feat(convex): authenticate and rate limit for tasks.add

+ general enhancements

Author: NamesMT

apps/backend-convex/convex/_generated/api.d.ts

@@ -8,13 +8,15 @@
  * @module
  */
 
+import type * as authInfo from "../authInfo.js";
+import type * as crons from "../crons.js";
+import type * as tasks from "../tasks.js";
+
 import type {
   ApiFromModules,
   FilterApi,
   FunctionReference,
 } from "convex/server";
-import type * as authInfo from "../authInfo.js";
-import type * as tasks from "../tasks.js";
 
 /**
  * A utility for referencing Convex functions in your app's API.
@@ -26,13 +28,163 @@ import type * as tasks from "../tasks.js";
  */
 declare const fullApi: ApiFromModules<{
   authInfo: typeof authInfo;
+  crons: typeof crons;
   tasks: typeof tasks;
 }>;
+declare const fullApiWithMounts: typeof fullApi;
+
 export declare const api: FilterApi<
-  typeof fullApi,
+  typeof fullApiWithMounts,
   FunctionReference<any, "public">
 >;
 export declare const internal: FilterApi<
-  typeof fullApi,
+  typeof fullApiWithMounts,
   FunctionReference<any, "internal">
 >;
+
+export declare const components: {
+  rateLimiter: {
+    lib: {
+      checkRateLimit: FunctionReference<
+        "query",
+        "internal",
+        {
+          config:
+            | {
+                capacity?: number;
+                kind: "token bucket";
+                maxReserved?: number;
+                period: number;
+                rate: number;
+                shards?: number;
+              }
+            | {
+                capacity?: number;
+                kind: "fixed window";
+                maxReserved?: number;
+                period: number;
+                rate: number;
+                shards?: number;
+                start?: number;
+              };
+          count?: number;
+          key?: string;
+          name: string;
+          reserve?: boolean;
+          throws?: boolean;
+        },
+        { ok: true; retryAfter?: number } | { ok: false; retryAfter: number }
+      >;
+      clearAll: FunctionReference<
+        "mutation",
+        "internal",
+        { before?: number },
+        null
+      >;
+      rateLimit: FunctionReference<
+        "mutation",
+        "internal",
+        {
+          config:
+            | {
+                capacity?: number;
+                kind: "token bucket";
+                maxReserved?: number;
+                period: number;
+                rate: number;
+                shards?: number;
+              }
+            | {
+                capacity?: number;
+                kind: "fixed window";
+                maxReserved?: number;
+                period: number;
+                rate: number;
+                shards?: number;
+                start?: number;
+              };
+          count?: number;
+          key?: string;
+          name: string;
+          reserve?: boolean;
+          throws?: boolean;
+        },
+        { ok: true; retryAfter?: number } | { ok: false; retryAfter: number }
+      >;
+      resetRateLimit: FunctionReference<
+        "mutation",
+        "internal",
+        { key?: string; name: string },
+        null
+      >;
+    };
+    public: {
+      checkRateLimit: FunctionReference<
+        "query",
+        "internal",
+        {
+          config:
+            | {
+                capacity?: number;
+                kind: "token bucket";
+                maxReserved?: number;
+                period: number;
+                rate: number;
+                shards?: number;
+              }
+            | {
+                capacity?: number;
+                kind: "fixed window";
+                maxReserved?: number;
+                period: number;
+                rate: number;
+                shards?: number;
+                start?: number;
+              };
+          count?: number;
+          key?: string;
+          name: string;
+          reserve?: boolean;
+          throws?: boolean;
+        },
+        { ok: true; retryAfter?: number } | { ok: false; retryAfter: number }
+      >;
+      rateLimit: FunctionReference<
+        "mutation",
+        "internal",
+        {
+          config:
+            | {
+                capacity?: number;
+                kind: "token bucket";
+                maxReserved?: number;
+                period: number;
+                rate: number;
+                shards?: number;
+              }
+            | {
+                capacity?: number;
+                kind: "fixed window";
+                maxReserved?: number;
+                period: number;
+                rate: number;
+                shards?: number;
+                start?: number;
+              };
+          count?: number;
+          key?: string;
+          name: string;
+          reserve?: boolean;
+          throws?: boolean;
+        },
+        { ok: true; retryAfter?: number } | { ok: false; retryAfter: number }
+      >;
+      resetRateLimit: FunctionReference<
+        "mutation",
+        "internal",
+        { key?: string; name: string },
+        null
+      >;
+    };
+  };
+};

apps/backend-convex/convex/_generated/api.js

@@ -8,7 +8,7 @@
  * @module
  */
 
-import { anyApi } from "convex/server";
+import { anyApi, componentsGeneric } from "convex/server";
 
 /**
  * A utility for referencing Convex functions in your app's API.
@@ -20,3 +20,4 @@ import { anyApi } from "convex/server";
  */
 export const api = anyApi;
 export const internal = anyApi;
+export const components = componentsGeneric();

apps/backend-convex/convex/_generated/server.d.ts

@@ -10,6 +10,7 @@
 
 import {
   ActionBuilder,
+  AnyComponents,
   HttpActionBuilder,
   MutationBuilder,
   QueryBuilder,
@@ -18,9 +19,15 @@ import {
   GenericQueryCtx,
   GenericDatabaseReader,
   GenericDatabaseWriter,
+  FunctionReference,
 } from "convex/server";
 import type { DataModel } from "./dataModel.js";
 
+type GenericCtx =
+  | GenericActionCtx<DataModel>
+  | GenericMutationCtx<DataModel>
+  | GenericQueryCtx<DataModel>;
+
 /**
  * Define a query in this Convex app's public API.
  *

apps/backend-convex/convex/_generated/server.js

@@ -16,6 +16,7 @@ import {
   internalActionGeneric,
   internalMutationGeneric,
   internalQueryGeneric,
+  componentsGeneric,
 } from "convex/server";
 
 /**

apps/backend-convex/convex/convex.config.ts

@@ -0,0 +1,7 @@
+import rateLimiter from '@convex-dev/rate-limiter/convex.config'
+import { defineApp } from 'convex/server'
+
+const app: ReturnType<typeof defineApp> = defineApp()
+app.use(rateLimiter)
+
+export default app

apps/backend-convex/convex/crons.ts

@@ -0,0 +1,12 @@
+import { cronJobs } from 'convex/server'
+import { internal } from './_generated/api'
+
+const crons = cronJobs()
+
+crons.interval(
+  'clear tasks table',
+  { minutes: 10 }, // every 10 minutes
+  internal.tasks.clearAll,
+)
+
+export default crons

apps/backend-convex/convex/tasks.ts

@@ -1,5 +1,11 @@
+import { MINUTE, RateLimiter } from '@convex-dev/rate-limiter'
 import { v } from 'convex/values'
-import { mutation, query } from './_generated/server'
+import { components } from './_generated/api'
+import { internalMutation, mutation, query } from './_generated/server'
+
+const rateLimiter = new RateLimiter(components.rateLimiter, {
+  addTask: { kind: 'token bucket', rate: 10, period: MINUTE, capacity: 3 },
+})
 
 export const get = query({
   args: {},
@@ -13,6 +19,20 @@ export const add = mutation({
     text: v.string(),
   },
   handler: async (ctx, args) => {
+    const userIdentity = await ctx.auth.getUserIdentity()
+    if (userIdentity === null)
+      throw new Error('Not authenticated')
+
+    await rateLimiter.limit(ctx, 'addTask', { key: userIdentity.subject, throws: true })
+
     return await ctx.db.insert('tasks', { text: args.text })
   },
 })
+
+export const clearAll = internalMutation({
+  args: {},
+  handler: async (ctx) => {
+    const tasks = await ctx.db.query('tasks').collect()
+    await Promise.all(tasks.map(task => ctx.db.delete(task._id)))
+  },
+})

apps/backend-convex/package.json

@@ -16,6 +16,9 @@
     "_deploy": "convex deploy -y",
     "predev": "convex dev --once"
   },
+  "dependencies": {
+    "@convex-dev/rate-limiter": "^0.2.7"
+  },
   "devDependencies": {
     "@local/common": "workspace:*",
     "@local/locales": "workspace:*",

apps/frontend/app/components/ConvexIntegrationTest.vue

@@ -13,16 +13,21 @@ const taskInputRef = ref('')
 
 async function addTask() {
   await mutateAddTask({ text: taskInputRef.value })
-    .then(() => { taskInputRef.value = '' })
+    .then((r) => {
+      if ('error' in r && r.error)
+        return toast.add({ severity: 'error', detail: r.error.message, life: 10000 })
+
+      taskInputRef.value = ''
+    })
 }
 
 const isFetchingTasks = ref(false)
 async function testConvexViaBackendTasksCTA() {
   isFetchingTasks.value = true
 
   await hcParse($apiClient.api.dummy.convexTasks.$get())
-    .then(r => toast.add({ detail: r.map(t => t.text).join('\n') }))
-    .catch(e => toast.add({ severity: 'error', detail: e.message }))
+    .then(r => toast.add({ detail: r.map(t => t.text).join('\n'), life: 5000 }))
+    .catch(e => toast.add({ severity: 'error', detail: e.message, life: 10000 }))
 
   isFetchingTasks.value = false
 }
@@ -33,7 +38,7 @@ async function testConvexViaBackendTasksCTA() {
     <div>
       {{ $t('components.convexIntegrationTest.configuredUrl') }}: <code class="rounded bg-gray-100 px-1 py-0.5 text-base dark:bg-gray-800">{{ convexClient.client.url }}</code>
     </div>
-    <div>{{ $t('components.convexIntegrationTest.authInfo') }}: <pre class="max-w-full w-full overflow-x-auto rounded bg-black p-2 px-4 text-left text-xs text-white">{{ authInfo }}</pre></div>
+    <div>{{ $t('components.convexIntegrationTest.authInfo') }}: <pre class="max-w-full w-full overflow-x-auto rounded bg-black p-2 px-4 text-left text-xs text-white">{{ authInfo ?? 'Not authenticated' }}</pre></div>
   </div>
   <div class="max-w-md w-full flex flex-col gap-5">
     <IftaLabel class="w-full">