resolver: GQLMutationResolvers['publishArticle'] = async (
       draftService,
       atomService,
       queues: { publicationQueue },
+      connections: { redis },
     },
   }
 ) => {
@@ -50,6 +57,21 @@ const resolver: GQLMutationResolvers['publishArticle'] = async (
     throw new UserInputError('content is required')
   }
 
+  const fieldName = 'publishArticle'
+  const pass = await checkOperationLimit({
+    user: viewer.id || viewer.ip,
+    operation: fieldName,
+    limit: viewer?.publishRate?.limit ?? PUBLISH_ARTICLE_RATE_LIMIT,
+    period: viewer?.publishRate?.period ?? PUBLISH_ARTICLE_RATE_PERIOD,
+    redis, // : connections.redis,
+  })
+
+  if (!pass) {
+    throw new ActionLimitExceededError(
+      `rate exceeded for operation ${fieldName}`
+    )
+  }
+
   if (
     draft.publishState === PUBLISH_STATE.pending ||
     (draft.archived && isPublished)

src/mutations/user/index.ts

@@ -31,6 +31,7 @@ import unbindLikerId from './unbindLikerId'
 import updateNotificationSetting from './updateNotificationSetting'
 import updateUserExtra from './updateUserExtra'
 import updateUserInfo from './updateUserInfo'
+import updateUserPublishRate from './updateUserPublishRate'
 import updateUserRole from './updateUserRole'
 import updateUserState from './updateUserState'
 import userLogin from './userLogin'
@@ -68,6 +69,7 @@ export default {
     updateUserState,
     updateUserRole,
     updateUserExtra,
+    updateUserPublishRate,
     setEmail,
     setUserName,
     setPassword,

src/mutations/user/updateUserPublishRate.ts

@@ -0,0 +1,34 @@
+import type { GQLMutationResolvers } from 'definitions'
+
+import _isEmpty from 'lodash/isEmpty'
+
+import { UserInputError } from 'common/errors'
+import { fromGlobalId } from 'common/utils'
+
+const resolver: GQLMutationResolvers['updateUserPublishRate'] = async (
+  _,
+  { input: { id, limit, period } },
+  { dataSources: { atomService } }
+) => {
+  const { id: dbId } = fromGlobalId(id)
+
+  // validate data ranges?
+  const publishRate = {
+    limit,
+    period,
+  }
+
+  if (_isEmpty(publishRate)) {
+    throw new UserInputError('bad request')
+  }
+
+  const user = await atomService.update({
+    table: 'user',
+    where: { id: dbId },
+    data: { publishRate },
+  })
+
+  return user
+}
+
+export default resolver

src/types/__test__/1/article.test.ts

@@ -279,6 +279,30 @@ describe('publish article', () => {
     expect(publishState).toBe(PUBLISH_STATE.pending)
     expect(article).toBeNull()
   })
+  test('publish again should trigger rate limit', async () => {
+    jest.setTimeout(10000)
+    const draft = {
+      title: Math.random().toString(),
+      content: Math.random().toString(),
+    }
+    const { id } = await putDraft({ draft }, connections)
+    const { publishState, article } = await publishArticle({ id }, connections)
+    expect(publishState).toBe(PUBLISH_STATE.pending)
+    expect(article).toBeNull()
+
+    const { id: nextDraftId } = await putDraft(
+      {
+        draft: {
+          title: Math.random().toString(),
+          content: Math.random().toString(),
+        },
+      },
+      connections
+    )
+    const res2Publish = await publishArticle({ id }, connections)
+    expect(res2Publish.publishState).toBe(PUBLISH_STATE.pending)
+    expect(res2Publish.article).toBeNull()
+  })
 
   test('create a draft & publish with iscn', async () => {
     jest.setTimeout(10000)

src/types/article.ts

@@ -1,7 +1,7 @@
 import { AUTH_MODE, CACHE_TTL, NODE_TYPES, SCOPE_GROUP } from 'common/enums'
 import { isProd } from 'common/environment'
 
-const PUBLISH_ARTICLE_RATE_LIMIT = isProd ? 1 : 100
+const PUBLISH_ARTICLE_RATE_LIMIT = isProd ? 10 : 1000
 
 export default /* GraphQL */ `
   extend type Query {
@@ -13,7 +13,7 @@ export default /* GraphQL */ `
     #   Article  #
     ##############
     "Publish an article onto IPFS."
-    publishArticle(input: PublishArticleInput!): Draft! @auth(mode: "${AUTH_MODE.oauth}", group: "${SCOPE_GROUP.level2}") @purgeCache(type: "${NODE_TYPES.Draft}") @rateLimit(limit:${PUBLISH_ARTICLE_RATE_LIMIT}, period:720)
+    publishArticle(input: PublishArticleInput!): Draft! @auth(mode: "${AUTH_MODE.oauth}", group: "${SCOPE_GROUP.level2}") @purgeCache(type: "${NODE_TYPES.Draft}") @rateLimit(limit:${PUBLISH_ARTICLE_RATE_LIMIT}, period:7200)
 
     "Edit an article."
     editArticle(input: EditArticleInput!): Article! @auth(mode: "${AUTH_MODE.oauth}", group: "${SCOPE_GROUP.level3}") @purgeCache(type: "${NODE_TYPES.Article}")